[Midnightbsd-cvs] src [6868] vendor-crypto/openssl/dist: OpenSSL 0.9.8zb
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Oct 12 16:30:01 EDT 2014
Revision: 6868
http://svnweb.midnightbsd.org/src/?rev=6868
Author: laffer1
Date: 2014-10-12 16:29:54 -0400 (Sun, 12 Oct 2014)
Log Message:
-----------
OpenSSL 0.9.8zb
Added Paths:
-----------
vendor-crypto/openssl/dist/
vendor-crypto/openssl/dist/ACKNOWLEDGMENTS
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/CHANGES.SSLeay
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FAQ
vendor-crypto/openssl/dist/INSTALL
vendor-crypto/openssl/dist/INSTALL.DJGPP
vendor-crypto/openssl/dist/INSTALL.VMS
vendor-crypto/openssl/dist/LICENSE
vendor-crypto/openssl/dist/Makefile
vendor-crypto/openssl/dist/Makefile.bak
vendor-crypto/openssl/dist/Makefile.org
vendor-crypto/openssl/dist/Makefile.shared
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/PROBLEMS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/README.ASN1
vendor-crypto/openssl/dist/README.ENGINE
vendor-crypto/openssl/dist/VMS/
vendor-crypto/openssl/dist/VMS/TODO
vendor-crypto/openssl/dist/VMS/VMSify-conf.pl
vendor-crypto/openssl/dist/VMS/WISHLIST.TXT
vendor-crypto/openssl/dist/VMS/install.com
vendor-crypto/openssl/dist/VMS/mkshared.com
vendor-crypto/openssl/dist/VMS/multinet_shr.opt
vendor-crypto/openssl/dist/VMS/openssl_utils.com
vendor-crypto/openssl/dist/VMS/socketshr_shr.opt
vendor-crypto/openssl/dist/VMS/tcpip_shr_decc.opt
vendor-crypto/openssl/dist/VMS/test-includes.com
vendor-crypto/openssl/dist/VMS/ucx_shr_decc.opt
vendor-crypto/openssl/dist/VMS/ucx_shr_decc_log.opt
vendor-crypto/openssl/dist/VMS/ucx_shr_vaxc.opt
vendor-crypto/openssl/dist/apps/
vendor-crypto/openssl/dist/apps/CA.com
vendor-crypto/openssl/dist/apps/CA.pl
vendor-crypto/openssl/dist/apps/CA.pl.in
vendor-crypto/openssl/dist/apps/CA.sh
vendor-crypto/openssl/dist/apps/Makefile
vendor-crypto/openssl/dist/apps/app_rand.c
vendor-crypto/openssl/dist/apps/apps.c
vendor-crypto/openssl/dist/apps/apps.h
vendor-crypto/openssl/dist/apps/asn1pars.c
vendor-crypto/openssl/dist/apps/ca-cert.srl
vendor-crypto/openssl/dist/apps/ca-key.pem
vendor-crypto/openssl/dist/apps/ca-req.pem
vendor-crypto/openssl/dist/apps/ca.c
vendor-crypto/openssl/dist/apps/cert.pem
vendor-crypto/openssl/dist/apps/ciphers.c
vendor-crypto/openssl/dist/apps/client.pem
vendor-crypto/openssl/dist/apps/cms.c
vendor-crypto/openssl/dist/apps/crl.c
vendor-crypto/openssl/dist/apps/crl2p7.c
vendor-crypto/openssl/dist/apps/demoCA/
vendor-crypto/openssl/dist/apps/demoCA/cacert.pem
vendor-crypto/openssl/dist/apps/demoCA/index.txt
vendor-crypto/openssl/dist/apps/demoCA/private/
vendor-crypto/openssl/dist/apps/demoCA/private/cakey.pem
vendor-crypto/openssl/dist/apps/demoCA/serial
vendor-crypto/openssl/dist/apps/dgst.c
vendor-crypto/openssl/dist/apps/dh.c
vendor-crypto/openssl/dist/apps/dh1024.pem
vendor-crypto/openssl/dist/apps/dh2048.pem
vendor-crypto/openssl/dist/apps/dh4096.pem
vendor-crypto/openssl/dist/apps/dh512.pem
vendor-crypto/openssl/dist/apps/dhparam.c
vendor-crypto/openssl/dist/apps/dsa-ca.pem
vendor-crypto/openssl/dist/apps/dsa-pca.pem
vendor-crypto/openssl/dist/apps/dsa.c
vendor-crypto/openssl/dist/apps/dsa1024.pem
vendor-crypto/openssl/dist/apps/dsa512.pem
vendor-crypto/openssl/dist/apps/dsap.pem
vendor-crypto/openssl/dist/apps/dsaparam.c
vendor-crypto/openssl/dist/apps/ec.c
vendor-crypto/openssl/dist/apps/ecparam.c
vendor-crypto/openssl/dist/apps/enc.c
vendor-crypto/openssl/dist/apps/engine.c
vendor-crypto/openssl/dist/apps/errstr.c
vendor-crypto/openssl/dist/apps/gendh.c
vendor-crypto/openssl/dist/apps/gendsa.c
vendor-crypto/openssl/dist/apps/genrsa.c
vendor-crypto/openssl/dist/apps/install.com
vendor-crypto/openssl/dist/apps/makeapps.com
vendor-crypto/openssl/dist/apps/md4.c
vendor-crypto/openssl/dist/apps/nseq.c
vendor-crypto/openssl/dist/apps/ocsp.c
vendor-crypto/openssl/dist/apps/oid.cnf
vendor-crypto/openssl/dist/apps/openssl-vms.cnf
vendor-crypto/openssl/dist/apps/openssl.c
vendor-crypto/openssl/dist/apps/openssl.cnf
vendor-crypto/openssl/dist/apps/passwd.c
vendor-crypto/openssl/dist/apps/pca-cert.srl
vendor-crypto/openssl/dist/apps/pca-key.pem
vendor-crypto/openssl/dist/apps/pca-req.pem
vendor-crypto/openssl/dist/apps/pkcs12.c
vendor-crypto/openssl/dist/apps/pkcs7.c
vendor-crypto/openssl/dist/apps/pkcs8.c
vendor-crypto/openssl/dist/apps/prime.c
vendor-crypto/openssl/dist/apps/privkey.pem
vendor-crypto/openssl/dist/apps/progs.h
vendor-crypto/openssl/dist/apps/progs.pl
vendor-crypto/openssl/dist/apps/rand.c
vendor-crypto/openssl/dist/apps/req.c
vendor-crypto/openssl/dist/apps/req.pem
vendor-crypto/openssl/dist/apps/rsa.c
vendor-crypto/openssl/dist/apps/rsa8192.pem
vendor-crypto/openssl/dist/apps/rsautl.c
vendor-crypto/openssl/dist/apps/s1024key.pem
vendor-crypto/openssl/dist/apps/s1024req.pem
vendor-crypto/openssl/dist/apps/s512-key.pem
vendor-crypto/openssl/dist/apps/s512-req.pem
vendor-crypto/openssl/dist/apps/s_apps.h
vendor-crypto/openssl/dist/apps/s_cb.c
vendor-crypto/openssl/dist/apps/s_client.c
vendor-crypto/openssl/dist/apps/s_server.c
vendor-crypto/openssl/dist/apps/s_socket.c
vendor-crypto/openssl/dist/apps/s_time.c
vendor-crypto/openssl/dist/apps/server.pem
vendor-crypto/openssl/dist/apps/server.srl
vendor-crypto/openssl/dist/apps/server2.pem
vendor-crypto/openssl/dist/apps/sess_id.c
vendor-crypto/openssl/dist/apps/set/
vendor-crypto/openssl/dist/apps/set/set-g-ca.pem
vendor-crypto/openssl/dist/apps/set/set-m-ca.pem
vendor-crypto/openssl/dist/apps/set/set_b_ca.pem
vendor-crypto/openssl/dist/apps/set/set_c_ca.pem
vendor-crypto/openssl/dist/apps/set/set_d_ct.pem
vendor-crypto/openssl/dist/apps/set/set_root.pem
vendor-crypto/openssl/dist/apps/smime.c
vendor-crypto/openssl/dist/apps/speed.c
vendor-crypto/openssl/dist/apps/spkac.c
vendor-crypto/openssl/dist/apps/testCA.pem
vendor-crypto/openssl/dist/apps/testdsa.h
vendor-crypto/openssl/dist/apps/testrsa.h
vendor-crypto/openssl/dist/apps/timeouts.h
vendor-crypto/openssl/dist/apps/verify.c
vendor-crypto/openssl/dist/apps/version.c
vendor-crypto/openssl/dist/apps/winrand.c
vendor-crypto/openssl/dist/apps/x509.c
vendor-crypto/openssl/dist/bugs/
vendor-crypto/openssl/dist/bugs/MS
vendor-crypto/openssl/dist/bugs/SSLv3
vendor-crypto/openssl/dist/bugs/alpha.c
vendor-crypto/openssl/dist/bugs/dggccbug.c
vendor-crypto/openssl/dist/bugs/sgiccbug.c
vendor-crypto/openssl/dist/bugs/sslref.dif
vendor-crypto/openssl/dist/bugs/stream.c
vendor-crypto/openssl/dist/bugs/ultrixcc.c
vendor-crypto/openssl/dist/certs/
vendor-crypto/openssl/dist/certs/README.RootCerts
vendor-crypto/openssl/dist/certs/demo/
vendor-crypto/openssl/dist/certs/demo/ca-cert.pem
vendor-crypto/openssl/dist/certs/demo/dsa-ca.pem
vendor-crypto/openssl/dist/certs/demo/dsa-pca.pem
vendor-crypto/openssl/dist/certs/demo/pca-cert.pem
vendor-crypto/openssl/dist/certs/expired/
vendor-crypto/openssl/dist/certs/expired/ICE.crl
vendor-crypto/openssl/dist/config
vendor-crypto/openssl/dist/crypto/
vendor-crypto/openssl/dist/crypto/LPdir_nyi.c
vendor-crypto/openssl/dist/crypto/LPdir_unix.c
vendor-crypto/openssl/dist/crypto/LPdir_vms.c
vendor-crypto/openssl/dist/crypto/LPdir_win.c
vendor-crypto/openssl/dist/crypto/LPdir_win32.c
vendor-crypto/openssl/dist/crypto/LPdir_wince.c
vendor-crypto/openssl/dist/crypto/Makefile
vendor-crypto/openssl/dist/crypto/aes/
vendor-crypto/openssl/dist/crypto/aes/Makefile
vendor-crypto/openssl/dist/crypto/aes/README
vendor-crypto/openssl/dist/crypto/aes/aes.h
vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c
vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c
vendor-crypto/openssl/dist/crypto/aes/aes_core.c
vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c
vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c
vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
vendor-crypto/openssl/dist/crypto/aes/aes_locl.h
vendor-crypto/openssl/dist/crypto/aes/aes_misc.c
vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c
vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c
vendor-crypto/openssl/dist/crypto/aes/asm/
vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aes-ia64.S
vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
vendor-crypto/openssl/dist/crypto/asn1/
vendor-crypto/openssl/dist/crypto/asn1/Makefile
vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c
vendor-crypto/openssl/dist/crypto/asn1/a_bool.c
vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c
vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c
vendor-crypto/openssl/dist/crypto/asn1/a_digest.c
vendor-crypto/openssl/dist/crypto/asn1/a_dup.c
vendor-crypto/openssl/dist/crypto/asn1/a_enum.c
vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c
vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c
vendor-crypto/openssl/dist/crypto/asn1/a_int.c
vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c
vendor-crypto/openssl/dist/crypto/asn1/a_meth.c
vendor-crypto/openssl/dist/crypto/asn1/a_object.c
vendor-crypto/openssl/dist/crypto/asn1/a_octet.c
vendor-crypto/openssl/dist/crypto/asn1/a_print.c
vendor-crypto/openssl/dist/crypto/asn1/a_set.c
vendor-crypto/openssl/dist/crypto/asn1/a_sign.c
vendor-crypto/openssl/dist/crypto/asn1/a_strex.c
vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c
vendor-crypto/openssl/dist/crypto/asn1/a_time.c
vendor-crypto/openssl/dist/crypto/asn1/a_type.c
vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c
vendor-crypto/openssl/dist/crypto/asn1/a_verify.c
vendor-crypto/openssl/dist/crypto/asn1/asn1.h
vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c
vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h
vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c
vendor-crypto/openssl/dist/crypto/asn1/asn1t.h
vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c
vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c
vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c
vendor-crypto/openssl/dist/crypto/asn1/charmap.h
vendor-crypto/openssl/dist/crypto/asn1/charmap.pl
vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c
vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c
vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c
vendor-crypto/openssl/dist/crypto/asn1/f_enum.c
vendor-crypto/openssl/dist/crypto/asn1/f_int.c
vendor-crypto/openssl/dist/crypto/asn1/f_string.c
vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c
vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c
vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c
vendor-crypto/openssl/dist/crypto/asn1/nsseq.c
vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c
vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c
vendor-crypto/openssl/dist/crypto/asn1/p8_key.c
vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c
vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c
vendor-crypto/openssl/dist/crypto/asn1/t_crl.c
vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c
vendor-crypto/openssl/dist/crypto/asn1/t_req.c
vendor-crypto/openssl/dist/crypto/asn1/t_spki.c
vendor-crypto/openssl/dist/crypto/asn1/t_x509.c
vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c
vendor-crypto/openssl/dist/crypto/asn1/x_algor.c
vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c
vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c
vendor-crypto/openssl/dist/crypto/asn1/x_crl.c
vendor-crypto/openssl/dist/crypto/asn1/x_exten.c
vendor-crypto/openssl/dist/crypto/asn1/x_info.c
vendor-crypto/openssl/dist/crypto/asn1/x_long.c
vendor-crypto/openssl/dist/crypto/asn1/x_name.c
vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c
vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c
vendor-crypto/openssl/dist/crypto/asn1/x_req.c
vendor-crypto/openssl/dist/crypto/asn1/x_sig.c
vendor-crypto/openssl/dist/crypto/asn1/x_spki.c
vendor-crypto/openssl/dist/crypto/asn1/x_val.c
vendor-crypto/openssl/dist/crypto/asn1/x_x509.c
vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c
vendor-crypto/openssl/dist/crypto/bf/
vendor-crypto/openssl/dist/crypto/bf/COPYRIGHT
vendor-crypto/openssl/dist/crypto/bf/INSTALL
vendor-crypto/openssl/dist/crypto/bf/Makefile
vendor-crypto/openssl/dist/crypto/bf/README
vendor-crypto/openssl/dist/crypto/bf/VERSION
vendor-crypto/openssl/dist/crypto/bf/asm/
vendor-crypto/openssl/dist/crypto/bf/asm/bf-586.pl
vendor-crypto/openssl/dist/crypto/bf/asm/bf-686.pl
vendor-crypto/openssl/dist/crypto/bf/asm/readme
vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c
vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c
vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c
vendor-crypto/openssl/dist/crypto/bf/bf_enc.c
vendor-crypto/openssl/dist/crypto/bf/bf_locl.h
vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c
vendor-crypto/openssl/dist/crypto/bf/bf_opts.c
vendor-crypto/openssl/dist/crypto/bf/bf_pi.h
vendor-crypto/openssl/dist/crypto/bf/bf_skey.c
vendor-crypto/openssl/dist/crypto/bf/bfs.cpp
vendor-crypto/openssl/dist/crypto/bf/bfspeed.c
vendor-crypto/openssl/dist/crypto/bf/bftest.c
vendor-crypto/openssl/dist/crypto/bf/blowfish.h
vendor-crypto/openssl/dist/crypto/bio/
vendor-crypto/openssl/dist/crypto/bio/Makefile
vendor-crypto/openssl/dist/crypto/bio/b_dump.c
vendor-crypto/openssl/dist/crypto/bio/b_print.c
vendor-crypto/openssl/dist/crypto/bio/b_sock.c
vendor-crypto/openssl/dist/crypto/bio/bf_buff.c
vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c
vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c
vendor-crypto/openssl/dist/crypto/bio/bf_null.c
vendor-crypto/openssl/dist/crypto/bio/bio.h
vendor-crypto/openssl/dist/crypto/bio/bio_cb.c
vendor-crypto/openssl/dist/crypto/bio/bio_err.c
vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h
vendor-crypto/openssl/dist/crypto/bio/bio_lib.c
vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
vendor-crypto/openssl/dist/crypto/bio/bss_fd.c
vendor-crypto/openssl/dist/crypto/bio/bss_file.c
vendor-crypto/openssl/dist/crypto/bio/bss_log.c
vendor-crypto/openssl/dist/crypto/bio/bss_mem.c
vendor-crypto/openssl/dist/crypto/bio/bss_null.c
vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c
vendor-crypto/openssl/dist/crypto/bio/bss_sock.c
vendor-crypto/openssl/dist/crypto/bn/
vendor-crypto/openssl/dist/crypto/bn/Makefile
vendor-crypto/openssl/dist/crypto/bn/asm/
vendor-crypto/openssl/dist/crypto/bn/asm/README
vendor-crypto/openssl/dist/crypto/bn/asm/bn-586.pl
vendor-crypto/openssl/dist/crypto/bn/asm/co-586.pl
vendor-crypto/openssl/dist/crypto/bn/asm/ia64.S
vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s
vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl
vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2.s
vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2W.s
vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl
vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8.S
vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8plus.S
vendor-crypto/openssl/dist/crypto/bn/asm/vms.mar
vendor-crypto/openssl/dist/crypto/bn/asm/x86/
vendor-crypto/openssl/dist/crypto/bn/asm/x86/add.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/comba.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/div.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/f
vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul_add.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/sqr.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86/sub.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist/crypto/bn/bn.h
vendor-crypto/openssl/dist/crypto/bn/bn.mul
vendor-crypto/openssl/dist/crypto/bn/bn_add.c
vendor-crypto/openssl/dist/crypto/bn/bn_asm.c
vendor-crypto/openssl/dist/crypto/bn/bn_blind.c
vendor-crypto/openssl/dist/crypto/bn/bn_const.c
vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c
vendor-crypto/openssl/dist/crypto/bn/bn_depr.c
vendor-crypto/openssl/dist/crypto/bn/bn_div.c
vendor-crypto/openssl/dist/crypto/bn/bn_err.c
vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c
vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c
vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c
vendor-crypto/openssl/dist/crypto/bn/bn_kron.c
vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h
vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
vendor-crypto/openssl/dist/crypto/bn/bn_mod.c
vendor-crypto/openssl/dist/crypto/bn/bn_mont.c
vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c
vendor-crypto/openssl/dist/crypto/bn/bn_mul.c
vendor-crypto/openssl/dist/crypto/bn/bn_nist.c
vendor-crypto/openssl/dist/crypto/bn/bn_opt.c
vendor-crypto/openssl/dist/crypto/bn/bn_prime.c
vendor-crypto/openssl/dist/crypto/bn/bn_prime.h
vendor-crypto/openssl/dist/crypto/bn/bn_prime.pl
vendor-crypto/openssl/dist/crypto/bn/bn_print.c
vendor-crypto/openssl/dist/crypto/bn/bn_rand.c
vendor-crypto/openssl/dist/crypto/bn/bn_recp.c
vendor-crypto/openssl/dist/crypto/bn/bn_shift.c
vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c
vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c
vendor-crypto/openssl/dist/crypto/bn/bn_word.c
vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c
vendor-crypto/openssl/dist/crypto/bn/bnspeed.c
vendor-crypto/openssl/dist/crypto/bn/bntest.c
vendor-crypto/openssl/dist/crypto/bn/divtest.c
vendor-crypto/openssl/dist/crypto/bn/exp.c
vendor-crypto/openssl/dist/crypto/bn/expspeed.c
vendor-crypto/openssl/dist/crypto/bn/exptest.c
vendor-crypto/openssl/dist/crypto/bn/todo
vendor-crypto/openssl/dist/crypto/bn/vms-helper.c
vendor-crypto/openssl/dist/crypto/buffer/
vendor-crypto/openssl/dist/crypto/buffer/Makefile
vendor-crypto/openssl/dist/crypto/buffer/buf_err.c
vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
vendor-crypto/openssl/dist/crypto/buffer/buffer.c
vendor-crypto/openssl/dist/crypto/buffer/buffer.h
vendor-crypto/openssl/dist/crypto/camellia/
vendor-crypto/openssl/dist/crypto/camellia/Makefile
vendor-crypto/openssl/dist/crypto/camellia/camellia.c
vendor-crypto/openssl/dist/crypto/camellia/camellia.h
vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h
vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c
vendor-crypto/openssl/dist/crypto/cast/
vendor-crypto/openssl/dist/crypto/cast/Makefile
vendor-crypto/openssl/dist/crypto/cast/asm/
vendor-crypto/openssl/dist/crypto/cast/asm/cast-586.pl
vendor-crypto/openssl/dist/crypto/cast/asm/readme
vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c
vendor-crypto/openssl/dist/crypto/cast/c_ecb.c
vendor-crypto/openssl/dist/crypto/cast/c_enc.c
vendor-crypto/openssl/dist/crypto/cast/c_ofb64.c
vendor-crypto/openssl/dist/crypto/cast/c_skey.c
vendor-crypto/openssl/dist/crypto/cast/cast.h
vendor-crypto/openssl/dist/crypto/cast/cast_lcl.h
vendor-crypto/openssl/dist/crypto/cast/cast_s.h
vendor-crypto/openssl/dist/crypto/cast/cast_spd.c
vendor-crypto/openssl/dist/crypto/cast/castopts.c
vendor-crypto/openssl/dist/crypto/cast/casts.cpp
vendor-crypto/openssl/dist/crypto/cast/casttest.c
vendor-crypto/openssl/dist/crypto/cms/
vendor-crypto/openssl/dist/crypto/cms/Makefile
vendor-crypto/openssl/dist/crypto/cms/cms.h
vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c
vendor-crypto/openssl/dist/crypto/cms/cms_att.c
vendor-crypto/openssl/dist/crypto/cms/cms_cd.c
vendor-crypto/openssl/dist/crypto/cms/cms_dd.c
vendor-crypto/openssl/dist/crypto/cms/cms_enc.c
vendor-crypto/openssl/dist/crypto/cms/cms_env.c
vendor-crypto/openssl/dist/crypto/cms/cms_err.c
vendor-crypto/openssl/dist/crypto/cms/cms_ess.c
vendor-crypto/openssl/dist/crypto/cms/cms_io.c
vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h
vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
vendor-crypto/openssl/dist/crypto/cms/cms_sd.c
vendor-crypto/openssl/dist/crypto/cms/cms_smime.c
vendor-crypto/openssl/dist/crypto/comp/
vendor-crypto/openssl/dist/crypto/comp/Makefile
vendor-crypto/openssl/dist/crypto/comp/c_rle.c
vendor-crypto/openssl/dist/crypto/comp/c_zlib.c
vendor-crypto/openssl/dist/crypto/comp/comp.h
vendor-crypto/openssl/dist/crypto/comp/comp_err.c
vendor-crypto/openssl/dist/crypto/comp/comp_lib.c
vendor-crypto/openssl/dist/crypto/conf/
vendor-crypto/openssl/dist/crypto/conf/Makefile
vendor-crypto/openssl/dist/crypto/conf/README
vendor-crypto/openssl/dist/crypto/conf/cnf_save.c
vendor-crypto/openssl/dist/crypto/conf/conf.h
vendor-crypto/openssl/dist/crypto/conf/conf_api.c
vendor-crypto/openssl/dist/crypto/conf/conf_api.h
vendor-crypto/openssl/dist/crypto/conf/conf_def.c
vendor-crypto/openssl/dist/crypto/conf/conf_def.h
vendor-crypto/openssl/dist/crypto/conf/conf_err.c
vendor-crypto/openssl/dist/crypto/conf/conf_lib.c
vendor-crypto/openssl/dist/crypto/conf/conf_mall.c
vendor-crypto/openssl/dist/crypto/conf/conf_mod.c
vendor-crypto/openssl/dist/crypto/conf/conf_sap.c
vendor-crypto/openssl/dist/crypto/conf/keysets.pl
vendor-crypto/openssl/dist/crypto/conf/ssleay.cnf
vendor-crypto/openssl/dist/crypto/conf/test.c
vendor-crypto/openssl/dist/crypto/cpt_err.c
vendor-crypto/openssl/dist/crypto/cryptlib.c
vendor-crypto/openssl/dist/crypto/cryptlib.h
vendor-crypto/openssl/dist/crypto/crypto-lib.com
vendor-crypto/openssl/dist/crypto/crypto.h
vendor-crypto/openssl/dist/crypto/cversion.c
vendor-crypto/openssl/dist/crypto/des/
vendor-crypto/openssl/dist/crypto/des/COPYRIGHT
vendor-crypto/openssl/dist/crypto/des/DES.pm
vendor-crypto/openssl/dist/crypto/des/DES.xs
vendor-crypto/openssl/dist/crypto/des/FILES0
vendor-crypto/openssl/dist/crypto/des/INSTALL
vendor-crypto/openssl/dist/crypto/des/Imakefile
vendor-crypto/openssl/dist/crypto/des/KERBEROS
vendor-crypto/openssl/dist/crypto/des/Makefile
vendor-crypto/openssl/dist/crypto/des/README
vendor-crypto/openssl/dist/crypto/des/VERSION
vendor-crypto/openssl/dist/crypto/des/asm/
vendor-crypto/openssl/dist/crypto/des/asm/crypt586.pl
vendor-crypto/openssl/dist/crypto/des/asm/des-586.pl
vendor-crypto/openssl/dist/crypto/des/asm/des686.pl
vendor-crypto/openssl/dist/crypto/des/asm/des_enc.m4
vendor-crypto/openssl/dist/crypto/des/asm/desboth.pl
vendor-crypto/openssl/dist/crypto/des/asm/readme
vendor-crypto/openssl/dist/crypto/des/cbc3_enc.c
vendor-crypto/openssl/dist/crypto/des/cbc_cksm.c
vendor-crypto/openssl/dist/crypto/des/cbc_enc.c
vendor-crypto/openssl/dist/crypto/des/cfb64ede.c
vendor-crypto/openssl/dist/crypto/des/cfb64enc.c
vendor-crypto/openssl/dist/crypto/des/cfb_enc.c
vendor-crypto/openssl/dist/crypto/des/des-lib.com
vendor-crypto/openssl/dist/crypto/des/des.c
vendor-crypto/openssl/dist/crypto/des/des.h
vendor-crypto/openssl/dist/crypto/des/des.pod
vendor-crypto/openssl/dist/crypto/des/des3s.cpp
vendor-crypto/openssl/dist/crypto/des/des_enc.c
vendor-crypto/openssl/dist/crypto/des/des_lib.c
vendor-crypto/openssl/dist/crypto/des/des_locl.h
vendor-crypto/openssl/dist/crypto/des/des_old.c
vendor-crypto/openssl/dist/crypto/des/des_old.h
vendor-crypto/openssl/dist/crypto/des/des_old2.c
vendor-crypto/openssl/dist/crypto/des/des_opts.c
vendor-crypto/openssl/dist/crypto/des/des_ver.h
vendor-crypto/openssl/dist/crypto/des/dess.cpp
vendor-crypto/openssl/dist/crypto/des/destest.c
vendor-crypto/openssl/dist/crypto/des/ecb3_enc.c
vendor-crypto/openssl/dist/crypto/des/ecb_enc.c
vendor-crypto/openssl/dist/crypto/des/ede_cbcm_enc.c
vendor-crypto/openssl/dist/crypto/des/enc_read.c
vendor-crypto/openssl/dist/crypto/des/enc_writ.c
vendor-crypto/openssl/dist/crypto/des/fcrypt.c
vendor-crypto/openssl/dist/crypto/des/fcrypt_b.c
vendor-crypto/openssl/dist/crypto/des/makefile.bc
vendor-crypto/openssl/dist/crypto/des/ncbc_enc.c
vendor-crypto/openssl/dist/crypto/des/ofb64ede.c
vendor-crypto/openssl/dist/crypto/des/ofb64enc.c
vendor-crypto/openssl/dist/crypto/des/ofb_enc.c
vendor-crypto/openssl/dist/crypto/des/options.txt
vendor-crypto/openssl/dist/crypto/des/pcbc_enc.c
vendor-crypto/openssl/dist/crypto/des/qud_cksm.c
vendor-crypto/openssl/dist/crypto/des/rand_key.c
vendor-crypto/openssl/dist/crypto/des/read2pwd.c
vendor-crypto/openssl/dist/crypto/des/read_pwd.c
vendor-crypto/openssl/dist/crypto/des/rpc_des.h
vendor-crypto/openssl/dist/crypto/des/rpc_enc.c
vendor-crypto/openssl/dist/crypto/des/rpw.c
vendor-crypto/openssl/dist/crypto/des/set_key.c
vendor-crypto/openssl/dist/crypto/des/speed.c
vendor-crypto/openssl/dist/crypto/des/spr.h
vendor-crypto/openssl/dist/crypto/des/str2key.c
vendor-crypto/openssl/dist/crypto/des/t/
vendor-crypto/openssl/dist/crypto/des/t/test
vendor-crypto/openssl/dist/crypto/des/times/
vendor-crypto/openssl/dist/crypto/des/times/486-50.sol
vendor-crypto/openssl/dist/crypto/des/times/586-100.lnx
vendor-crypto/openssl/dist/crypto/des/times/686-200.fre
vendor-crypto/openssl/dist/crypto/des/times/aix.cc
vendor-crypto/openssl/dist/crypto/des/times/alpha.cc
vendor-crypto/openssl/dist/crypto/des/times/hpux.cc
vendor-crypto/openssl/dist/crypto/des/times/sparc.gcc
vendor-crypto/openssl/dist/crypto/des/times/usparc.cc
vendor-crypto/openssl/dist/crypto/des/typemap
vendor-crypto/openssl/dist/crypto/des/xcbc_enc.c
vendor-crypto/openssl/dist/crypto/dh/
vendor-crypto/openssl/dist/crypto/dh/Makefile
vendor-crypto/openssl/dist/crypto/dh/dh.h
vendor-crypto/openssl/dist/crypto/dh/dh1024.pem
vendor-crypto/openssl/dist/crypto/dh/dh192.pem
vendor-crypto/openssl/dist/crypto/dh/dh2048.pem
vendor-crypto/openssl/dist/crypto/dh/dh4096.pem
vendor-crypto/openssl/dist/crypto/dh/dh512.pem
vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c
vendor-crypto/openssl/dist/crypto/dh/dh_check.c
vendor-crypto/openssl/dist/crypto/dh/dh_depr.c
vendor-crypto/openssl/dist/crypto/dh/dh_err.c
vendor-crypto/openssl/dist/crypto/dh/dh_gen.c
vendor-crypto/openssl/dist/crypto/dh/dh_key.c
vendor-crypto/openssl/dist/crypto/dh/dh_lib.c
vendor-crypto/openssl/dist/crypto/dh/dhtest.c
vendor-crypto/openssl/dist/crypto/dh/example
vendor-crypto/openssl/dist/crypto/dh/generate
vendor-crypto/openssl/dist/crypto/dh/p1024.c
vendor-crypto/openssl/dist/crypto/dh/p192.c
vendor-crypto/openssl/dist/crypto/dh/p512.c
vendor-crypto/openssl/dist/crypto/dsa/
vendor-crypto/openssl/dist/crypto/dsa/Makefile
vendor-crypto/openssl/dist/crypto/dsa/README
vendor-crypto/openssl/dist/crypto/dsa/dsa.h
vendor-crypto/openssl/dist/crypto/dsa/dsa_asn1.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_depr.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_key.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_lib.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_sign.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_vrf.c
vendor-crypto/openssl/dist/crypto/dsa/dsagen.c
vendor-crypto/openssl/dist/crypto/dsa/dsatest.c
vendor-crypto/openssl/dist/crypto/dsa/fips186a.txt
vendor-crypto/openssl/dist/crypto/dso/
vendor-crypto/openssl/dist/crypto/dso/Makefile
vendor-crypto/openssl/dist/crypto/dso/README
vendor-crypto/openssl/dist/crypto/dso/dso.h
vendor-crypto/openssl/dist/crypto/dso/dso_dl.c
vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c
vendor-crypto/openssl/dist/crypto/dso/dso_err.c
vendor-crypto/openssl/dist/crypto/dso/dso_lib.c
vendor-crypto/openssl/dist/crypto/dso/dso_null.c
vendor-crypto/openssl/dist/crypto/dso/dso_openssl.c
vendor-crypto/openssl/dist/crypto/dso/dso_vms.c
vendor-crypto/openssl/dist/crypto/dso/dso_win32.c
vendor-crypto/openssl/dist/crypto/dyn_lck.c
vendor-crypto/openssl/dist/crypto/ebcdic.c
vendor-crypto/openssl/dist/crypto/ebcdic.h
vendor-crypto/openssl/dist/crypto/ec/
vendor-crypto/openssl/dist/crypto/ec/Makefile
vendor-crypto/openssl/dist/crypto/ec/ec.h
vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
vendor-crypto/openssl/dist/crypto/ec/ec2_smpl.c
vendor-crypto/openssl/dist/crypto/ec/ec2_smpt.c
vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c
vendor-crypto/openssl/dist/crypto/ec/ec_check.c
vendor-crypto/openssl/dist/crypto/ec/ec_curve.c
vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c
vendor-crypto/openssl/dist/crypto/ec/ec_err.c
vendor-crypto/openssl/dist/crypto/ec/ec_key.c
vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h
vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist/crypto/ec/ec_mult.c
vendor-crypto/openssl/dist/crypto/ec/ec_print.c
vendor-crypto/openssl/dist/crypto/ec/ecp_mont.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nist.c
vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c
vendor-crypto/openssl/dist/crypto/ec/ectest.c
vendor-crypto/openssl/dist/crypto/ecdh/
vendor-crypto/openssl/dist/crypto/ecdh/Makefile
vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h
vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c
vendor-crypto/openssl/dist/crypto/ecdh/ech_err.c
vendor-crypto/openssl/dist/crypto/ecdh/ech_key.c
vendor-crypto/openssl/dist/crypto/ecdh/ech_lib.c
vendor-crypto/openssl/dist/crypto/ecdh/ech_locl.h
vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c
vendor-crypto/openssl/dist/crypto/ecdsa/
vendor-crypto/openssl/dist/crypto/ecdsa/Makefile
vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h
vendor-crypto/openssl/dist/crypto/ecdsa/ecdsatest.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_asn1.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_sign.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_vrf.c
vendor-crypto/openssl/dist/crypto/engine/
vendor-crypto/openssl/dist/crypto/engine/Makefile
vendor-crypto/openssl/dist/crypto/engine/README
vendor-crypto/openssl/dist/crypto/engine/eng_all.c
vendor-crypto/openssl/dist/crypto/engine/eng_cnf.c
vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
vendor-crypto/openssl/dist/crypto/engine/eng_ctrl.c
vendor-crypto/openssl/dist/crypto/engine/eng_dyn.c
vendor-crypto/openssl/dist/crypto/engine/eng_err.c
vendor-crypto/openssl/dist/crypto/engine/eng_fat.c
vendor-crypto/openssl/dist/crypto/engine/eng_init.c
vendor-crypto/openssl/dist/crypto/engine/eng_int.h
vendor-crypto/openssl/dist/crypto/engine/eng_lib.c
vendor-crypto/openssl/dist/crypto/engine/eng_list.c
vendor-crypto/openssl/dist/crypto/engine/eng_openssl.c
vendor-crypto/openssl/dist/crypto/engine/eng_padlock.c
vendor-crypto/openssl/dist/crypto/engine/eng_pkey.c
vendor-crypto/openssl/dist/crypto/engine/eng_table.c
vendor-crypto/openssl/dist/crypto/engine/engine.h
vendor-crypto/openssl/dist/crypto/engine/enginetest.c
vendor-crypto/openssl/dist/crypto/engine/tb_cipher.c
vendor-crypto/openssl/dist/crypto/engine/tb_dh.c
vendor-crypto/openssl/dist/crypto/engine/tb_digest.c
vendor-crypto/openssl/dist/crypto/engine/tb_dsa.c
vendor-crypto/openssl/dist/crypto/engine/tb_ecdh.c
vendor-crypto/openssl/dist/crypto/engine/tb_ecdsa.c
vendor-crypto/openssl/dist/crypto/engine/tb_rand.c
vendor-crypto/openssl/dist/crypto/engine/tb_rsa.c
vendor-crypto/openssl/dist/crypto/engine/tb_store.c
vendor-crypto/openssl/dist/crypto/err/
vendor-crypto/openssl/dist/crypto/err/Makefile
vendor-crypto/openssl/dist/crypto/err/err.c
vendor-crypto/openssl/dist/crypto/err/err.h
vendor-crypto/openssl/dist/crypto/err/err_all.c
vendor-crypto/openssl/dist/crypto/err/err_bio.c
vendor-crypto/openssl/dist/crypto/err/err_def.c
vendor-crypto/openssl/dist/crypto/err/err_prn.c
vendor-crypto/openssl/dist/crypto/err/err_str.c
vendor-crypto/openssl/dist/crypto/err/openssl.ec
vendor-crypto/openssl/dist/crypto/evp/
vendor-crypto/openssl/dist/crypto/evp/Makefile
vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
vendor-crypto/openssl/dist/crypto/evp/bio_enc.c
vendor-crypto/openssl/dist/crypto/evp/bio_md.c
vendor-crypto/openssl/dist/crypto/evp/bio_ok.c
vendor-crypto/openssl/dist/crypto/evp/c_all.c
vendor-crypto/openssl/dist/crypto/evp/c_allc.c
vendor-crypto/openssl/dist/crypto/evp/c_alld.c
vendor-crypto/openssl/dist/crypto/evp/dig_eng.c
vendor-crypto/openssl/dist/crypto/evp/digest.c
vendor-crypto/openssl/dist/crypto/evp/e_aes.c
vendor-crypto/openssl/dist/crypto/evp/e_bf.c
vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
vendor-crypto/openssl/dist/crypto/evp/e_cast.c
vendor-crypto/openssl/dist/crypto/evp/e_des.c
vendor-crypto/openssl/dist/crypto/evp/e_des3.c
vendor-crypto/openssl/dist/crypto/evp/e_dsa.c
vendor-crypto/openssl/dist/crypto/evp/e_idea.c
vendor-crypto/openssl/dist/crypto/evp/e_null.c
vendor-crypto/openssl/dist/crypto/evp/e_old.c
vendor-crypto/openssl/dist/crypto/evp/e_rc2.c
vendor-crypto/openssl/dist/crypto/evp/e_rc4.c
vendor-crypto/openssl/dist/crypto/evp/e_rc5.c
vendor-crypto/openssl/dist/crypto/evp/e_seed.c
vendor-crypto/openssl/dist/crypto/evp/e_xcbc_d.c
vendor-crypto/openssl/dist/crypto/evp/enc_min.c
vendor-crypto/openssl/dist/crypto/evp/encode.c
vendor-crypto/openssl/dist/crypto/evp/evp.h
vendor-crypto/openssl/dist/crypto/evp/evp_acnf.c
vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c
vendor-crypto/openssl/dist/crypto/evp/evp_enc.c
vendor-crypto/openssl/dist/crypto/evp/evp_err.c
vendor-crypto/openssl/dist/crypto/evp/evp_key.c
vendor-crypto/openssl/dist/crypto/evp/evp_lib.c
vendor-crypto/openssl/dist/crypto/evp/evp_locl.h
vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c
vendor-crypto/openssl/dist/crypto/evp/evp_pkey.c
vendor-crypto/openssl/dist/crypto/evp/evp_test.c
vendor-crypto/openssl/dist/crypto/evp/evptests.txt
vendor-crypto/openssl/dist/crypto/evp/m_dss.c
vendor-crypto/openssl/dist/crypto/evp/m_dss1.c
vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c
vendor-crypto/openssl/dist/crypto/evp/m_md2.c
vendor-crypto/openssl/dist/crypto/evp/m_md4.c
vendor-crypto/openssl/dist/crypto/evp/m_md5.c
vendor-crypto/openssl/dist/crypto/evp/m_mdc2.c
vendor-crypto/openssl/dist/crypto/evp/m_null.c
vendor-crypto/openssl/dist/crypto/evp/m_ripemd.c
vendor-crypto/openssl/dist/crypto/evp/m_sha.c
vendor-crypto/openssl/dist/crypto/evp/m_sha1.c
vendor-crypto/openssl/dist/crypto/evp/names.c
vendor-crypto/openssl/dist/crypto/evp/openbsd_hw.c
vendor-crypto/openssl/dist/crypto/evp/p5_crpt.c
vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c
vendor-crypto/openssl/dist/crypto/evp/p_dec.c
vendor-crypto/openssl/dist/crypto/evp/p_enc.c
vendor-crypto/openssl/dist/crypto/evp/p_lib.c
vendor-crypto/openssl/dist/crypto/evp/p_open.c
vendor-crypto/openssl/dist/crypto/evp/p_seal.c
vendor-crypto/openssl/dist/crypto/evp/p_sign.c
vendor-crypto/openssl/dist/crypto/evp/p_verify.c
vendor-crypto/openssl/dist/crypto/ex_data.c
vendor-crypto/openssl/dist/crypto/fips_err.c
vendor-crypto/openssl/dist/crypto/fips_err.h
vendor-crypto/openssl/dist/crypto/hmac/
vendor-crypto/openssl/dist/crypto/hmac/Makefile
vendor-crypto/openssl/dist/crypto/hmac/hmac.c
vendor-crypto/openssl/dist/crypto/hmac/hmac.h
vendor-crypto/openssl/dist/crypto/hmac/hmactest.c
vendor-crypto/openssl/dist/crypto/ia64cpuid.S
vendor-crypto/openssl/dist/crypto/idea/
vendor-crypto/openssl/dist/crypto/idea/Makefile
vendor-crypto/openssl/dist/crypto/idea/i_cbc.c
vendor-crypto/openssl/dist/crypto/idea/i_cfb64.c
vendor-crypto/openssl/dist/crypto/idea/i_ecb.c
vendor-crypto/openssl/dist/crypto/idea/i_ofb64.c
vendor-crypto/openssl/dist/crypto/idea/i_skey.c
vendor-crypto/openssl/dist/crypto/idea/idea.h
vendor-crypto/openssl/dist/crypto/idea/idea_lcl.h
vendor-crypto/openssl/dist/crypto/idea/idea_spd.c
vendor-crypto/openssl/dist/crypto/idea/ideatest.c
vendor-crypto/openssl/dist/crypto/idea/version
vendor-crypto/openssl/dist/crypto/install.com
vendor-crypto/openssl/dist/crypto/jpake/
vendor-crypto/openssl/dist/crypto/jpake/Makefile
vendor-crypto/openssl/dist/crypto/jpake/jpake.c
vendor-crypto/openssl/dist/crypto/jpake/jpake.h
vendor-crypto/openssl/dist/crypto/jpake/jpake_err.c
vendor-crypto/openssl/dist/crypto/jpake/jpaketest.c
vendor-crypto/openssl/dist/crypto/krb5/
vendor-crypto/openssl/dist/crypto/krb5/Makefile
vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.c
vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.h
vendor-crypto/openssl/dist/crypto/lhash/
vendor-crypto/openssl/dist/crypto/lhash/Makefile
vendor-crypto/openssl/dist/crypto/lhash/lh_stats.c
vendor-crypto/openssl/dist/crypto/lhash/lh_test.c
vendor-crypto/openssl/dist/crypto/lhash/lhash.c
vendor-crypto/openssl/dist/crypto/lhash/lhash.h
vendor-crypto/openssl/dist/crypto/lhash/num.pl
vendor-crypto/openssl/dist/crypto/md2/
vendor-crypto/openssl/dist/crypto/md2/Makefile
vendor-crypto/openssl/dist/crypto/md2/md2.c
vendor-crypto/openssl/dist/crypto/md2/md2.h
vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c
vendor-crypto/openssl/dist/crypto/md2/md2_one.c
vendor-crypto/openssl/dist/crypto/md2/md2test.c
vendor-crypto/openssl/dist/crypto/md32_common.h
vendor-crypto/openssl/dist/crypto/md4/
vendor-crypto/openssl/dist/crypto/md4/Makefile
vendor-crypto/openssl/dist/crypto/md4/md4.c
vendor-crypto/openssl/dist/crypto/md4/md4.h
vendor-crypto/openssl/dist/crypto/md4/md4_dgst.c
vendor-crypto/openssl/dist/crypto/md4/md4_locl.h
vendor-crypto/openssl/dist/crypto/md4/md4_one.c
vendor-crypto/openssl/dist/crypto/md4/md4s.cpp
vendor-crypto/openssl/dist/crypto/md4/md4test.c
vendor-crypto/openssl/dist/crypto/md5/
vendor-crypto/openssl/dist/crypto/md5/Makefile
vendor-crypto/openssl/dist/crypto/md5/asm/
vendor-crypto/openssl/dist/crypto/md5/asm/md5-586.pl
vendor-crypto/openssl/dist/crypto/md5/asm/md5-x86_64.pl
vendor-crypto/openssl/dist/crypto/md5/md5.c
vendor-crypto/openssl/dist/crypto/md5/md5.h
vendor-crypto/openssl/dist/crypto/md5/md5_dgst.c
vendor-crypto/openssl/dist/crypto/md5/md5_locl.h
vendor-crypto/openssl/dist/crypto/md5/md5_one.c
vendor-crypto/openssl/dist/crypto/md5/md5s.cpp
vendor-crypto/openssl/dist/crypto/md5/md5test.c
vendor-crypto/openssl/dist/crypto/mdc2/
vendor-crypto/openssl/dist/crypto/mdc2/Makefile
vendor-crypto/openssl/dist/crypto/mdc2/mdc2.h
vendor-crypto/openssl/dist/crypto/mdc2/mdc2_one.c
vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c
vendor-crypto/openssl/dist/crypto/mdc2/mdc2test.c
vendor-crypto/openssl/dist/crypto/mem.c
vendor-crypto/openssl/dist/crypto/mem_clr.c
vendor-crypto/openssl/dist/crypto/mem_dbg.c
vendor-crypto/openssl/dist/crypto/o_dir.c
vendor-crypto/openssl/dist/crypto/o_dir.h
vendor-crypto/openssl/dist/crypto/o_dir_test.c
vendor-crypto/openssl/dist/crypto/o_init.c
vendor-crypto/openssl/dist/crypto/o_str.c
vendor-crypto/openssl/dist/crypto/o_str.h
vendor-crypto/openssl/dist/crypto/o_time.c
vendor-crypto/openssl/dist/crypto/o_time.h
vendor-crypto/openssl/dist/crypto/objects/
vendor-crypto/openssl/dist/crypto/objects/Makefile
vendor-crypto/openssl/dist/crypto/objects/o_names.c
vendor-crypto/openssl/dist/crypto/objects/obj_dat.c
vendor-crypto/openssl/dist/crypto/objects/obj_dat.h
vendor-crypto/openssl/dist/crypto/objects/obj_dat.pl
vendor-crypto/openssl/dist/crypto/objects/obj_err.c
vendor-crypto/openssl/dist/crypto/objects/obj_lib.c
vendor-crypto/openssl/dist/crypto/objects/obj_mac.h
vendor-crypto/openssl/dist/crypto/objects/obj_mac.num
vendor-crypto/openssl/dist/crypto/objects/objects.README
vendor-crypto/openssl/dist/crypto/objects/objects.h
vendor-crypto/openssl/dist/crypto/objects/objects.pl
vendor-crypto/openssl/dist/crypto/objects/objects.txt
vendor-crypto/openssl/dist/crypto/ocsp/
vendor-crypto/openssl/dist/crypto/ocsp/Makefile
vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_asn.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_cl.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_err.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_prn.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_srv.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c
vendor-crypto/openssl/dist/crypto/opensslconf.h
vendor-crypto/openssl/dist/crypto/opensslconf.h.in
vendor-crypto/openssl/dist/crypto/opensslv.h
vendor-crypto/openssl/dist/crypto/ossl_typ.h
vendor-crypto/openssl/dist/crypto/pem/
vendor-crypto/openssl/dist/crypto/pem/Makefile
vendor-crypto/openssl/dist/crypto/pem/message
vendor-crypto/openssl/dist/crypto/pem/pem.h
vendor-crypto/openssl/dist/crypto/pem/pem2.h
vendor-crypto/openssl/dist/crypto/pem/pem_all.c
vendor-crypto/openssl/dist/crypto/pem/pem_err.c
vendor-crypto/openssl/dist/crypto/pem/pem_info.c
vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist/crypto/pem/pem_oth.c
vendor-crypto/openssl/dist/crypto/pem/pem_pk8.c
vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c
vendor-crypto/openssl/dist/crypto/pem/pem_seal.c
vendor-crypto/openssl/dist/crypto/pem/pem_sign.c
vendor-crypto/openssl/dist/crypto/pem/pem_x509.c
vendor-crypto/openssl/dist/crypto/pem/pem_xaux.c
vendor-crypto/openssl/dist/crypto/pem/pkcs7.lis
vendor-crypto/openssl/dist/crypto/perlasm/
vendor-crypto/openssl/dist/crypto/perlasm/cbc.pl
vendor-crypto/openssl/dist/crypto/perlasm/readme
vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86asm.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86ms.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86nasm.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86unix.pl
vendor-crypto/openssl/dist/crypto/pkcs12/
vendor-crypto/openssl/dist/crypto/pkcs12/Makefile
vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_asn.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_attr.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_crt.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_init.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_key.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8d.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c
vendor-crypto/openssl/dist/crypto/pkcs12/pk12err.c
vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h
vendor-crypto/openssl/dist/crypto/pkcs7/
vendor-crypto/openssl/dist/crypto/pkcs7/Makefile
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_asn1.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_attr.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_dgst.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_enc.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_lib.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_mime.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c
vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7.h
vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7err.c
vendor-crypto/openssl/dist/crypto/pqueue/
vendor-crypto/openssl/dist/crypto/pqueue/Makefile
vendor-crypto/openssl/dist/crypto/pqueue/pq_compat.h
vendor-crypto/openssl/dist/crypto/pqueue/pq_test.c
vendor-crypto/openssl/dist/crypto/pqueue/pqueue.c
vendor-crypto/openssl/dist/crypto/pqueue/pqueue.h
vendor-crypto/openssl/dist/crypto/rand/
vendor-crypto/openssl/dist/crypto/rand/Makefile
vendor-crypto/openssl/dist/crypto/rand/md_rand.c
vendor-crypto/openssl/dist/crypto/rand/rand.h
vendor-crypto/openssl/dist/crypto/rand/rand_egd.c
vendor-crypto/openssl/dist/crypto/rand/rand_eng.c
vendor-crypto/openssl/dist/crypto/rand/rand_err.c
vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h
vendor-crypto/openssl/dist/crypto/rand/rand_lib.c
vendor-crypto/openssl/dist/crypto/rand/rand_nw.c
vendor-crypto/openssl/dist/crypto/rand/rand_os2.c
vendor-crypto/openssl/dist/crypto/rand/rand_unix.c
vendor-crypto/openssl/dist/crypto/rand/rand_vms.c
vendor-crypto/openssl/dist/crypto/rand/rand_win.c
vendor-crypto/openssl/dist/crypto/rand/randfile.c
vendor-crypto/openssl/dist/crypto/rand/randtest.c
vendor-crypto/openssl/dist/crypto/rc2/
vendor-crypto/openssl/dist/crypto/rc2/Makefile
vendor-crypto/openssl/dist/crypto/rc2/rc2.h
vendor-crypto/openssl/dist/crypto/rc2/rc2_cbc.c
vendor-crypto/openssl/dist/crypto/rc2/rc2_ecb.c
vendor-crypto/openssl/dist/crypto/rc2/rc2_locl.h
vendor-crypto/openssl/dist/crypto/rc2/rc2_skey.c
vendor-crypto/openssl/dist/crypto/rc2/rc2cfb64.c
vendor-crypto/openssl/dist/crypto/rc2/rc2ofb64.c
vendor-crypto/openssl/dist/crypto/rc2/rc2speed.c
vendor-crypto/openssl/dist/crypto/rc2/rc2test.c
vendor-crypto/openssl/dist/crypto/rc2/rrc2.doc
vendor-crypto/openssl/dist/crypto/rc2/tab.c
vendor-crypto/openssl/dist/crypto/rc2/version
vendor-crypto/openssl/dist/crypto/rc4/
vendor-crypto/openssl/dist/crypto/rc4/Makefile
vendor-crypto/openssl/dist/crypto/rc4/asm/
vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-586.pl
vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-ia64.S
vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl
vendor-crypto/openssl/dist/crypto/rc4/rc4.c
vendor-crypto/openssl/dist/crypto/rc4/rc4.h
vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c
vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c
vendor-crypto/openssl/dist/crypto/rc4/rc4_locl.h
vendor-crypto/openssl/dist/crypto/rc4/rc4_skey.c
vendor-crypto/openssl/dist/crypto/rc4/rc4s.cpp
vendor-crypto/openssl/dist/crypto/rc4/rc4speed.c
vendor-crypto/openssl/dist/crypto/rc4/rc4test.c
vendor-crypto/openssl/dist/crypto/rc4/rrc4.doc
vendor-crypto/openssl/dist/crypto/rc5/
vendor-crypto/openssl/dist/crypto/rc5/Makefile
vendor-crypto/openssl/dist/crypto/rc5/asm/
vendor-crypto/openssl/dist/crypto/rc5/asm/rc5-586.pl
vendor-crypto/openssl/dist/crypto/rc5/rc5.h
vendor-crypto/openssl/dist/crypto/rc5/rc5_ecb.c
vendor-crypto/openssl/dist/crypto/rc5/rc5_enc.c
vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h
vendor-crypto/openssl/dist/crypto/rc5/rc5_skey.c
vendor-crypto/openssl/dist/crypto/rc5/rc5cfb64.c
vendor-crypto/openssl/dist/crypto/rc5/rc5ofb64.c
vendor-crypto/openssl/dist/crypto/rc5/rc5s.cpp
vendor-crypto/openssl/dist/crypto/rc5/rc5speed.c
vendor-crypto/openssl/dist/crypto/rc5/rc5test.c
vendor-crypto/openssl/dist/crypto/ripemd/
vendor-crypto/openssl/dist/crypto/ripemd/Makefile
vendor-crypto/openssl/dist/crypto/ripemd/README
vendor-crypto/openssl/dist/crypto/ripemd/asm/
vendor-crypto/openssl/dist/crypto/ripemd/asm/rips.cpp
vendor-crypto/openssl/dist/crypto/ripemd/asm/rmd-586.pl
vendor-crypto/openssl/dist/crypto/ripemd/ripemd.h
vendor-crypto/openssl/dist/crypto/ripemd/rmd160.c
vendor-crypto/openssl/dist/crypto/ripemd/rmd_dgst.c
vendor-crypto/openssl/dist/crypto/ripemd/rmd_locl.h
vendor-crypto/openssl/dist/crypto/ripemd/rmd_one.c
vendor-crypto/openssl/dist/crypto/ripemd/rmdconst.h
vendor-crypto/openssl/dist/crypto/ripemd/rmdtest.c
vendor-crypto/openssl/dist/crypto/rsa/
vendor-crypto/openssl/dist/crypto/rsa/Makefile
vendor-crypto/openssl/dist/crypto/rsa/rsa.h
vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_depr.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_none.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_null.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_pk1.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_saos.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_ssl.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_x931.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c
vendor-crypto/openssl/dist/crypto/seed/
vendor-crypto/openssl/dist/crypto/seed/Makefile
vendor-crypto/openssl/dist/crypto/seed/seed.c
vendor-crypto/openssl/dist/crypto/seed/seed.h
vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c
vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c
vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c
vendor-crypto/openssl/dist/crypto/seed/seed_locl.h
vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c
vendor-crypto/openssl/dist/crypto/sha/
vendor-crypto/openssl/dist/crypto/sha/Makefile
vendor-crypto/openssl/dist/crypto/sha/asm/
vendor-crypto/openssl/dist/crypto/sha/asm/README
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ia64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ia64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-sse2.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/sha.c
vendor-crypto/openssl/dist/crypto/sha/sha.h
vendor-crypto/openssl/dist/crypto/sha/sha1.c
vendor-crypto/openssl/dist/crypto/sha/sha1_one.c
vendor-crypto/openssl/dist/crypto/sha/sha1dgst.c
vendor-crypto/openssl/dist/crypto/sha/sha1s.cpp
vendor-crypto/openssl/dist/crypto/sha/sha1test.c
vendor-crypto/openssl/dist/crypto/sha/sha256.c
vendor-crypto/openssl/dist/crypto/sha/sha256t.c
vendor-crypto/openssl/dist/crypto/sha/sha512.c
vendor-crypto/openssl/dist/crypto/sha/sha512t.c
vendor-crypto/openssl/dist/crypto/sha/sha_dgst.c
vendor-crypto/openssl/dist/crypto/sha/sha_locl.h
vendor-crypto/openssl/dist/crypto/sha/sha_one.c
vendor-crypto/openssl/dist/crypto/sha/shatest.c
vendor-crypto/openssl/dist/crypto/sparccpuid.S
vendor-crypto/openssl/dist/crypto/stack/
vendor-crypto/openssl/dist/crypto/stack/Makefile
vendor-crypto/openssl/dist/crypto/stack/safestack.h
vendor-crypto/openssl/dist/crypto/stack/stack.c
vendor-crypto/openssl/dist/crypto/stack/stack.h
vendor-crypto/openssl/dist/crypto/store/
vendor-crypto/openssl/dist/crypto/store/Makefile
vendor-crypto/openssl/dist/crypto/store/README
vendor-crypto/openssl/dist/crypto/store/store.h
vendor-crypto/openssl/dist/crypto/store/str_err.c
vendor-crypto/openssl/dist/crypto/store/str_lib.c
vendor-crypto/openssl/dist/crypto/store/str_locl.h
vendor-crypto/openssl/dist/crypto/store/str_mem.c
vendor-crypto/openssl/dist/crypto/store/str_meth.c
vendor-crypto/openssl/dist/crypto/symhacks.h
vendor-crypto/openssl/dist/crypto/threads/
vendor-crypto/openssl/dist/crypto/threads/README
vendor-crypto/openssl/dist/crypto/threads/mttest.c
vendor-crypto/openssl/dist/crypto/threads/netware.bat
vendor-crypto/openssl/dist/crypto/threads/profile.sh
vendor-crypto/openssl/dist/crypto/threads/ptest.bat
vendor-crypto/openssl/dist/crypto/threads/pthread.sh
vendor-crypto/openssl/dist/crypto/threads/pthread2.sh
vendor-crypto/openssl/dist/crypto/threads/pthreads-vms.com
vendor-crypto/openssl/dist/crypto/threads/purify.sh
vendor-crypto/openssl/dist/crypto/threads/solaris.sh
vendor-crypto/openssl/dist/crypto/threads/th-lock.c
vendor-crypto/openssl/dist/crypto/threads/win32.bat
vendor-crypto/openssl/dist/crypto/tmdiff.c
vendor-crypto/openssl/dist/crypto/tmdiff.h
vendor-crypto/openssl/dist/crypto/txt_db/
vendor-crypto/openssl/dist/crypto/txt_db/Makefile
vendor-crypto/openssl/dist/crypto/txt_db/txt_db.c
vendor-crypto/openssl/dist/crypto/txt_db/txt_db.h
vendor-crypto/openssl/dist/crypto/ui/
vendor-crypto/openssl/dist/crypto/ui/Makefile
vendor-crypto/openssl/dist/crypto/ui/ui.h
vendor-crypto/openssl/dist/crypto/ui/ui_compat.c
vendor-crypto/openssl/dist/crypto/ui/ui_compat.h
vendor-crypto/openssl/dist/crypto/ui/ui_err.c
vendor-crypto/openssl/dist/crypto/ui/ui_lib.c
vendor-crypto/openssl/dist/crypto/ui/ui_locl.h
vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist/crypto/ui/ui_util.c
vendor-crypto/openssl/dist/crypto/uid.c
vendor-crypto/openssl/dist/crypto/x509/
vendor-crypto/openssl/dist/crypto/x509/Makefile
vendor-crypto/openssl/dist/crypto/x509/by_dir.c
vendor-crypto/openssl/dist/crypto/x509/by_file.c
vendor-crypto/openssl/dist/crypto/x509/x509.h
vendor-crypto/openssl/dist/crypto/x509/x509_att.c
vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c
vendor-crypto/openssl/dist/crypto/x509/x509_d2.c
vendor-crypto/openssl/dist/crypto/x509/x509_def.c
vendor-crypto/openssl/dist/crypto/x509/x509_err.c
vendor-crypto/openssl/dist/crypto/x509/x509_ext.c
vendor-crypto/openssl/dist/crypto/x509/x509_lu.c
vendor-crypto/openssl/dist/crypto/x509/x509_obj.c
vendor-crypto/openssl/dist/crypto/x509/x509_r2x.c
vendor-crypto/openssl/dist/crypto/x509/x509_req.c
vendor-crypto/openssl/dist/crypto/x509/x509_set.c
vendor-crypto/openssl/dist/crypto/x509/x509_trs.c
vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
vendor-crypto/openssl/dist/crypto/x509/x509_v3.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h
vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
vendor-crypto/openssl/dist/crypto/x509/x509cset.c
vendor-crypto/openssl/dist/crypto/x509/x509name.c
vendor-crypto/openssl/dist/crypto/x509/x509rset.c
vendor-crypto/openssl/dist/crypto/x509/x509spki.c
vendor-crypto/openssl/dist/crypto/x509/x509type.c
vendor-crypto/openssl/dist/crypto/x509/x_all.c
vendor-crypto/openssl/dist/crypto/x509v3/
vendor-crypto/openssl/dist/crypto/x509v3/Makefile
vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h
vendor-crypto/openssl/dist/crypto/x509v3/pcy_cache.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_int.h
vendor-crypto/openssl/dist/crypto/x509v3/pcy_lib.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_map.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_node.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c
vendor-crypto/openssl/dist/crypto/x509v3/tabtest.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_akey.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_akeya.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_asid.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_bcons.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_bitst.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_crld.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_enum.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_extku.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_ia5.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_int.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_ocsp.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pcons.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pku.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pmaps.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_prn.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_skey.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_sxnet.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c
vendor-crypto/openssl/dist/crypto/x509v3/v3conf.c
vendor-crypto/openssl/dist/crypto/x509v3/v3err.c
vendor-crypto/openssl/dist/crypto/x509v3/v3prin.c
vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h
vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl
vendor-crypto/openssl/dist/crypto/x86cpuid.pl
vendor-crypto/openssl/dist/demos/
vendor-crypto/openssl/dist/demos/README
vendor-crypto/openssl/dist/demos/asn1/
vendor-crypto/openssl/dist/demos/asn1/README.ASN1
vendor-crypto/openssl/dist/demos/asn1/ocsp.c
vendor-crypto/openssl/dist/demos/b64.c
vendor-crypto/openssl/dist/demos/b64.pl
vendor-crypto/openssl/dist/demos/bio/
vendor-crypto/openssl/dist/demos/bio/Makefile
vendor-crypto/openssl/dist/demos/bio/README
vendor-crypto/openssl/dist/demos/bio/saccept.c
vendor-crypto/openssl/dist/demos/bio/sconnect.c
vendor-crypto/openssl/dist/demos/bio/server.pem
vendor-crypto/openssl/dist/demos/easy_tls/
vendor-crypto/openssl/dist/demos/easy_tls/Makefile
vendor-crypto/openssl/dist/demos/easy_tls/README
vendor-crypto/openssl/dist/demos/easy_tls/cacerts.pem
vendor-crypto/openssl/dist/demos/easy_tls/cert.pem
vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.c
vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.h
vendor-crypto/openssl/dist/demos/easy_tls/test.c
vendor-crypto/openssl/dist/demos/easy_tls/test.h
vendor-crypto/openssl/dist/demos/engines/
vendor-crypto/openssl/dist/demos/engines/cluster_labs/
vendor-crypto/openssl/dist/demos/engines/cluster_labs/Makefile
vendor-crypto/openssl/dist/demos/engines/cluster_labs/cluster_labs.h
vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs.c
vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs.ec
vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.c
vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.h
vendor-crypto/openssl/dist/demos/engines/ibmca/
vendor-crypto/openssl/dist/demos/engines/ibmca/Makefile
vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca.c
vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca.ec
vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.c
vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.h
vendor-crypto/openssl/dist/demos/engines/ibmca/ica_openssl_api.h
vendor-crypto/openssl/dist/demos/engines/rsaref/
vendor-crypto/openssl/dist/demos/engines/rsaref/Makefile
vendor-crypto/openssl/dist/demos/engines/rsaref/README
vendor-crypto/openssl/dist/demos/engines/rsaref/build.com
vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref.c
vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref.ec
vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.c
vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.h
vendor-crypto/openssl/dist/demos/engines/zencod/
vendor-crypto/openssl/dist/demos/engines/zencod/Makefile
vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.c
vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.ec
vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.h
vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.c
vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.h
vendor-crypto/openssl/dist/demos/jpake/
vendor-crypto/openssl/dist/demos/jpake/Makefile
vendor-crypto/openssl/dist/demos/jpake/jpakedemo.c
vendor-crypto/openssl/dist/demos/pkcs12/
vendor-crypto/openssl/dist/demos/pkcs12/README
vendor-crypto/openssl/dist/demos/pkcs12/pkread.c
vendor-crypto/openssl/dist/demos/pkcs12/pkwrite.c
vendor-crypto/openssl/dist/demos/prime/
vendor-crypto/openssl/dist/demos/prime/Makefile
vendor-crypto/openssl/dist/demos/prime/prime.c
vendor-crypto/openssl/dist/demos/privkey.pem
vendor-crypto/openssl/dist/demos/selfsign.c
vendor-crypto/openssl/dist/demos/sign/
vendor-crypto/openssl/dist/demos/sign/Makefile
vendor-crypto/openssl/dist/demos/sign/cert.pem
vendor-crypto/openssl/dist/demos/sign/key.pem
vendor-crypto/openssl/dist/demos/sign/sig.txt
vendor-crypto/openssl/dist/demos/sign/sign.c
vendor-crypto/openssl/dist/demos/sign/sign.txt
vendor-crypto/openssl/dist/demos/spkigen.c
vendor-crypto/openssl/dist/demos/ssl/
vendor-crypto/openssl/dist/demos/ssl/cli.cpp
vendor-crypto/openssl/dist/demos/ssl/inetdsrv.cpp
vendor-crypto/openssl/dist/demos/ssl/serv.cpp
vendor-crypto/openssl/dist/demos/ssltest-ecc/
vendor-crypto/openssl/dist/demos/ssltest-ecc/ECC-RSAcertgen.sh
vendor-crypto/openssl/dist/demos/ssltest-ecc/ECCcertgen.sh
vendor-crypto/openssl/dist/demos/ssltest-ecc/README
vendor-crypto/openssl/dist/demos/ssltest-ecc/RSAcertgen.sh
vendor-crypto/openssl/dist/demos/ssltest-ecc/ssltest.sh
vendor-crypto/openssl/dist/demos/state_machine/
vendor-crypto/openssl/dist/demos/state_machine/Makefile
vendor-crypto/openssl/dist/demos/state_machine/state_machine.c
vendor-crypto/openssl/dist/demos/tunala/
vendor-crypto/openssl/dist/demos/tunala/A-client.pem
vendor-crypto/openssl/dist/demos/tunala/A-server.pem
vendor-crypto/openssl/dist/demos/tunala/CA.pem
vendor-crypto/openssl/dist/demos/tunala/INSTALL
vendor-crypto/openssl/dist/demos/tunala/Makefile
vendor-crypto/openssl/dist/demos/tunala/Makefile.am
vendor-crypto/openssl/dist/demos/tunala/README
vendor-crypto/openssl/dist/demos/tunala/autogunk.sh
vendor-crypto/openssl/dist/demos/tunala/autoungunk.sh
vendor-crypto/openssl/dist/demos/tunala/breakage.c
vendor-crypto/openssl/dist/demos/tunala/buffer.c
vendor-crypto/openssl/dist/demos/tunala/cb.c
vendor-crypto/openssl/dist/demos/tunala/configure.in
vendor-crypto/openssl/dist/demos/tunala/ip.c
vendor-crypto/openssl/dist/demos/tunala/sm.c
vendor-crypto/openssl/dist/demos/tunala/test.sh
vendor-crypto/openssl/dist/demos/tunala/tunala.c
vendor-crypto/openssl/dist/demos/tunala/tunala.h
vendor-crypto/openssl/dist/demos/x509/
vendor-crypto/openssl/dist/demos/x509/README
vendor-crypto/openssl/dist/demos/x509/mkcert.c
vendor-crypto/openssl/dist/demos/x509/mkreq.c
vendor-crypto/openssl/dist/doc/
vendor-crypto/openssl/dist/doc/HOWTO/
vendor-crypto/openssl/dist/doc/HOWTO/certificates.txt
vendor-crypto/openssl/dist/doc/HOWTO/keys.txt
vendor-crypto/openssl/dist/doc/HOWTO/proxy_certificates.txt
vendor-crypto/openssl/dist/doc/README
vendor-crypto/openssl/dist/doc/apps/
vendor-crypto/openssl/dist/doc/apps/CA.pl.pod
vendor-crypto/openssl/dist/doc/apps/asn1parse.pod
vendor-crypto/openssl/dist/doc/apps/ca.pod
vendor-crypto/openssl/dist/doc/apps/ciphers.pod
vendor-crypto/openssl/dist/doc/apps/config.pod
vendor-crypto/openssl/dist/doc/apps/crl.pod
vendor-crypto/openssl/dist/doc/apps/crl2pkcs7.pod
vendor-crypto/openssl/dist/doc/apps/dgst.pod
vendor-crypto/openssl/dist/doc/apps/dhparam.pod
vendor-crypto/openssl/dist/doc/apps/dsa.pod
vendor-crypto/openssl/dist/doc/apps/dsaparam.pod
vendor-crypto/openssl/dist/doc/apps/ec.pod
vendor-crypto/openssl/dist/doc/apps/ecparam.pod
vendor-crypto/openssl/dist/doc/apps/enc.pod
vendor-crypto/openssl/dist/doc/apps/errstr.pod
vendor-crypto/openssl/dist/doc/apps/gendsa.pod
vendor-crypto/openssl/dist/doc/apps/genrsa.pod
vendor-crypto/openssl/dist/doc/apps/nseq.pod
vendor-crypto/openssl/dist/doc/apps/ocsp.pod
vendor-crypto/openssl/dist/doc/apps/openssl.pod
vendor-crypto/openssl/dist/doc/apps/passwd.pod
vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
vendor-crypto/openssl/dist/doc/apps/pkcs7.pod
vendor-crypto/openssl/dist/doc/apps/pkcs8.pod
vendor-crypto/openssl/dist/doc/apps/rand.pod
vendor-crypto/openssl/dist/doc/apps/req.pod
vendor-crypto/openssl/dist/doc/apps/rsa.pod
vendor-crypto/openssl/dist/doc/apps/rsautl.pod
vendor-crypto/openssl/dist/doc/apps/s_client.pod
vendor-crypto/openssl/dist/doc/apps/s_server.pod
vendor-crypto/openssl/dist/doc/apps/s_time.pod
vendor-crypto/openssl/dist/doc/apps/sess_id.pod
vendor-crypto/openssl/dist/doc/apps/smime.pod
vendor-crypto/openssl/dist/doc/apps/speed.pod
vendor-crypto/openssl/dist/doc/apps/spkac.pod
vendor-crypto/openssl/dist/doc/apps/verify.pod
vendor-crypto/openssl/dist/doc/apps/version.pod
vendor-crypto/openssl/dist/doc/apps/x509.pod
vendor-crypto/openssl/dist/doc/apps/x509v3_config.pod
vendor-crypto/openssl/dist/doc/c-indentation.el
vendor-crypto/openssl/dist/doc/crypto/
vendor-crypto/openssl/dist/doc/crypto/ASN1_OBJECT_new.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_length.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_new.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_print_ex.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_generate_nconf.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_ctrl.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_base64.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_buffer.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_cipher.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_md.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_null.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_ssl.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_find_type.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_new.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_push.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_read.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_accept.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_bio.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_fd.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_file.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_mem.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_null.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_socket.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_set_callback.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_should_retry.pod
vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
vendor-crypto/openssl/dist/doc/crypto/BN_CTX_new.pod
vendor-crypto/openssl/dist/doc/crypto/BN_CTX_start.pod
vendor-crypto/openssl/dist/doc/crypto/BN_add.pod
vendor-crypto/openssl/dist/doc/crypto/BN_add_word.pod
vendor-crypto/openssl/dist/doc/crypto/BN_bn2bin.pod
vendor-crypto/openssl/dist/doc/crypto/BN_cmp.pod
vendor-crypto/openssl/dist/doc/crypto/BN_copy.pod
vendor-crypto/openssl/dist/doc/crypto/BN_generate_prime.pod
vendor-crypto/openssl/dist/doc/crypto/BN_mod_inverse.pod
vendor-crypto/openssl/dist/doc/crypto/BN_mod_mul_montgomery.pod
vendor-crypto/openssl/dist/doc/crypto/BN_mod_mul_reciprocal.pod
vendor-crypto/openssl/dist/doc/crypto/BN_new.pod
vendor-crypto/openssl/dist/doc/crypto/BN_num_bytes.pod
vendor-crypto/openssl/dist/doc/crypto/BN_rand.pod
vendor-crypto/openssl/dist/doc/crypto/BN_set_bit.pod
vendor-crypto/openssl/dist/doc/crypto/BN_swap.pod
vendor-crypto/openssl/dist/doc/crypto/BN_zero.pod
vendor-crypto/openssl/dist/doc/crypto/CONF_modules_free.pod
vendor-crypto/openssl/dist/doc/crypto/CONF_modules_load_file.pod
vendor-crypto/openssl/dist/doc/crypto/CRYPTO_set_ex_data.pod
vendor-crypto/openssl/dist/doc/crypto/DH_generate_key.pod
vendor-crypto/openssl/dist/doc/crypto/DH_generate_parameters.pod
vendor-crypto/openssl/dist/doc/crypto/DH_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/crypto/DH_new.pod
vendor-crypto/openssl/dist/doc/crypto/DH_set_method.pod
vendor-crypto/openssl/dist/doc/crypto/DH_size.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_SIG_new.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_do_sign.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_dup_DH.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_generate_key.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_generate_parameters.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_new.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_set_method.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_sign.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_size.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_GET_LIB.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_clear_error.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_error_string.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_load_crypto_strings.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_load_strings.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_print_errors.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_put_error.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_remove_state.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_set_mark.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_OpenInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_new.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_set1_RSA.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_SealInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_SignInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_VerifyInit.pod
vendor-crypto/openssl/dist/doc/crypto/OBJ_nid2obj.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_Applink.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_VERSION_NUMBER.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_config.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_ia32cap.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_load_builtin_modules.pod
vendor-crypto/openssl/dist/doc/crypto/OpenSSL_add_all_algorithms.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS12_create.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS12_parse.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS7_decrypt.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS7_encrypt.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS7_sign.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS7_verify.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_add.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_bytes.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_cleanup.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_egd.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_load_file.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_set_rand_method.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_blinding_on.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_check_key.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_generate_key.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_new.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_print.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_private_encrypt.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_public_encrypt.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_set_method.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_sign.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_size.pod
vendor-crypto/openssl/dist/doc/crypto/SMIME_read_PKCS7.pod
vendor-crypto/openssl/dist/doc/crypto/SMIME_write_PKCS7.pod
vendor-crypto/openssl/dist/doc/crypto/X509_NAME_ENTRY_get_object.pod
vendor-crypto/openssl/dist/doc/crypto/X509_NAME_add_entry_by_txt.pod
vendor-crypto/openssl/dist/doc/crypto/X509_NAME_get_index_by_NID.pod
vendor-crypto/openssl/dist/doc/crypto/X509_NAME_print_ex.pod
vendor-crypto/openssl/dist/doc/crypto/X509_new.pod
vendor-crypto/openssl/dist/doc/crypto/bio.pod
vendor-crypto/openssl/dist/doc/crypto/blowfish.pod
vendor-crypto/openssl/dist/doc/crypto/bn.pod
vendor-crypto/openssl/dist/doc/crypto/bn_internal.pod
vendor-crypto/openssl/dist/doc/crypto/buffer.pod
vendor-crypto/openssl/dist/doc/crypto/crypto.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_ASN1_OBJECT.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_DHparams.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_DSAPublicKey.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_PKCS8PrivateKey.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_RSAPublicKey.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_ALGOR.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_CRL.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_NAME.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_REQ.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_SIG.pod
vendor-crypto/openssl/dist/doc/crypto/des.pod
vendor-crypto/openssl/dist/doc/crypto/des_modes.pod
vendor-crypto/openssl/dist/doc/crypto/dh.pod
vendor-crypto/openssl/dist/doc/crypto/dsa.pod
vendor-crypto/openssl/dist/doc/crypto/ecdsa.pod
vendor-crypto/openssl/dist/doc/crypto/engine.pod
vendor-crypto/openssl/dist/doc/crypto/err.pod
vendor-crypto/openssl/dist/doc/crypto/evp.pod
vendor-crypto/openssl/dist/doc/crypto/hmac.pod
vendor-crypto/openssl/dist/doc/crypto/lh_stats.pod
vendor-crypto/openssl/dist/doc/crypto/lhash.pod
vendor-crypto/openssl/dist/doc/crypto/md5.pod
vendor-crypto/openssl/dist/doc/crypto/mdc2.pod
vendor-crypto/openssl/dist/doc/crypto/pem.pod
vendor-crypto/openssl/dist/doc/crypto/rand.pod
vendor-crypto/openssl/dist/doc/crypto/rc4.pod
vendor-crypto/openssl/dist/doc/crypto/ripemd.pod
vendor-crypto/openssl/dist/doc/crypto/rsa.pod
vendor-crypto/openssl/dist/doc/crypto/sha.pod
vendor-crypto/openssl/dist/doc/crypto/threads.pod
vendor-crypto/openssl/dist/doc/crypto/ui.pod
vendor-crypto/openssl/dist/doc/crypto/ui_compat.pod
vendor-crypto/openssl/dist/doc/crypto/x509.pod
vendor-crypto/openssl/dist/doc/fingerprints.txt
vendor-crypto/openssl/dist/doc/openssl-shared.txt
vendor-crypto/openssl/dist/doc/openssl.txt
vendor-crypto/openssl/dist/doc/openssl_button.gif
vendor-crypto/openssl/dist/doc/openssl_button.html
vendor-crypto/openssl/dist/doc/ssl/
vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_COMP_add_compression_method.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_session.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_ctrl.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_flush_sessions.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_free.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_get_verify_mode.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_load_verify_locations.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sess_number.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sess_set_cache_size.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sess_set_get_cb.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sessions.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_store.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cipher_list.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_cert_cb.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_generate_session_id.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_info_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_max_cert_list.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_mode.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_msg_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_session_cache_mode.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_session_id_context.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_ssl_version.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_timeout.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_certificate.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_SESSION_free.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_SESSION_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_SESSION_get_time.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_accept.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_alert_type_string.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_clear.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_connect.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_do_handshake.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_free.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_SSL_CTX.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_ciphers.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_client_CA_list.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_current_cipher.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_default_timeout.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_error.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_ex_new_index.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_fd.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_peer_cert_chain.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_peer_certificate.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_rbio.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_session.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_verify_result.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_get_version.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_library_init.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_load_client_CA_file.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_new.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_pending.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_read.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_rstate_string.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_session_reused.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_bio.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_connect_state.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_fd.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_session.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_shutdown.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_verify_result.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_shutdown.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_state_string.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_want.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_write.pod
vendor-crypto/openssl/dist/doc/ssl/d2i_SSL_SESSION.pod
vendor-crypto/openssl/dist/doc/ssl/ssl.pod
vendor-crypto/openssl/dist/doc/ssleay.txt
vendor-crypto/openssl/dist/doc/standards.txt
vendor-crypto/openssl/dist/e_os.h
vendor-crypto/openssl/dist/e_os2.h
vendor-crypto/openssl/dist/engines/
vendor-crypto/openssl/dist/engines/Makefile
vendor-crypto/openssl/dist/engines/alpha.opt
vendor-crypto/openssl/dist/engines/e_4758cca.c
vendor-crypto/openssl/dist/engines/e_4758cca.ec
vendor-crypto/openssl/dist/engines/e_4758cca_err.c
vendor-crypto/openssl/dist/engines/e_4758cca_err.h
vendor-crypto/openssl/dist/engines/e_aep.c
vendor-crypto/openssl/dist/engines/e_aep.ec
vendor-crypto/openssl/dist/engines/e_aep_err.c
vendor-crypto/openssl/dist/engines/e_aep_err.h
vendor-crypto/openssl/dist/engines/e_atalla.c
vendor-crypto/openssl/dist/engines/e_atalla.ec
vendor-crypto/openssl/dist/engines/e_atalla_err.c
vendor-crypto/openssl/dist/engines/e_atalla_err.h
vendor-crypto/openssl/dist/engines/e_capi.c
vendor-crypto/openssl/dist/engines/e_capi.ec
vendor-crypto/openssl/dist/engines/e_capi_err.c
vendor-crypto/openssl/dist/engines/e_capi_err.h
vendor-crypto/openssl/dist/engines/e_chil.c
vendor-crypto/openssl/dist/engines/e_chil.ec
vendor-crypto/openssl/dist/engines/e_chil_err.c
vendor-crypto/openssl/dist/engines/e_chil_err.h
vendor-crypto/openssl/dist/engines/e_cswift.c
vendor-crypto/openssl/dist/engines/e_cswift.ec
vendor-crypto/openssl/dist/engines/e_cswift_err.c
vendor-crypto/openssl/dist/engines/e_cswift_err.h
vendor-crypto/openssl/dist/engines/e_gmp.c
vendor-crypto/openssl/dist/engines/e_gmp.ec
vendor-crypto/openssl/dist/engines/e_gmp_err.c
vendor-crypto/openssl/dist/engines/e_gmp_err.h
vendor-crypto/openssl/dist/engines/e_nuron.c
vendor-crypto/openssl/dist/engines/e_nuron.ec
vendor-crypto/openssl/dist/engines/e_nuron_err.c
vendor-crypto/openssl/dist/engines/e_nuron_err.h
vendor-crypto/openssl/dist/engines/e_sureware.c
vendor-crypto/openssl/dist/engines/e_sureware.ec
vendor-crypto/openssl/dist/engines/e_sureware_err.c
vendor-crypto/openssl/dist/engines/e_sureware_err.h
vendor-crypto/openssl/dist/engines/e_ubsec.c
vendor-crypto/openssl/dist/engines/e_ubsec.ec
vendor-crypto/openssl/dist/engines/e_ubsec_err.c
vendor-crypto/openssl/dist/engines/e_ubsec_err.h
vendor-crypto/openssl/dist/engines/engine_vector.mar
vendor-crypto/openssl/dist/engines/ia64.opt
vendor-crypto/openssl/dist/engines/makeengines.com
vendor-crypto/openssl/dist/engines/vax.opt
vendor-crypto/openssl/dist/engines/vendor_defns/
vendor-crypto/openssl/dist/engines/vendor_defns/aep.h
vendor-crypto/openssl/dist/engines/vendor_defns/atalla.h
vendor-crypto/openssl/dist/engines/vendor_defns/cswift.h
vendor-crypto/openssl/dist/engines/vendor_defns/hw_4758_cca.h
vendor-crypto/openssl/dist/engines/vendor_defns/hw_ubsec.h
vendor-crypto/openssl/dist/engines/vendor_defns/hwcryptohook.h
vendor-crypto/openssl/dist/engines/vendor_defns/sureware.h
vendor-crypto/openssl/dist/fips/
vendor-crypto/openssl/dist/fips/Makefile
vendor-crypto/openssl/dist/fips/aes/
vendor-crypto/openssl/dist/fips/aes/Makefile
vendor-crypto/openssl/dist/fips/aes/fips_aes_selftest.c
vendor-crypto/openssl/dist/fips/aes/fips_aesavs.c
vendor-crypto/openssl/dist/fips/des/
vendor-crypto/openssl/dist/fips/des/Makefile
vendor-crypto/openssl/dist/fips/des/fips_des_selftest.c
vendor-crypto/openssl/dist/fips/des/fips_desmovs.c
vendor-crypto/openssl/dist/fips/dh/
vendor-crypto/openssl/dist/fips/dh/Makefile
vendor-crypto/openssl/dist/fips/dh/dh_gen.c
vendor-crypto/openssl/dist/fips/dh/fips_dh_check.c
vendor-crypto/openssl/dist/fips/dh/fips_dh_gen.c
vendor-crypto/openssl/dist/fips/dh/fips_dh_key.c
vendor-crypto/openssl/dist/fips/dh/fips_dh_lib.c
vendor-crypto/openssl/dist/fips/dsa/
vendor-crypto/openssl/dist/fips/dsa/Makefile
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_gen.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_key.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_lib.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_ossl.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_selftest.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsa_sign.c
vendor-crypto/openssl/dist/fips/dsa/fips_dsatest.c
vendor-crypto/openssl/dist/fips/dsa/fips_dssvs.c
vendor-crypto/openssl/dist/fips/fips-lib.com
vendor-crypto/openssl/dist/fips/fips-nodiff.txt
vendor-crypto/openssl/dist/fips/fips.c
vendor-crypto/openssl/dist/fips/fips.h
vendor-crypto/openssl/dist/fips/fips_canister.c
vendor-crypto/openssl/dist/fips/fips_locl.h
vendor-crypto/openssl/dist/fips/fips_premain.c
vendor-crypto/openssl/dist/fips/fips_premain.c.sha1
vendor-crypto/openssl/dist/fips/fips_test_suite.c
vendor-crypto/openssl/dist/fips/fips_utl.h
vendor-crypto/openssl/dist/fips/fipsalgtest.pl
vendor-crypto/openssl/dist/fips/fipsld
vendor-crypto/openssl/dist/fips/fipstests.bat
vendor-crypto/openssl/dist/fips/fipstests.sh
vendor-crypto/openssl/dist/fips/hmac/
vendor-crypto/openssl/dist/fips/hmac/Makefile
vendor-crypto/openssl/dist/fips/hmac/fips_hmac.c
vendor-crypto/openssl/dist/fips/hmac/fips_hmac_selftest.c
vendor-crypto/openssl/dist/fips/hmac/fips_hmactest.c
vendor-crypto/openssl/dist/fips/install.com
vendor-crypto/openssl/dist/fips/mkfipsscr.pl
vendor-crypto/openssl/dist/fips/openssl_fips_fingerprint
vendor-crypto/openssl/dist/fips/rand/
vendor-crypto/openssl/dist/fips/rand/Makefile
vendor-crypto/openssl/dist/fips/rand/fips_rand.c
vendor-crypto/openssl/dist/fips/rand/fips_rand.h
vendor-crypto/openssl/dist/fips/rand/fips_rand_selftest.c
vendor-crypto/openssl/dist/fips/rand/fips_randtest.c
vendor-crypto/openssl/dist/fips/rand/fips_rngvs.c
vendor-crypto/openssl/dist/fips/rsa/
vendor-crypto/openssl/dist/fips/rsa/Makefile
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_eay.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_gen.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_lib.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_selftest.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_sign.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsa_x931g.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsagtest.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsastest.c
vendor-crypto/openssl/dist/fips/rsa/fips_rsavtest.c
vendor-crypto/openssl/dist/fips/sha/
vendor-crypto/openssl/dist/fips/sha/Makefile
vendor-crypto/openssl/dist/fips/sha/fips_sha1_selftest.c
vendor-crypto/openssl/dist/fips/sha/fips_shatest.c
vendor-crypto/openssl/dist/fips/sha/fips_standalone_sha1.c
vendor-crypto/openssl/dist/include/
vendor-crypto/openssl/dist/include/openssl/
vendor-crypto/openssl/dist/include/openssl/aes.h
vendor-crypto/openssl/dist/include/openssl/asn1.h
vendor-crypto/openssl/dist/include/openssl/asn1_mac.h
vendor-crypto/openssl/dist/include/openssl/asn1t.h
vendor-crypto/openssl/dist/include/openssl/bio.h
vendor-crypto/openssl/dist/include/openssl/blowfish.h
vendor-crypto/openssl/dist/include/openssl/bn.h
vendor-crypto/openssl/dist/include/openssl/buffer.h
vendor-crypto/openssl/dist/include/openssl/cast.h
vendor-crypto/openssl/dist/include/openssl/comp.h
vendor-crypto/openssl/dist/include/openssl/conf.h
vendor-crypto/openssl/dist/include/openssl/conf_api.h
vendor-crypto/openssl/dist/include/openssl/crypto.h
vendor-crypto/openssl/dist/include/openssl/des.h
vendor-crypto/openssl/dist/include/openssl/des_old.h
vendor-crypto/openssl/dist/include/openssl/dh.h
vendor-crypto/openssl/dist/include/openssl/dsa.h
vendor-crypto/openssl/dist/include/openssl/dso.h
vendor-crypto/openssl/dist/include/openssl/dtls1.h
vendor-crypto/openssl/dist/include/openssl/e_os2.h
vendor-crypto/openssl/dist/include/openssl/ebcdic.h
vendor-crypto/openssl/dist/include/openssl/ec.h
vendor-crypto/openssl/dist/include/openssl/ecdh.h
vendor-crypto/openssl/dist/include/openssl/ecdsa.h
vendor-crypto/openssl/dist/include/openssl/engine.h
vendor-crypto/openssl/dist/include/openssl/err.h
vendor-crypto/openssl/dist/include/openssl/evp.h
vendor-crypto/openssl/dist/include/openssl/fips.h
vendor-crypto/openssl/dist/include/openssl/fips_rand.h
vendor-crypto/openssl/dist/include/openssl/hmac.h
vendor-crypto/openssl/dist/include/openssl/idea.h
vendor-crypto/openssl/dist/include/openssl/krb5_asn.h
vendor-crypto/openssl/dist/include/openssl/kssl.h
vendor-crypto/openssl/dist/include/openssl/lhash.h
vendor-crypto/openssl/dist/include/openssl/md2.h
vendor-crypto/openssl/dist/include/openssl/md4.h
vendor-crypto/openssl/dist/include/openssl/md5.h
vendor-crypto/openssl/dist/include/openssl/obj_mac.h
vendor-crypto/openssl/dist/include/openssl/objects.h
vendor-crypto/openssl/dist/include/openssl/ocsp.h
vendor-crypto/openssl/dist/include/openssl/opensslconf.h
vendor-crypto/openssl/dist/include/openssl/opensslv.h
vendor-crypto/openssl/dist/include/openssl/ossl_typ.h
vendor-crypto/openssl/dist/include/openssl/pem.h
vendor-crypto/openssl/dist/include/openssl/pem2.h
vendor-crypto/openssl/dist/include/openssl/pkcs12.h
vendor-crypto/openssl/dist/include/openssl/pkcs7.h
vendor-crypto/openssl/dist/include/openssl/pq_compat.h
vendor-crypto/openssl/dist/include/openssl/pqueue.h
vendor-crypto/openssl/dist/include/openssl/rand.h
vendor-crypto/openssl/dist/include/openssl/rc2.h
vendor-crypto/openssl/dist/include/openssl/rc4.h
vendor-crypto/openssl/dist/include/openssl/ripemd.h
vendor-crypto/openssl/dist/include/openssl/rsa.h
vendor-crypto/openssl/dist/include/openssl/safestack.h
vendor-crypto/openssl/dist/include/openssl/sha.h
vendor-crypto/openssl/dist/include/openssl/ssl.h
vendor-crypto/openssl/dist/include/openssl/ssl2.h
vendor-crypto/openssl/dist/include/openssl/ssl23.h
vendor-crypto/openssl/dist/include/openssl/ssl3.h
vendor-crypto/openssl/dist/include/openssl/stack.h
vendor-crypto/openssl/dist/include/openssl/store.h
vendor-crypto/openssl/dist/include/openssl/symhacks.h
vendor-crypto/openssl/dist/include/openssl/tls1.h
vendor-crypto/openssl/dist/include/openssl/tmdiff.h
vendor-crypto/openssl/dist/include/openssl/txt_db.h
vendor-crypto/openssl/dist/include/openssl/ui.h
vendor-crypto/openssl/dist/include/openssl/ui_compat.h
vendor-crypto/openssl/dist/include/openssl/x509.h
vendor-crypto/openssl/dist/include/openssl/x509_vfy.h
vendor-crypto/openssl/dist/include/openssl/x509v3.h
vendor-crypto/openssl/dist/openssl.doxy
vendor-crypto/openssl/dist/openssl.spec
vendor-crypto/openssl/dist/perl/
vendor-crypto/openssl/dist/shlib/
vendor-crypto/openssl/dist/shlib/Makefile.hpux10-cc
vendor-crypto/openssl/dist/shlib/README
vendor-crypto/openssl/dist/shlib/hpux10-cc.sh
vendor-crypto/openssl/dist/shlib/irix.sh
vendor-crypto/openssl/dist/shlib/sco5-shared-gcc.sh
vendor-crypto/openssl/dist/shlib/sco5-shared-installed
vendor-crypto/openssl/dist/shlib/sco5-shared.sh
vendor-crypto/openssl/dist/shlib/solaris-sc4.sh
vendor-crypto/openssl/dist/shlib/solaris.sh
vendor-crypto/openssl/dist/shlib/sun.sh
vendor-crypto/openssl/dist/shlib/svr5-shared-gcc.sh
vendor-crypto/openssl/dist/shlib/svr5-shared-installed
vendor-crypto/openssl/dist/shlib/svr5-shared.sh
vendor-crypto/openssl/dist/shlib/win32.bat
vendor-crypto/openssl/dist/shlib/win32dll.bat
vendor-crypto/openssl/dist/ssl/
vendor-crypto/openssl/dist/ssl/Makefile
vendor-crypto/openssl/dist/ssl/bio_ssl.c
vendor-crypto/openssl/dist/ssl/d1_both.c
vendor-crypto/openssl/dist/ssl/d1_clnt.c
vendor-crypto/openssl/dist/ssl/d1_enc.c
vendor-crypto/openssl/dist/ssl/d1_lib.c
vendor-crypto/openssl/dist/ssl/d1_meth.c
vendor-crypto/openssl/dist/ssl/d1_pkt.c
vendor-crypto/openssl/dist/ssl/d1_srvr.c
vendor-crypto/openssl/dist/ssl/dtls1.h
vendor-crypto/openssl/dist/ssl/install.com
vendor-crypto/openssl/dist/ssl/kssl.c
vendor-crypto/openssl/dist/ssl/kssl.h
vendor-crypto/openssl/dist/ssl/kssl_lcl.h
vendor-crypto/openssl/dist/ssl/s23_clnt.c
vendor-crypto/openssl/dist/ssl/s23_lib.c
vendor-crypto/openssl/dist/ssl/s23_meth.c
vendor-crypto/openssl/dist/ssl/s23_pkt.c
vendor-crypto/openssl/dist/ssl/s23_srvr.c
vendor-crypto/openssl/dist/ssl/s2_clnt.c
vendor-crypto/openssl/dist/ssl/s2_enc.c
vendor-crypto/openssl/dist/ssl/s2_lib.c
vendor-crypto/openssl/dist/ssl/s2_meth.c
vendor-crypto/openssl/dist/ssl/s2_pkt.c
vendor-crypto/openssl/dist/ssl/s2_srvr.c
vendor-crypto/openssl/dist/ssl/s3_both.c
vendor-crypto/openssl/dist/ssl/s3_cbc.c
vendor-crypto/openssl/dist/ssl/s3_clnt.c
vendor-crypto/openssl/dist/ssl/s3_enc.c
vendor-crypto/openssl/dist/ssl/s3_lib.c
vendor-crypto/openssl/dist/ssl/s3_meth.c
vendor-crypto/openssl/dist/ssl/s3_pkt.c
vendor-crypto/openssl/dist/ssl/s3_srvr.c
vendor-crypto/openssl/dist/ssl/ssl-lib.com
vendor-crypto/openssl/dist/ssl/ssl.h
vendor-crypto/openssl/dist/ssl/ssl2.h
vendor-crypto/openssl/dist/ssl/ssl23.h
vendor-crypto/openssl/dist/ssl/ssl3.h
vendor-crypto/openssl/dist/ssl/ssl_algs.c
vendor-crypto/openssl/dist/ssl/ssl_asn1.c
vendor-crypto/openssl/dist/ssl/ssl_cert.c
vendor-crypto/openssl/dist/ssl/ssl_ciph.c
vendor-crypto/openssl/dist/ssl/ssl_err.c
vendor-crypto/openssl/dist/ssl/ssl_err2.c
vendor-crypto/openssl/dist/ssl/ssl_lib.c
vendor-crypto/openssl/dist/ssl/ssl_locl.h
vendor-crypto/openssl/dist/ssl/ssl_rsa.c
vendor-crypto/openssl/dist/ssl/ssl_sess.c
vendor-crypto/openssl/dist/ssl/ssl_stat.c
vendor-crypto/openssl/dist/ssl/ssl_task.c
vendor-crypto/openssl/dist/ssl/ssl_txt.c
vendor-crypto/openssl/dist/ssl/ssltest.c
vendor-crypto/openssl/dist/ssl/t1_clnt.c
vendor-crypto/openssl/dist/ssl/t1_enc.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/ssl/t1_meth.c
vendor-crypto/openssl/dist/ssl/t1_reneg.c
vendor-crypto/openssl/dist/ssl/t1_srvr.c
vendor-crypto/openssl/dist/ssl/tls1.h
vendor-crypto/openssl/dist/test/
vendor-crypto/openssl/dist/test/CAss.cnf
vendor-crypto/openssl/dist/test/CAssdh.cnf
vendor-crypto/openssl/dist/test/CAssdsa.cnf
vendor-crypto/openssl/dist/test/CAssrsa.cnf
vendor-crypto/openssl/dist/test/Makefile
vendor-crypto/openssl/dist/test/P1ss.cnf
vendor-crypto/openssl/dist/test/P2ss.cnf
vendor-crypto/openssl/dist/test/SHAmix.r
vendor-crypto/openssl/dist/test/SHAmix.x
vendor-crypto/openssl/dist/test/Sssdsa.cnf
vendor-crypto/openssl/dist/test/Sssrsa.cnf
vendor-crypto/openssl/dist/test/Uss.cnf
vendor-crypto/openssl/dist/test/VMSca-response.1
vendor-crypto/openssl/dist/test/VMSca-response.2
vendor-crypto/openssl/dist/test/bctest
vendor-crypto/openssl/dist/test/bftest.c
vendor-crypto/openssl/dist/test/bntest.c
vendor-crypto/openssl/dist/test/casttest.c
vendor-crypto/openssl/dist/test/cms-examples.pl
vendor-crypto/openssl/dist/test/cms-test.pl
vendor-crypto/openssl/dist/test/destest.c
vendor-crypto/openssl/dist/test/dhtest.c
vendor-crypto/openssl/dist/test/dsatest.c
vendor-crypto/openssl/dist/test/dummytest.c
vendor-crypto/openssl/dist/test/ecdhtest.c
vendor-crypto/openssl/dist/test/ecdsatest.c
vendor-crypto/openssl/dist/test/ectest.c
vendor-crypto/openssl/dist/test/enginetest.c
vendor-crypto/openssl/dist/test/evp_test.c
vendor-crypto/openssl/dist/test/evptests.txt
vendor-crypto/openssl/dist/test/exptest.c
vendor-crypto/openssl/dist/test/fips_aesavs.c
vendor-crypto/openssl/dist/test/fips_desmovs.c
vendor-crypto/openssl/dist/test/fips_dsatest.c
vendor-crypto/openssl/dist/test/fips_dssvs.c
vendor-crypto/openssl/dist/test/fips_hmactest.c
vendor-crypto/openssl/dist/test/fips_randtest.c
vendor-crypto/openssl/dist/test/fips_rngvs.c
vendor-crypto/openssl/dist/test/fips_rsagtest.c
vendor-crypto/openssl/dist/test/fips_rsastest.c
vendor-crypto/openssl/dist/test/fips_rsavtest.c
vendor-crypto/openssl/dist/test/fips_shatest.c
vendor-crypto/openssl/dist/test/fips_test_suite.c
vendor-crypto/openssl/dist/test/hmactest.c
vendor-crypto/openssl/dist/test/ideatest.c
vendor-crypto/openssl/dist/test/igetest.c
vendor-crypto/openssl/dist/test/jpaketest.c
vendor-crypto/openssl/dist/test/maketests.com
vendor-crypto/openssl/dist/test/md2test.c
vendor-crypto/openssl/dist/test/md4test.c
vendor-crypto/openssl/dist/test/md5test.c
vendor-crypto/openssl/dist/test/mdc2test.c
vendor-crypto/openssl/dist/test/methtest.c
vendor-crypto/openssl/dist/test/pkcs7-1.pem
vendor-crypto/openssl/dist/test/pkcs7.pem
vendor-crypto/openssl/dist/test/r160test.c
vendor-crypto/openssl/dist/test/randtest.c
vendor-crypto/openssl/dist/test/rc2test.c
vendor-crypto/openssl/dist/test/rc4test.c
vendor-crypto/openssl/dist/test/rc5test.c
vendor-crypto/openssl/dist/test/rmdtest.c
vendor-crypto/openssl/dist/test/rsa_test.c
vendor-crypto/openssl/dist/test/sha1test.c
vendor-crypto/openssl/dist/test/sha256t.c
vendor-crypto/openssl/dist/test/sha512t.c
vendor-crypto/openssl/dist/test/shatest.c
vendor-crypto/openssl/dist/test/smcont.txt
vendor-crypto/openssl/dist/test/smime-certs/
vendor-crypto/openssl/dist/test/smime-certs/smdsa1.pem
vendor-crypto/openssl/dist/test/smime-certs/smdsa2.pem
vendor-crypto/openssl/dist/test/smime-certs/smdsa3.pem
vendor-crypto/openssl/dist/test/smime-certs/smdsap.pem
vendor-crypto/openssl/dist/test/smime-certs/smroot.pem
vendor-crypto/openssl/dist/test/smime-certs/smrsa1.pem
vendor-crypto/openssl/dist/test/smime-certs/smrsa2.pem
vendor-crypto/openssl/dist/test/smime-certs/smrsa3.pem
vendor-crypto/openssl/dist/test/ssltest.c
vendor-crypto/openssl/dist/test/tcrl
vendor-crypto/openssl/dist/test/tcrl.com
vendor-crypto/openssl/dist/test/test.cnf
vendor-crypto/openssl/dist/test/testca
vendor-crypto/openssl/dist/test/testca.com
vendor-crypto/openssl/dist/test/testcrl.pem
vendor-crypto/openssl/dist/test/testenc
vendor-crypto/openssl/dist/test/testenc.com
vendor-crypto/openssl/dist/test/testfipsssl
vendor-crypto/openssl/dist/test/testgen
vendor-crypto/openssl/dist/test/testgen.com
vendor-crypto/openssl/dist/test/testp7.pem
vendor-crypto/openssl/dist/test/testreq2.pem
vendor-crypto/openssl/dist/test/testrsa.pem
vendor-crypto/openssl/dist/test/tests.com
vendor-crypto/openssl/dist/test/testsid.pem
vendor-crypto/openssl/dist/test/testss
vendor-crypto/openssl/dist/test/testss.com
vendor-crypto/openssl/dist/test/testssl
vendor-crypto/openssl/dist/test/testssl.com
vendor-crypto/openssl/dist/test/testsslproxy
vendor-crypto/openssl/dist/test/testx509.pem
vendor-crypto/openssl/dist/test/times
vendor-crypto/openssl/dist/test/tpkcs7
vendor-crypto/openssl/dist/test/tpkcs7.com
vendor-crypto/openssl/dist/test/tpkcs7d
vendor-crypto/openssl/dist/test/tpkcs7d.com
vendor-crypto/openssl/dist/test/treq
vendor-crypto/openssl/dist/test/treq.com
vendor-crypto/openssl/dist/test/trsa
vendor-crypto/openssl/dist/test/trsa.com
vendor-crypto/openssl/dist/test/tsid
vendor-crypto/openssl/dist/test/tsid.com
vendor-crypto/openssl/dist/test/tverify.com
vendor-crypto/openssl/dist/test/tx509
vendor-crypto/openssl/dist/test/tx509.com
vendor-crypto/openssl/dist/test/v3-cert1.pem
vendor-crypto/openssl/dist/test/v3-cert2.pem
vendor-crypto/openssl/dist/times/
vendor-crypto/openssl/dist/times/090/
vendor-crypto/openssl/dist/times/090/586-100.nt
vendor-crypto/openssl/dist/times/091/
vendor-crypto/openssl/dist/times/091/486-50.nt
vendor-crypto/openssl/dist/times/091/586-100.lnx
vendor-crypto/openssl/dist/times/091/68000.bsd
vendor-crypto/openssl/dist/times/091/686-200.lnx
vendor-crypto/openssl/dist/times/091/alpha064.osf
vendor-crypto/openssl/dist/times/091/alpha164.lnx
vendor-crypto/openssl/dist/times/091/alpha164.osf
vendor-crypto/openssl/dist/times/091/mips-rel.pl
vendor-crypto/openssl/dist/times/091/r10000.irx
vendor-crypto/openssl/dist/times/091/r3000.ult
vendor-crypto/openssl/dist/times/091/r4400.irx
vendor-crypto/openssl/dist/times/100.lnx
vendor-crypto/openssl/dist/times/100.nt
vendor-crypto/openssl/dist/times/200.lnx
vendor-crypto/openssl/dist/times/486-66.dos
vendor-crypto/openssl/dist/times/486-66.nt
vendor-crypto/openssl/dist/times/486-66.w31
vendor-crypto/openssl/dist/times/5.lnx
vendor-crypto/openssl/dist/times/586-085i.nt
vendor-crypto/openssl/dist/times/586-100.LN3
vendor-crypto/openssl/dist/times/586-100.NT2
vendor-crypto/openssl/dist/times/586-100.dos
vendor-crypto/openssl/dist/times/586-100.ln4
vendor-crypto/openssl/dist/times/586-100.lnx
vendor-crypto/openssl/dist/times/586-100.nt
vendor-crypto/openssl/dist/times/586-100.ntx
vendor-crypto/openssl/dist/times/586-100.w31
vendor-crypto/openssl/dist/times/586-1002.lnx
vendor-crypto/openssl/dist/times/586p-100.lnx
vendor-crypto/openssl/dist/times/686-200.bsd
vendor-crypto/openssl/dist/times/686-200.lnx
vendor-crypto/openssl/dist/times/686-200.nt
vendor-crypto/openssl/dist/times/L1
vendor-crypto/openssl/dist/times/R10000.t
vendor-crypto/openssl/dist/times/R4400.t
vendor-crypto/openssl/dist/times/aix.t
vendor-crypto/openssl/dist/times/aixold.t
vendor-crypto/openssl/dist/times/alpha.t
vendor-crypto/openssl/dist/times/alpha400.t
vendor-crypto/openssl/dist/times/cyrix100.lnx
vendor-crypto/openssl/dist/times/dgux-x86.t
vendor-crypto/openssl/dist/times/dgux.t
vendor-crypto/openssl/dist/times/hpux-acc.t
vendor-crypto/openssl/dist/times/hpux-kr.t
vendor-crypto/openssl/dist/times/hpux.t
vendor-crypto/openssl/dist/times/p2.w95
vendor-crypto/openssl/dist/times/pent2.t
vendor-crypto/openssl/dist/times/readme
vendor-crypto/openssl/dist/times/s586-100.lnx
vendor-crypto/openssl/dist/times/s586-100.nt
vendor-crypto/openssl/dist/times/sgi.t
vendor-crypto/openssl/dist/times/sparc.t
vendor-crypto/openssl/dist/times/sparc2
vendor-crypto/openssl/dist/times/sparcLX.t
vendor-crypto/openssl/dist/times/usparc.t
vendor-crypto/openssl/dist/times/x86/
vendor-crypto/openssl/dist/times/x86/bfs.cpp
vendor-crypto/openssl/dist/times/x86/casts.cpp
vendor-crypto/openssl/dist/times/x86/des3s.cpp
vendor-crypto/openssl/dist/times/x86/dess.cpp
vendor-crypto/openssl/dist/times/x86/md4s.cpp
vendor-crypto/openssl/dist/times/x86/md5s.cpp
vendor-crypto/openssl/dist/times/x86/rc4s.cpp
vendor-crypto/openssl/dist/times/x86/sha1s.cpp
vendor-crypto/openssl/dist/tools/
vendor-crypto/openssl/dist/tools/Makefile
vendor-crypto/openssl/dist/tools/c89.sh
vendor-crypto/openssl/dist/tools/c_hash
vendor-crypto/openssl/dist/tools/c_info
vendor-crypto/openssl/dist/tools/c_issuer
vendor-crypto/openssl/dist/tools/c_name
vendor-crypto/openssl/dist/tools/c_rehash
vendor-crypto/openssl/dist/tools/c_rehash.in
vendor-crypto/openssl/dist/util/
vendor-crypto/openssl/dist/util/FreeBSD.sh
vendor-crypto/openssl/dist/util/add_cr.pl
vendor-crypto/openssl/dist/util/arx.pl
vendor-crypto/openssl/dist/util/bat.sh
vendor-crypto/openssl/dist/util/ck_errf.pl
vendor-crypto/openssl/dist/util/clean-depend.pl
vendor-crypto/openssl/dist/util/copy.pl
vendor-crypto/openssl/dist/util/cygwin.sh
vendor-crypto/openssl/dist/util/deleof.pl
vendor-crypto/openssl/dist/util/dirname.pl
vendor-crypto/openssl/dist/util/do_ms.sh
vendor-crypto/openssl/dist/util/domd
vendor-crypto/openssl/dist/util/err-ins.pl
vendor-crypto/openssl/dist/util/extract-names.pl
vendor-crypto/openssl/dist/util/extract-section.pl
vendor-crypto/openssl/dist/util/files.pl
vendor-crypto/openssl/dist/util/fipslink.pl
vendor-crypto/openssl/dist/util/fixNT.sh
vendor-crypto/openssl/dist/util/install.sh
vendor-crypto/openssl/dist/util/libeay.num
vendor-crypto/openssl/dist/util/mk1mf.pl
vendor-crypto/openssl/dist/util/mkcerts.sh
vendor-crypto/openssl/dist/util/mkdef.pl
vendor-crypto/openssl/dist/util/mkdir-p.pl
vendor-crypto/openssl/dist/util/mkerr.pl
vendor-crypto/openssl/dist/util/mkfiles.pl
vendor-crypto/openssl/dist/util/mklink.pl
vendor-crypto/openssl/dist/util/mksdef.pl
vendor-crypto/openssl/dist/util/mkstack.pl
vendor-crypto/openssl/dist/util/opensslwrap.sh
vendor-crypto/openssl/dist/util/perlpath.pl
vendor-crypto/openssl/dist/util/pl/
vendor-crypto/openssl/dist/util/pl/BC-32.pl
vendor-crypto/openssl/dist/util/pl/Mingw32.pl
vendor-crypto/openssl/dist/util/pl/OS2-EMX.pl
vendor-crypto/openssl/dist/util/pl/VC-32.pl
vendor-crypto/openssl/dist/util/pl/linux.pl
vendor-crypto/openssl/dist/util/pl/netware.pl
vendor-crypto/openssl/dist/util/pl/ultrix.pl
vendor-crypto/openssl/dist/util/pl/unix.pl
vendor-crypto/openssl/dist/util/pod2man.pl
vendor-crypto/openssl/dist/util/pod2mantest
vendor-crypto/openssl/dist/util/pod2mantest.pod
vendor-crypto/openssl/dist/util/point.sh
vendor-crypto/openssl/dist/util/selftest.pl
vendor-crypto/openssl/dist/util/shlib_wrap.sh
vendor-crypto/openssl/dist/util/sp-diff.pl
vendor-crypto/openssl/dist/util/speed.sh
vendor-crypto/openssl/dist/util/src-dep.pl
vendor-crypto/openssl/dist/util/ssleay.num
vendor-crypto/openssl/dist/util/tab_num.pl
vendor-crypto/openssl/dist/util/x86asm.sh
Added: vendor-crypto/openssl/dist/ACKNOWLEDGMENTS
===================================================================
--- vendor-crypto/openssl/dist/ACKNOWLEDGMENTS (rev 0)
+++ vendor-crypto/openssl/dist/ACKNOWLEDGMENTS 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,30 @@
+The OpenSSL project depends on volunteer efforts and financial support from
+the end user community. That support comes in the form of donations and paid
+sponsorships, software support contracts, paid consulting services
+and commissioned software development.
+
+Since all these activities support the continued development and improvement
+of OpenSSL we consider all these clients and customers as sponsors of the
+OpenSSL project.
+
+We would like to identify and thank the following such sponsors for their past
+or current significant support of the OpenSSL project:
+
+Major support:
+
+ Qualys http://www.qualys.com/
+
+Very significant support:
+
+ OpenGear: http://www.opengear.com/
+
+Significant support:
+
+ PSW Group: http://www.psw.net/
+ Acano Ltd. http://acano.com/
+
+Please note that we ask permission to identify sponsors and that some sponsors
+we consider eligible for inclusion here have requested to remain anonymous.
+
+Additional sponsorship or financial support is always welcome: for more
+information please contact the OpenSSL Software Foundation.
Added: vendor-crypto/openssl/dist/CHANGES
===================================================================
--- vendor-crypto/openssl/dist/CHANGES (rev 0)
+++ vendor-crypto/openssl/dist/CHANGES 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,8832 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gr\xF6bert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia K\xE4sper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia K\xE4sper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
+ Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
+
+ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+ handshake can force the use of weak keying material in OpenSSL
+ SSL/TLS clients and servers.
+
+ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+ researching this issue. (CVE-2014-0224)
+ [KIKUCHI Masashi, Steve Henson]
+
+ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+ OpenSSL DTLS client the code can be made to recurse eventually crashing
+ in a DoS attack.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+ (CVE-2014-0221)
+ [Imre Rad, Steve Henson]
+
+ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+ client or server. This is potentially exploitable to run arbitrary
+ code on a vulnerable client or server.
+
+ Thanks to J\xFCri Aedla for reporting this issue. (CVE-2014-0195)
+ [J\xFCri Aedla, Steve Henson]
+
+ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+ are subject to a denial of service attack.
+
+ Thanks to Felix Gr\xF6bert and Ivan Fratric at Google for discovering
+ this issue. (CVE-2014-3470)
+ [Felix Gr\xF6bert, Ivan Fratric, Steve Henson]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ Thanks to mancha for backporting the fix to the 0.9.8 branch.
+
+ *) Fix handling of warning-level alerts in SSL23 client mode so they
+ don't cause client-side termination (eg. on SNI unrecognized_name
+ warnings). Add client and server support for six additional alerts
+ per RFC 6066 and RFC 4279.
+ [mancha]
+
+ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
+ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
+ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+ [Rob Stradling, Adam Langley]
+
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia K\xE4sper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia K\xE4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+ *) The fix for CVE-2012-2110 did not take into account that the
+ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+ rejecting negative len parameter. (CVE-2012-2131)
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+ in CMS and PKCS7 code. When RSA decryption fails use a random key for
+ content decryption and always return the same error. Note: this attack
+ needs on average 2^20 messages so it only affects automated senders. The
+ old behaviour can be reenabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+ an MMA defence is not necessary.
+ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+ this issue. (CVE-2012-0884)
+ [Steve Henson]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+
+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+ Thanks to Antonio Martin, Enterprise Secure Access Research and
+ Development, Cisco Systems, Inc. for discovering this bug and
+ preparing a fix. (CVE-2012-0050)
+ [Antonio Martin]
+
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+ of the Vaudenay padding oracle attack on CBC mode encryption
+ which enables an efficient plaintext recovery attack against
+ the OpenSSL implementation of DTLS. Their attack exploits timing
+ differences arising during decryption processing. A research
+ paper describing this attack can be found at:
+ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+ <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
+ for preparing the fix. (CVE-2011-4108)
+ [Robin Seggelmann, Michael Tuexen]
+
+ *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+ [Ben Laurie, Kasper <ekasper at google.com>]
+
+ *) Clear bytes used for block padding of SSL 3.0 records.
+ (CVE-2011-4576)
+ [Adam Langley (Google)]
+
+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+ Kadianakis <desnacked at gmail.com> for discovering this issue and
+ Adam Langley for preparing the fix. (CVE-2011-4619)
+ [Adam Langley (Google)]
+
+ *) Prevent malformed RFC3779 data triggering an assertion failure.
+ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+ and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
+ [Rob Austein <sra at hactrn.net>]
+
+ *) Fix ssl_ciph.c set-up race.
+ [Adam Langley (Google)]
+
+ *) Fix spurious failures in ecdsatest.c.
+ [Emilia K\xE4sper (Google)]
+
+ *) Fix the BIO_f_buffer() implementation (which was mixing different
+ interpretations of the '..._len' fields).
+ [Adam Langley (Google)]
+
+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+ threads won't reuse the same blinding coefficients.
+
+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+ lock to call BN_BLINDING_invert_ex, and avoids one use of
+ BN_BLINDING_update for each BN_BLINDING structure (previously,
+ the last update always remained unused).
+ [Emilia K\xE4sper (Google)]
+
+ *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH.
+ [Adam Langley (Google)]
+
+ *) Fix x509_name_ex_d2i memory leak on bad inputs.
+ [Bodo Moeller]
+
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
+
+ *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+ [Steve Henson]
+
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
+ [Steve Henson]
+
+ *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+ is also one of the inputs.
+ [Emilia K\xE4sper <emilia.kasper at esat.kuleuven.be> (Google)]
+
+ *) Don't repeatedly append PBE algorithms to table if they already exist.
+ Sort table on each new add. This effectively makes the table read only
+ after all algorithms are added and subsequent calls to PKCS12_pbe_add
+ etc are non-op.
+ [Steve Henson]
+
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+ [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+ OpenSSL 1.0.0.]
+
+ *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+ access or freeing data twice (CVE-2010-0742)
+ [Steve Henson, Ronald Moesbergen <intercommit at gmail.com>]
+
+ *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+ common in certificates and some applications which only call
+ SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+ [Steve Henson]
+
+ *) VMS fixes:
+ Reduce copying into .apps and .test in makevms.com
+ Don't try to use blank CA certificate in CA.com
+ Allow use of C files from original directories in maketests.com
+ [Steven M. Schweda" <sms at antinode.info>]
+
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+ *) When rejecting SSL/TLS records due to an incorrect version number, never
+ update s->server with a new major version number. As of
+ - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+ - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+ the previous behavior could result in a read attempt at NULL when
+ receiving specific incorrect SSL/TLS records once record payload
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl at chromium.org>]
+
+ *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
+ could be crashed if the relevant tables were not present (e.g. chrooted).
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+ *) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
+ [Martin Olsson, Neel Mehta]
+
+ *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+ accommodate for stack sorting, always a write lock!).
+ [Bodo Moeller]
+
+ *) On some versions of WIN32 Heap32Next is very slow. This can cause
+ excessive delays in the RAND_poll(): over a minute. As a workaround
+ include a time check in the inner Heap32Next loop too.
+ [Steve Henson]
+
+ *) The code that handled flushing of data in SSL/TLS originally used the
+ BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+ the problem outlined in PR#1949. The fix suggested there however can
+ trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+ of Apache). So instead simplify the code to flush unconditionally.
+ This should be fine since flushing with no data to flush is a no op.
+ [Steve Henson]
+
+ *) Handle TLS versions 2.0 and later properly and correctly use the
+ highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+ off ancient servers have a habit of sticking around for a while...
+ [Steve Henson]
+
+ *) Modify compression code so it frees up structures without using the
+ ex_data callbacks. This works around a problem where some applications
+ call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+ restarting) then use compression (e.g. SSL with compression) later.
+ This results in significant per-connection memory leaks and
+ has caused some security issues including CVE-2008-1678 and
+ CVE-2009-4355.
+ [Steve Henson]
+
+ *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+ change when encrypting or decrypting.
+ [Bodo Moeller]
+
+ *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+ connect and renegotiate with servers which do not support RI.
+ Until RI is more widely deployed this option is enabled by default.
+ [Steve Henson]
+
+ *) Add "missing" ssl ctrls to clear options and mode.
+ [Steve Henson]
+
+ *) If client attempts to renegotiate and doesn't support RI respond with
+ a no_renegotiation alert as required by RFC5746. Some renegotiating
+ TLS clients will continue a connection gracefully when they receive
+ the alert. Unfortunately OpenSSL mishandled this alert and would hang
+ waiting for a server hello which it will never receive. Now we treat a
+ received no_renegotiation alert as a fatal error. This is because
+ applications requesting a renegotiation might well expect it to succeed
+ and would have no code in place to handle the server denying it so the
+ only safe thing to do is to terminate the connection.
+ [Steve Henson]
+
+ *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+ peer supports secure renegotiation and 0 otherwise. Print out peer
+ renegotiation support in s_client/s_server.
+ [Steve Henson]
+
+ *) Replace the highly broken and deprecated SPKAC certification method with
+ the updated NID creation version. This should correctly handle UTF8.
+ [Steve Henson]
+
+ *) Implement RFC5746. Re-enable renegotiation but require the extension
+ as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+ turns out to be a bad idea. It has been replaced by
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+ SSL_CTX_set_options(). This is really not recommended unless you
+ know what you are doing.
+ [Eric Rescorla <ekr at networkresonance.com>, Ben Laurie, Steve Henson]
+
+ *) Fixes to stateless session resumption handling. Use initial_ctx when
+ issuing and attempting to decrypt tickets in case it has changed during
+ servername handling. Use a non-zero length session ID when attempting
+ stateless session resumption: this makes it possible to determine if
+ a resumption has occurred immediately after receiving server hello
+ (several places in OpenSSL subtly assume this) instead of later in
+ the handshake.
+ [Steve Henson]
+
+ *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+ CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+ fixes for a few places where the return code is not checked
+ correctly.
+ [Julia Lawall <julia at diku.dk>]
+
+ *) Add --strict-warnings option to Configure script to include devteam
+ warnings in other configurations.
+ [Steve Henson]
+
+ *) Add support for --libdir option and LIBDIR variable in makefiles. This
+ makes it possible to install openssl libraries in locations which
+ have names other than "lib", for example "/usr/lib64" which some
+ systems need.
+ [Steve Henson, based on patch from Jeremy Utley]
+
+ *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+ X690 8.9.12 and can produce some misleading textual output of OIDs.
+ [Steve Henson, reported by Dan Kaminsky]
+
+ *) Delete MD2 from algorithm tables. This follows the recommendation in
+ several standards that it is not used in new applications due to
+ several cryptographic weaknesses. For binary compatibility reasons
+ the MD2 API is still compiled in by default.
+ [Steve Henson]
+
+ *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+ and restored.
+ [Steve Henson]
+
+ *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+ OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+ clash.
+ [Guenter <lists at gknw.net>]
+
+ *) Fix the server certificate chain building code to use X509_verify_cert(),
+ it used to have an ad-hoc builder which was unable to cope with anything
+ other than a simple chain.
+ [David Woodhouse <dwmw2 at infradead.org>, Steve Henson]
+
+ *) Don't check self signed certificate signatures in X509_verify_cert()
+ by default (a flag can override this): it just wastes time without
+ adding any security. As a useful side effect self signed root CAs
+ with non-FIPS digests are now usable in FIPS mode.
+ [Steve Henson]
+
+ *) In dtls1_process_out_of_seq_message() the check if the current message
+ is already buffered was missing. For every new message was memory
+ allocated, allowing an attacker to perform an denial of service attack
+ with sending out of seq handshake messages until there is no memory
+ left. Additionally every future messege was buffered, even if the
+ sequence number made no sense and would be part of another handshake.
+ So only messages with sequence numbers less than 10 in advance will be
+ buffered. (CVE-2009-1378)
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Records are buffered if they arrive with a future epoch to be
+ processed after finishing the corresponding handshake. There is
+ currently no limitation to this buffer allowing an attacker to perform
+ a DOS attack with sending records with future epochs until there is no
+ memory left. This patch adds the pqueue_size() function to detemine
+ the size of a buffer and limits the record buffer to 100 entries.
+ (CVE-2009-1377)
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+ parent structure is freed. (CVE-2009-1379)
+ [Daniel Mentz]
+
+ *) Handle non-blocking I/O properly in SSL_shutdown() call.
+ [Darryl Miles <darryl-mailinglists at netbauds.net>]
+
+ *) Add 2.5.4.* OIDs
+ [Ilya O. <vrghost at gmail.com>]
+
+ Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
+
+ *) Disable renegotiation completely - this fixes a severe security
+ problem (CVE-2009-3555) at the cost of breaking all
+ renegotiation. Renegotiation can be re-enabled by setting
+ SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+ run-time. This is really not recommended unless you know what
+ you're doing.
+ [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
+
+ *) Don't set val to NULL when freeing up structures, it is freed up by
+ underlying code. If sizeof(void *) > sizeof(long) this can result in
+ zeroing past the valid field. (CVE-2009-0789)
+ [Paolo Ganci <Paolo.Ganci at AdNovum.CH>]
+
+ *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+ checked correctly. This would allow some invalid signed attributes to
+ appear to verify correctly. (CVE-2009-0591)
+ [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+ *) Reject UniversalString and BMPString types with invalid lengths. This
+ prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+ a legal length. (CVE-2009-0590)
+ [Steve Henson]
+
+ *) Set S/MIME signing as the default purpose rather than setting it
+ unconditionally. This allows applications to override it at the store
+ level.
+ [Steve Henson]
+
+ *) Permit restricted recursion of ASN1 strings. This is needed in practice
+ to handle some structures.
+ [Steve Henson]
+
+ *) Improve efficiency of mem_gets: don't search whole buffer each time
+ for a '\n'
+ [Jeremy Shapiro <jnshapir at us.ibm.com>]
+
+ *) New -hex option for openssl rand.
+ [Matthieu Herrb]
+
+ *) Print out UTF8String and NumericString when parsing ASN1.
+ [Steve Henson]
+
+ *) Support NumericString type for name components.
+ [Steve Henson]
+
+ *) Allow CC in the environment to override the automatically chosen
+ compiler. Note that nothing is done to ensure flags work with the
+ chosen compiler.
+ [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
+
+ *) Properly check EVP_VerifyFinal() and similar return values
+ (CVE-2008-5077).
+ [Ben Laurie, Bodo Moeller, Google Security Team]
+
+ *) Enable TLS extensions by default.
+ [Ben Laurie]
+
+ *) Allow the CHIL engine to be loaded, whether the application is
+ multithreaded or not. (This does not release the developer from the
+ obligation to set up the dynamic locking callbacks.)
+ [Sander Temme <sander at temme.net>]
+
+ *) Use correct exit code if there is an error in dgst command.
+ [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+ *) Tweak Configure so that you need to say "experimental-jpake" to enable
+ JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+ [Bodo Moeller]
+
+ *) Add experimental JPAKE support, including demo authentication in
+ s_client and s_server.
+ [Ben Laurie]
+
+ *) Set the comparison function in v3_addr_canonize().
+ [Rob Austein <sra at hactrn.net>]
+
+ *) Add support for XMPP STARTTLS in s_client.
+ [Philip Paeps <philip at freebsd.org>]
+
+ *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+ to ensure that even with this option, only ciphersuites in the
+ server's preference list will be accepted. (Note that the option
+ applies only when resuming a session, so the earlier behavior was
+ just about the algorithm choice for symmetric cryptography.)
+ [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
+
+ *) Fix NULL pointer dereference if a DTLS server received
+ ChangeCipherSpec as first record (CVE-2009-1386).
+ [PR #1679]
+
+ *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+ (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+ [Nagendra Modadugu]
+
+ *) The fix in 0.9.8c that supposedly got rid of unsafe
+ double-checked locking was incomplete for RSA blinding,
+ addressing just one layer of what turns out to have been
+ doubly unsafe triple-checked locking.
+
+ So now fix this for real by retiring the MONT_HELPER macro
+ in crypto/rsa/rsa_eay.c.
+
+ [Bodo Moeller; problem pointed out by Marius Schilder]
+
+ *) Various precautionary measures:
+
+ - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+ - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+ (NB: This would require knowledge of the secret session ticket key
+ to exploit, in which case you'd be SOL either way.)
+
+ - Change bn_nist.c so that it will properly handle input BIGNUMs
+ outside the expected range.
+
+ - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+ builds.
+
+ [Neel Mehta, Bodo Moeller]
+
+ *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+ the load fails. Useful for distros.
+ [Ben Laurie and the FreeBSD team]
+
+ *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+ [Steve Henson]
+
+ *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+ [Huang Ying]
+
+ *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+ keystores. Support for SSL/TLS client authentication too.
+ Not compiled unless enable-capieng specified to Configure.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+ ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+ attribute creation routines such as certifcate requests and PKCS#12
+ files.
+ [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h [28 May 2008]
+
+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+ handshake which could lead to a cilent crash as found using the
+ Codenomicon TLS test suite (CVE-2008-1672)
+ [Steve Henson, Mark Cox]
+
+ *) Fix double free in TLS server name extensions which could lead to
+ a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
+ [Joe Orton]
+
+ *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+ Clear the error queue to ensure that error entries left from
+ older function calls do not interfere with the correct operation.
+ [Lutz Jaenicke, Erik de Castro Lopo]
+
+ *) Remove root CA certificates of commercial CAs:
+
+ The OpenSSL project does not recommend any specific CA and does not
+ have any policy with respect to including or excluding any CA.
+ Therefore it does not make any sense to ship an arbitrary selection
+ of root CA certificates with the OpenSSL software.
+ [Lutz Jaenicke]
+
+ *) RSA OAEP patches to fix two separate invalid memory reads.
+ The first one involves inputs when 'lzero' is greater than
+ 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+ before the beginning of from). The second one involves inputs where
+ the 'db' section contains nothing but zeroes (there is a one-byte
+ invalid read after the end of 'db').
+ [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+ *) Partial backport from 0.9.9-dev:
+
+ Introduce bn_mul_mont (dedicated Montgomery multiplication
+ procedure) as a candidate for BIGNUM assembler implementation.
+ While 0.9.9-dev uses assembler for various architectures, only
+ x86_64 is available by default here in the 0.9.8 branch, and
+ 32-bit x86 is available through a compile-time setting.
+
+ To try the 32-bit x86 assembler implementation, use Configure
+ option "enable-montasm" (which exists only for this backport).
+
+ As "enable-montasm" for 32-bit x86 disclaims code stability
+ anyway, in this constellation we activate additional code
+ backported from 0.9.9-dev for further performance improvements,
+ namely BN_from_montgomery_word. (To enable this otherwise,
+ e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+ [Andy Polyakov (backport partially by Bodo Moeller)]
+
+ *) Add TLS session ticket callback. This allows an application to set
+ TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+ values. This is useful for key rollover for example where several key
+ sets may exist with different names.
+ [Steve Henson]
+
+ *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+ This was broken until now in 0.9.8 releases, such that the only way
+ a registered ENGINE could be used (assuming it initialises
+ successfully on the host) was to explicitly set it as the default
+ for the relevant algorithms. This is in contradiction with 0.9.7
+ behaviour and the documentation. With this fix, when an ENGINE is
+ registered into a given algorithm's table of implementations, the
+ 'uptodate' flag is reset so that auto-discovery will be used next
+ time a new context for that algorithm attempts to select an
+ implementation.
+ [Ian Lister (tweaked by Geoff Thorpe)]
+
+ *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+ implemention in the following ways:
+
+ Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+ hard coded.
+
+ Lack of BER streaming support means one pass streaming processing is
+ only supported if data is detached: setting the streaming flag is
+ ignored for embedded content.
+
+ CMS support is disabled by default and must be explicitly enabled
+ with the enable-cms configuration option.
+ [Steve Henson]
+
+ *) Update the GMP engine glue to do direct copies between BIGNUM and
+ mpz_t when openssl and GMP use the same limb size. Otherwise the
+ existing "conversion via a text string export" trick is still used.
+ [Paul Sheer <paulsheer at gmail.com>]
+
+ *) Zlib compression BIO. This is a filter BIO which compressed and
+ uncompresses any data passed through it.
+ [Steve Henson]
+
+ *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+ RFC3394 compatible AES key wrapping.
+ [Steve Henson]
+
+ *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+ sets string data without copying. X509_ALGOR_set0() and
+ X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+ data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+ from an X509_ATTRIBUTE structure optionally checking it occurs only
+ once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+ data.
+ [Steve Henson]
+
+ *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+ to get the expected BN_FLG_CONSTTIME behavior.
+ [Bodo Moeller (Google)]
+
+ *) Netware support:
+
+ - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+ - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+ - added some more tests to do_tests.pl
+ - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+ - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+ - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+ netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+ - various changes to netware.pl to enable gcc-cross builds on Win32
+ platform
+ - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+ - various changes to fix missing prototype warnings
+ - fixed x86nasm.pl to create correct asm files for NASM COFF output
+ - added AES, WHIRLPOOL and CPUID assembler code to build files
+ - added missing AES assembler make rules to mk1mf.pl
+ - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+ [Guenter Knauf <eflash at gmx.net>]
+
+ *) Implement certificate status request TLS extension defined in RFC3546.
+ A client can set the appropriate parameters and receive the encoded
+ OCSP response via a callback. A server can query the supplied parameters
+ and set the encoded OCSP response in the callback. Add simplified examples
+ to s_client and s_server.
+ [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g [19 Oct 2007]
+
+ *) Fix various bugs:
+ + Binary incompatibility of ssl_ctx_st structure
+ + DTLS interoperation with non-compliant servers
+ + Don't call get_session_cb() without proposed session
+ + Fix ia64 assembler code
+ [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f [11 Oct 2007]
+
+ *) DTLS Handshake overhaul. There were longstanding issues with
+ OpenSSL DTLS implementation, which were making it impossible for
+ RFC 4347 compliant client to communicate with OpenSSL server.
+ Unfortunately just fixing these incompatibilities would "cut off"
+ pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+ server keeps tolerating non RFC compliant syntax. The opposite is
+ not true, 0.9.8f client can not communicate with earlier server.
+ This update even addresses CVE-2007-4995.
+ [Andy Polyakov]
+
+ *) Changes to avoid need for function casts in OpenSSL: some compilers
+ (gcc 4.2 and later) reject their use.
+ [Kurt Roeckx <kurt at roeckx.be>, Peter Hartley <pdh at utter.chaos.org.uk>,
+ Steve Henson]
+
+ *) Add RFC4507 support to OpenSSL. This includes the corrections in
+ RFC4507bis. The encrypted ticket format is an encrypted encoded
+ SSL_SESSION structure, that way new session features are automatically
+ supported.
+
+ If a client application caches session in an SSL_SESSION structure
+ support is transparent because tickets are now stored in the encoded
+ SSL_SESSION.
+
+ The SSL_CTX structure automatically generates keys for ticket
+ protection in servers so again support should be possible
+ with no application modification.
+
+ If a client or server wishes to disable RFC4507 support then the option
+ SSL_OP_NO_TICKET can be set.
+
+ Add a TLS extension debugging callback to allow the contents of any client
+ or server extensions to be examined.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) Add initial support for TLS extensions, specifically for the server_name
+ extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
+ have new members for a host name. The SSL data structure has an
+ additional member SSL_CTX *initial_ctx so that new sessions can be
+ stored in that context to allow for session resumption, even after the
+ SSL has been switched to a new SSL_CTX in reaction to a client's
+ server_name extension.
+
+ New functions (subject to change):
+
+ SSL_get_servername()
+ SSL_get_servername_type()
+ SSL_set_SSL_CTX()
+
+ New CTRL codes and macros (subject to change):
+
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ - SSL_CTX_set_tlsext_servername_callback()
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+ - SSL_CTX_set_tlsext_servername_arg()
+ SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name()
+
+ openssl s_client has a new '-servername ...' option.
+
+ openssl s_server has new options '-servername_host ...', '-cert2 ...',
+ '-key2 ...', '-servername_fatal' (subject to change). This allows
+ testing the HostName extension for a specific single host name ('-cert'
+ and '-key' remain fallbacks for handshakes without HostName
+ negotiation). If the unrecogninzed_name alert has to be sent, this by
+ default is a warning; it becomes fatal with the '-servername_fatal'
+ option.
+
+ [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson]
+
+ *) Add AES and SSE2 assembly language support to VC++ build.
+ [Steve Henson]
+
+ *) Mitigate attack on final subtraction in Montgomery reduction.
+ [Andy Polyakov]
+
+ *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+ (which previously caused an internal error).
+ [Bodo Moeller]
+
+ *) Squeeze another 10% out of IGE mode when in != out.
+ [Ben Laurie]
+
+ *) AES IGE mode speedup.
+ [Dean Gaudet (Google)]
+
+ *) Add the Korean symmetric 128-bit cipher SEED (see
+ http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+ add SEED ciphersuites from RFC 4162:
+
+ TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA"
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA"
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA"
+ TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA"
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, SEED remains excluded from compilation unless OpenSSL
+ is configured with 'enable-seed'.
+ [KISA, Bodo Moeller]
+
+ *) Mitigate branch prediction attacks, which can be practical if a
+ single processor is shared, allowing a spy process to extract
+ information. For detailed background information, see
+ http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+ J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+ and Necessary Software Countermeasures"). The core of the change
+ are new versions BN_div_no_branch() and
+ BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+ respectively, which are slower, but avoid the security-relevant
+ conditional branches. These are automatically called by BN_div()
+ and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+ of the input BIGNUMs. Also, BN_is_bit_set() has been changed to
+ remove a conditional branch.
+
+ BN_FLG_CONSTTIME is the new name for the previous
+ BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+ modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag
+ in the exponent causes BN_mod_exp_mont() to use the alternative
+ implementation in BN_mod_exp_mont_consttime().) The old name
+ remains as a deprecated alias.
+
+ Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+ RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+ constant-time implementations for more than just exponentiation.
+ Here too the old name is kept as a deprecated alias.
+
+ BN_BLINDING_new() will now use BN_dup() for the modulus so that
+ the BN_BLINDING structure gets an independent copy of the
+ modulus. This means that the previous "BIGNUM *m" argument to
+ BN_BLINDING_new() and to BN_BLINDING_create_param() now
+ essentially becomes "const BIGNUM *m", although we can't actually
+ change this in the header file before 0.9.9. It allows
+ RSA_setup_blinding() to use BN_with_flags() on the modulus to
+ enable BN_FLG_CONSTTIME.
+
+ [Matthew D Wood (Intel Corp)]
+
+ *) In the SSL/TLS server implementation, be strict about session ID
+ context matching (which matters if an application uses a single
+ external cache for different purposes). Previously,
+ out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+ set. This did ensure strict client verification, but meant that,
+ with applications using a single external cache for quite
+ different requirements, clients could circumvent ciphersuite
+ restrictions for a given session ID context by starting a session
+ in a different context.
+ [Bodo Moeller]
+
+ *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+ a ciphersuite string such as "DEFAULT:RSA" cannot enable
+ authentication-only ciphersuites.
+ [Bodo Moeller]
+
+ *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+ not complete and could lead to a possible single byte overflow
+ (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
+
+ *) Since AES128 and AES256 (and similarly Camellia128 and
+ Camellia256) share a single mask bit in the logic of
+ ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+ kludge to work properly if AES128 is available and AES256 isn't
+ (or if Camellia128 is available and Camellia256 isn't).
+ [Victor Duchovni]
+
+ *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+ (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+ When a point or a seed is encoded in a BIT STRING, we need to
+ prevent the removal of trailing zero bits to get the proper DER
+ encoding. (By default, crypto/asn1/a_bitstr.c assumes the case
+ of a NamedBitList, for which trailing 0 bits need to be removed.)
+ [Bodo Moeller]
+
+ *) Have SSL/TLS server implementation tolerate "mismatched" record
+ protocol version while receiving ClientHello even if the
+ ClientHello is fragmented. (The server can't insist on the
+ particular protocol version it has chosen before the ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
+ *) Add RFC 3779 support.
+ [Rob Austein for ARIN, Ben Laurie]
+
+ *) Load error codes if they are not already present instead of using a
+ static variable. This allows them to be cleanly unloaded and reloaded.
+ Improve header file function name parsing.
+ [Steve Henson]
+
+ *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+ or CAPABILITY handshake as required by RFCs.
+ [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
+
+ *) Introduce limits to prevent malicious keys being able to
+ cause a denial of service. (CVE-2006-2940)
+ [Steve Henson, Bodo Moeller]
+
+ *) Fix ASN.1 parsing of certain invalid structures that can result
+ in a denial of service. (CVE-2006-2937) [Steve Henson]
+
+ *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+ (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Fix SSL client code which could crash if connecting to a
+ malicious SSLv2 server. (CVE-2006-4343)
+ [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+ match only those. Before that, "AES256-SHA" would be interpreted
+ as a pattern and match "AES128-SHA" too (since AES128-SHA got
+ the same strength classification in 0.9.7h) as we currently only
+ have a single AES bit in the ciphersuite description bitmap.
+ That change, however, also applied to ciphersuite strings such as
+ "RC4-MD5" that intentionally matched multiple ciphersuites --
+ namely, SSL 2.0 ciphersuites in addition to the more common ones
+ from SSL 3.0/TLS 1.0.
+
+ So we change the selection algorithm again: Naming an explicit
+ ciphersuite selects this one ciphersuite, and any other similar
+ ciphersuite (same bitmap) from *other* protocol versions.
+ Thus, "RC4-MD5" again will properly select both the SSL 2.0
+ ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+ Since SSL 2.0 does not have any ciphersuites for which the
+ 128/256 bit distinction would be relevant, this works for now.
+ The proper fix will be to use different bits for AES128 and
+ AES256, which would have avoided the problems from the beginning;
+ however, bits are scarce, so we can only do this in a new release
+ (not just a patchlevel) when we can change the SSL_CIPHER
+ definition to split the single 'unsigned long mask' bitmap into
+ multiple values to extend the available space.
+
+ [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
+
+ *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+ (CVE-2006-4339) [Ben Laurie and Google Security Team]
+
+ *) Add AES IGE and biIGE modes.
+ [Ben Laurie]
+
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
+ treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+ cannot be implicitly activated as part of, e.g., the "AES" alias.
+ However, please upgrade to OpenSSL 0.9.9[-dev] for
+ non-experimental use of the ECC ciphersuites to get TLS extension
+ support, which is required for curve and point format negotiation
+ to avoid potential handshake problems.
+ [Bodo Moeller]
+
+ *) Disable rogue ciphersuites:
+
+ - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+ - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+ - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+ The latter two were purportedly from
+ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+ appear there.
+
+ Also deactivate the remaining ciphersuites from
+ draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
+ unofficial, and the ID has long expired.
+ [Bodo Moeller]
+
+ *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ dual-core machines) and other potential thread-safety issues.
+ [Bodo Moeller]
+
+ *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+ versions), which is now available for royalty-free use
+ (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+ Also, add Camellia TLS ciphersuites from RFC 4132.
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, Camellia remains excluded from compilation unless OpenSSL
+ is configured with 'enable-camellia'.
+ [NTT]
+
+ *) Disable the padding bug check when compression is in use. The padding
+ bug check assumes the first packet is of even length, this is not
+ necessarily true if compresssion is enabled and can result in false
+ positives causing handshake failure. The actual bug test is ancient
+ code so it is hoped that implementations will either have fixed it by
+ now or any which still have the bug do not support compression.
+ [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b [04 May 2006]
+
+ *) When applying a cipher rule check to see if string match is an explicit
+ cipher suite and only match that one cipher suite if it is.
+ [Steve Henson]
+
+ *) Link in manifests for VC++ if needed.
+ [Austin Ziegler <halostatue at gmail.com>]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-12.txt with proposed changes (but without
+ TLS extensions, which are supported starting with the 0.9.9
+ branch, not in the OpenSSL 0.9.8 branch).
+ [Douglas Stebila]
+
+ *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+ opaque EVP_CIPHER_CTX handling.
+ [Steve Henson]
+
+ *) Fixes and enhancements to zlib compression code. We now only use
+ "zlib1.dll" and use the default __cdecl calling convention on Win32
+ to conform with the standards mentioned here:
+ http://www.zlib.net/DLL_FAQ.txt
+ Static zlib linking now works on Windows and the new --with-zlib-include
+ --with-zlib-lib options to Configure can be used to supply the location
+ of the headers and library. Gracefully handle case where zlib library
+ can't be loaded.
+ [Steve Henson]
+
+ *) Several fixes and enhancements to the OID generation code. The old code
+ sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+ handle numbers larger than ULONG_MAX, truncated printing and had a
+ non standard OBJ_obj2txt() behaviour.
+ [Steve Henson]
+
+ *) Add support for building of engines under engine/ as shared libraries
+ under VC++ build system.
+ [Steve Henson]
+
+ *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+ Hopefully, we will not see any false combination of paths any more.
+ [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Add two function to clear and return the verify parameter flags.
+ [Steve Henson]
+
+ *) Keep cipherlists sorted in the source instead of sorting them at
+ runtime, thus removing the need for a lock.
+ [Nils Larsch]
+
+ *) Avoid some small subgroup attacks in Diffie-Hellman.
+ [Nick Mathewson and Ben Laurie]
+
+ *) Add functions for well-known primes.
+ [Nick Mathewson]
+
+ *) Extended Windows CE support.
+ [Satoshi Nakamura and Andy Polyakov]
+
+ *) Initialize SSL_METHOD structures at compile time instead of during
+ runtime, thus removing the need for a lock.
+ [Steve Henson]
+
+ *) Make PKCS7_decrypt() work even if no certificate is supplied by
+ attempting to decrypt each encrypted key in turn. Add support to
+ smime utility.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
+
+ [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
+ *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+ [Richard Levitte]
+
+ *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+ key into the same file any more.
+ [Richard Levitte]
+
+ *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+ [Andy Polyakov]
+
+ *) Add -utf8 command line and config file option to 'ca'.
+ [Stefan <stf at udoma.org]
+
+ *) Removed the macro des_crypt(), as it seems to conflict with some
+ libraries. Use DES_crypt().
+ [Richard Levitte]
+
+ *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+ involves renaming the source and generated shared-libs for
+ both. The engines will accept the corrected or legacy ids
+ ('ncipher' and '4758_cca' respectively) when binding. NB,
+ this only applies when building 'shared'.
+ [Corinna Vinschen <vinschen at redhat.com> and Geoff Thorpe]
+
+ *) Add attribute functions to EVP_PKEY structure. Modify
+ PKCS12_create() to recognize a CSP name attribute and
+ use it. Make -CSP option work again in pkcs12 utility.
+ [Steve Henson]
+
+ *) Add new functionality to the bn blinding code:
+ - automatic re-creation of the BN_BLINDING parameters after
+ a fixed number of uses (currently 32)
+ - add new function for parameter creation
+ - introduce flags to control the update behaviour of the
+ BN_BLINDING parameters
+ - hide BN_BLINDING structure
+ Add a second BN_BLINDING slot to the RSA structure to improve
+ performance when a single RSA object is shared among several
+ threads.
+ [Nils Larsch]
+
+ *) Add support for DTLS.
+ [Nagendra Modadugu <nagendra at cs.stanford.edu> and Ben Laurie]
+
+ *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+ to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+ [Walter Goulet]
+
+ *) Remove buggy and incompletet DH cert support from
+ ssl/ssl_rsa.c and ssl/s3_both.c
+ [Nils Larsch]
+
+ *) Use SHA-1 instead of MD5 as the default digest algorithm for
+ the apps/openssl applications.
+ [Nils Larsch]
+
+ *) Compile clean with "-Wall -Wmissing-prototypes
+ -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+ DEBUG_SAFESTACK must also be set.
+ [Ben Laurie]
+
+ *) Change ./Configure so that certain algorithms can be disabled by default.
+ The new counterpiece to "no-xxx" is "enable-xxx".
+
+ The patented RC5 and MDC2 algorithms will now be disabled unless
+ "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+ (IDEA remains enabled despite being patented. This is because IDEA
+ is frequently required for interoperability, and there is no license
+ fee for non-commercial use. As before, "no-idea" can be used to
+ avoid this algorithm.)
+
+ [Bodo Moeller]
+
+ *) Add processing of proxy certificates (see RFC 3820). This work was
+ sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+ EGEE (Enabling Grids for E-science in Europe).
+ [Richard Levitte]
+
+ *) RC4 performance overhaul on modern architectures/implementations, such
+ as Intel P4, IA-64 and AMD64.
+ [Andy Polyakov]
+
+ *) New utility extract-section.pl. This can be used specify an alternative
+ section number in a pod file instead of having to treat each file as
+ a separate case in Makefile. This can be done by adding two lines to the
+ pod file:
+
+ =for comment openssl_section:XXX
+
+ The blank line is mandatory.
+
+ [Steve Henson]
+
+ *) New arguments -certform, -keyform and -pass for s_client and s_server
+ to allow alternative format key and certificate files and passphrase
+ sources.
+ [Steve Henson]
+
+ *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+ update associated structures and add various utility functions.
+
+ Add new policy related verify parameters, include policy checking in
+ standard verify code. Enhance 'smime' application with extra parameters
+ to support policy checking and print out.
+ [Steve Henson]
+
+ *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+ Nehemiah processors. These extensions support AES encryption in hardware
+ as well as RNG (though RNG support is currently disabled).
+ [Michal Ludvig <michal at logix.cz>, with help from Andy Polyakov]
+
+ *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+ [Geoff Thorpe]
+
+ *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+ [Andy Polyakov and a number of other people]
+
+ *) Improved PowerPC platform support. Most notably BIGNUM assembler
+ implementation contributed by IBM.
+ [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+ *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+ exponent rather than 'unsigned long'. There is a corresponding change to
+ the new 'rsa_keygen' element of the RSA_METHOD structure.
+ [Jelte Jansen, Geoff Thorpe]
+
+ *) Functionality for creating the initial serial number file is now
+ moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+ (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+ number file to 1, which is bound to cause problems. To avoid
+ the problems while respecting compatibility between different 0.9.7
+ patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
+ CA.pl for serial number initialization. With the new release 0.9.8,
+ we can fix the problem directly in the 'ca' utility.)
+ [Steve Henson]
+
+ *) Reduced header interdepencies by declaring more opaque objects in
+ ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+ give fewer recursive includes, which could break lazy source code - so
+ this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+ developers should define this symbol when building and using openssl to
+ ensure they track the recommended behaviour, interfaces, [etc], but
+ backwards-compatible behaviour prevails when this isn't defined.
+ [Geoff Thorpe]
+
+ *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+ [Steve Henson]
+
+ *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+ This will generate a random key of the appropriate length based on the
+ cipher context. The EVP_CIPHER can provide its own random key generation
+ routine to support keys of a specific form. This is used in the des and
+ 3des routines to generate a key of the correct parity. Update S/MIME
+ code to use new functions and hence generate correct parity DES keys.
+ Add EVP_CHECK_DES_KEY #define to return an error if the key is not
+ valid (weak or incorrect parity).
+ [Steve Henson]
+
+ *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+ as looking them up. This is useful when the verified structure may contain
+ CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+ present unless the new PKCS7_NO_CRL flag is asserted.
+ [Steve Henson]
+
+ *) Extend ASN1 oid configuration module. It now additionally accepts the
+ syntax:
+
+ shortName = some long name, 1.2.3.4
+ [Steve Henson]
+
+ *) Reimplemented the BN_CTX implementation. There is now no more static
+ limitation on the number of variables it can handle nor the depth of the
+ "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+ information can now expand as required, and rather than having a single
+ static array of bignums, BN_CTX now uses a linked-list of such arrays
+ allowing it to expand on demand whilst maintaining the usefulness of
+ BN_CTX's "bundling".
+ [Geoff Thorpe]
+
+ *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+ to allow all RSA operations to function using a single BN_CTX.
+ [Geoff Thorpe]
+
+ *) Preliminary support for certificate policy evaluation and checking. This
+ is initially intended to pass the tests outlined in "Conformance Testing
+ of Relying Party Client Certificate Path Processing Logic" v1.07.
+ [Steve Henson]
+
+ *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+ remained unused and not that useful. A variety of other little bignum
+ tweaks and fixes have also been made continuing on from the audit (see
+ below).
+ [Geoff Thorpe]
+
+ *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+ associated ASN1, EVP and SSL functions and old ASN1 macros.
+ [Richard Levitte]
+
+ *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+ and this should never fail. So the return value from the use of
+ BN_set_word() (which can fail due to needless expansion) is now deprecated;
+ if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+ [Geoff Thorpe]
+
+ *) BN_CTX_get() should return zero-valued bignums, providing the same
+ initialised value as BN_new().
+ [Geoff Thorpe, suggested by Ulf M\xF6ller]
+
+ *) Support for inhibitAnyPolicy certificate extension.
+ [Steve Henson]
+
+ *) An audit of the BIGNUM code is underway, for which debugging code is
+ enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+ is considered valid when processing BIGNUMs, and causes execution to
+ assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+ further steps are taken to deliberately pollute unused data in BIGNUM
+ structures to try and expose faulty code further on. For now, openssl will
+ (in its default mode of operation) continue to tolerate the inconsistent
+ forms that it has tolerated in the past, but authors and packagers should
+ consider trying openssl and their own applications when compiled with
+ these debugging symbols defined. It will help highlight potential bugs in
+ their own code, and will improve the test coverage for OpenSSL itself. At
+ some point, these tighter rules will become openssl's default to improve
+ maintainability, though the assert()s and other overheads will remain only
+ in debugging configurations. See bn.h for more details.
+ [Geoff Thorpe, Nils Larsch, Ulf M\xF6ller]
+
+ *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+ that can only be obtained through BN_CTX_new() (which implicitly
+ initialises it). The presence of this function only made it possible
+ to overwrite an existing structure (and cause memory leaks).
+ [Geoff Thorpe]
+
+ *) Because of the callback-based approach for implementing LHASH as a
+ template type, lh_insert() adds opaque objects to hash-tables and
+ lh_doall() or lh_doall_arg() are typically used with a destructor callback
+ to clean up those corresponding objects before destroying the hash table
+ (and losing the object pointers). So some over-zealous constifications in
+ LHASH have been relaxed so that lh_insert() does not take (nor store) the
+ objects as "const" and the lh_doall[_arg] callback wrappers are not
+ prototyped to have "const" restrictions on the object pointers they are
+ given (and so aren't required to cast them away any more).
+ [Geoff Thorpe]
+
+ *) The tmdiff.h API was so ugly and minimal that our own timing utility
+ (speed) prefers to use its own implementation. The two implementations
+ haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+ its object type properly exposed (MS_TM) instead of casting to/from "char
+ *". This may still change yet if someone realises MS_TM and "ms_time_***"
+ aren't necessarily the greatest nomenclatures - but this is what was used
+ internally to the implementation so I've used that for now.
+ [Geoff Thorpe]
+
+ *) Ensure that deprecated functions do not get compiled when
+ OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+ the self-tests were still using deprecated key-generation functions so
+ these have been updated also.
+ [Geoff Thorpe]
+
+ *) Reorganise PKCS#7 code to separate the digest location functionality
+ into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
+ New function PKCS7_set_digest() to set the digest type for PKCS#7
+ digestedData type. Add additional code to correctly generate the
+ digestedData type and add support for this type in PKCS7 initialization
+ functions.
+ [Steve Henson]
+
+ *) New function PKCS7_set0_type_other() this initializes a PKCS7
+ structure of type "other".
+ [Steve Henson]
+
+ *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+ sure the loop does correctly stop and breaking ("division by zero")
+ modulus operations are not performed. The (pre-generated) prime
+ table crypto/bn/bn_prime.h was already correct, but it could not be
+ re-generated on some platforms because of the "division by zero"
+ situation in the script.
+ [Ralf S. Engelschall]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+ SHA-1 now is only used for "small" curves (where the
+ representation of a field element takes up to 24 bytes); for
+ larger curves, the field element resulting from ECDH is directly
+ used as premaster secret.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+ curve secp160r1 to the tests.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add the possibility to load symbols globally with DSO.
+ [G\xF6tz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
+
+ *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+ control of the error stack.
+ [Richard Levitte]
+
+ *) Add support for STORE in ENGINE.
+ [Richard Levitte]
+
+ *) Add the STORE type. The intention is to provide a common interface
+ to certificate and key stores, be they simple file-based stores, or
+ HSM-type store, or LDAP stores, or...
+ NOTE: The code is currently UNTESTED and isn't really used anywhere.
+ [Richard Levitte]
+
+ *) Add a generic structure called OPENSSL_ITEM. This can be used to
+ pass a list of arguments to any function as well as provide a way
+ for a function to pass data back to the caller.
+ [Richard Levitte]
+
+ *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
+ works like BUF_strdup() but can be used to duplicate a portion of
+ a string. The copy gets NUL-terminated. BUF_memdup() duplicates
+ a memory area.
+ [Richard Levitte]
+
+ *) Add the function sk_find_ex() which works like sk_find(), but will
+ return an index to an element even if an exact match couldn't be
+ found. The index is guaranteed to point at the element where the
+ searched-for key would be inserted to preserve sorting order.
+ [Richard Levitte]
+
+ *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+ takes an extra flags argument for optional functionality. Currently,
+ the following flags are defined:
+
+ OBJ_BSEARCH_VALUE_ON_NOMATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns a negative or zero
+ number.
+
+ OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns zero. This is useful
+ if there are more than one element where the comparing function
+ returns zero.
+ [Richard Levitte]
+
+ *) Make it possible to create self-signed certificates with 'openssl ca'
+ in such a way that the self-signed certificate becomes part of the
+ CA database and uses the same mechanisms for serial number generation
+ as all other certificate signing. The new flag '-selfsign' enables
+ this functionality. Adapt CA.sh and CA.pl.in.
+ [Richard Levitte]
+
+ *) Add functionality to check the public key of a certificate request
+ against a given private. This is useful to check that a certificate
+ request can be signed by that key (self-signing).
+ [Richard Levitte]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) Generate muti valued AVAs using '+' notation in config files for
+ req and dirName.
+ [Steve Henson]
+
+ *) Support for nameConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyMappings certificate extension.
+ [Steve Henson]
+
+ *) Make sure the default DSA_METHOD implementation only uses its
+ dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+ and change its own handlers to be NULL so as to remove unnecessary
+ indirection. This lets alternative implementations fallback to the
+ default implementation more easily.
+ [Geoff Thorpe]
+
+ *) Support for directoryName in GeneralName related extensions
+ in config files.
+ [Steve Henson]
+
+ *) Make it possible to link applications using Makefile.shared.
+ Make that possible even when linking against static libraries!
+ [Richard Levitte]
+
+ *) Support for single pass processing for S/MIME signing. This now
+ means that S/MIME signing can be done from a pipe, in addition
+ cleartext signing (multipart/signed type) is effectively streaming
+ and the signed data does not need to be all held in memory.
+
+ This is done with a new flag PKCS7_STREAM. When this flag is set
+ PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+ is done after the data is output (and digests calculated) in
+ SMIME_write_PKCS7().
+ [Steve Henson]
+
+ *) Add full support for -rpath/-R, both in shared libraries and
+ applications, at least on the platforms where it's known how
+ to do it.
+ [Richard Levitte]
+
+ *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+ precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+ will now compute a table of multiples of the generator that
+ makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+ faster (notably in the case of a single point multiplication,
+ scalar * generator).
+ [Nils Larsch, Bodo Moeller]
+
+ *) IPv6 support for certificate extensions. The various extensions
+ which use the IP:a.b.c.d can now take IPv6 addresses using the
+ formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+ correctly.
+ [Steve Henson]
+
+ *) Added an ENGINE that implements RSA by performing private key
+ exponentiations with the GMP library. The conversions to and from
+ GMP's mpz_t format aren't optimised nor are any montgomery forms
+ cached, and on x86 it appears OpenSSL's own performance has caught up.
+ However there are likely to be other architectures where GMP could
+ provide a boost. This ENGINE is not built in by default, but it can be
+ specified at Configure time and should be accompanied by the necessary
+ linker additions, eg;
+ ./config -DOPENSSL_USE_GMP -lgmp
+ [Geoff Thorpe]
+
+ *) "openssl engine" will not display ENGINE/DSO load failure errors when
+ testing availability of engines with "-t" - the old behaviour is
+ produced by increasing the feature's verbosity with "-tt".
+ [Geoff Thorpe]
+
+ *) ECDSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Nils Larsch <nla at trustcenter.de>
+ via PR#459)
+ [Lutz Jaenicke]
+
+ *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+ and DH_METHOD (eg. by ENGINE implementations) to override the normal
+ software implementations. For DSA and DH, parameter generation can
+ also be overriden by providing the appropriate method callbacks.
+ [Geoff Thorpe]
+
+ *) Change the "progress" mechanism used in key-generation and
+ primality testing to functions that take a new BN_GENCB pointer in
+ place of callback/argument pairs. The new API functions have "_ex"
+ postfixes and the older functions are reimplemented as wrappers for
+ the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+ declarations of the old functions to help (graceful) attempts to
+ migrate to the new functions. Also, the new key-generation API
+ functions operate on a caller-supplied key-structure and return
+ success/failure rather than returning a key or NULL - this is to
+ help make "keygen" another member function of RSA_METHOD etc.
+
+ Example for using the new callback interface:
+
+ int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+ void *my_arg = ...;
+ BN_GENCB my_cb;
+
+ BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+ return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+ /* For the meaning of a, b in calls to my_callback(), see the
+ * documentation of the function that calls the callback.
+ * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+ * my_callback should return 1 if it wants BN_is_prime_ex()
+ * to continue, or 0 to stop.
+ */
+
+ [Geoff Thorpe]
+
+ *) Change the ZLIB compression method to be stateful, and make it
+ available to TLS with the number defined in
+ draft-ietf-tls-compression-04.txt.
+ [Richard Levitte]
+
+ *) Add the ASN.1 structures and functions for CertificatePair, which
+ is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+ CertificatePair ::= SEQUENCE {
+ forward [0] Certificate OPTIONAL,
+ reverse [1] Certificate OPTIONAL,
+ -- at least one of the pair shall be present -- }
+
+ Also implement the PEM functions to read and write certificate
+ pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+ This needed to be defined, mostly for the sake of the LDAP
+ attribute crossCertificatePair, but may prove useful elsewhere as
+ well.
+ [Richard Levitte]
+
+ *) Make it possible to inhibit symlinking of shared libraries in
+ Makefile.shared, for Cygwin's sake.
+ [Richard Levitte]
+
+ *) Extend the BIGNUM API by creating a function
+ void BN_set_negative(BIGNUM *a, int neg);
+ and a macro that behave like
+ int BN_is_negative(const BIGNUM *a);
+
+ to avoid the need to access 'a->neg' directly in applications.
+ [Nils Larsch]
+
+ *) Implement fast modular reduction for pseudo-Mersenne primes
+ used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+ EC_GROUP_new_curve_GFp() will now automatically use this
+ if applicable.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add new lock type (CRYPTO_LOCK_BN).
+ [Bodo Moeller]
+
+ *) Change the ENGINE framework to automatically load engines
+ dynamically from specific directories unless they could be
+ found to already be built in or loaded. Move all the
+ current engines except for the cryptodev one to a new
+ directory engines/.
+ The engines in engines/ are built as shared libraries if
+ the "shared" options was given to ./Configure or ./config.
+ Otherwise, they are inserted in libcrypto.a.
+ /usr/local/ssl/engines is the default directory for dynamic
+ engines, but that can be overriden at configure time through
+ the usual use of --prefix and/or --openssldir, and at run
+ time with the environment variable OPENSSL_ENGINES.
+ [Geoff Thorpe and Richard Levitte]
+
+ *) Add Makefile.shared, a helper makefile to build shared
+ libraries. Addapt Makefile.org.
+ [Richard Levitte]
+
+ *) Add version info to Win32 DLLs.
+ [Peter 'Luna' Runestig" <peter at runestig.com>]
+
+ *) Add new 'medium level' PKCS#12 API. Certificates and keys
+ can be added using this API to created arbitrary PKCS#12
+ files while avoiding the low level API.
+
+ New options to PKCS12_create(), key or cert can be NULL and
+ will then be omitted from the output file. The encryption
+ algorithm NIDs can be set to -1 for no encryption, the mac
+ iteration count can be set to 0 to omit the mac.
+
+ Enhance pkcs12 utility by making the -nokeys and -nocerts
+ options work when creating a PKCS#12 file. New option -nomac
+ to omit the mac, NONE can be set for an encryption algorithm.
+ New code is modified to use the enhanced PKCS12_create()
+ instead of the low level API.
+ [Steve Henson]
+
+ *) Extend ASN1 encoder to support indefinite length constructed
+ encoding. This can output sequences tags and octet strings in
+ this form. Modify pk7_asn1.c to support indefinite length
+ encoding. This is experimental and needs additional code to
+ be useful, such as an ASN1 bio and some enhanced streaming
+ PKCS#7 code.
+
+ Extend template encode functionality so that tagging is passed
+ down to the template encoder.
+ [Steve Henson]
+
+ *) Let 'openssl req' fail if an argument to '-newkey' is not
+ recognized instead of using RSA as a default.
+ [Bodo Moeller]
+
+ *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+ As these are not official, they are not included in "ALL";
+ the "ECCdraft" ciphersuite group alias can be used to select them.
+ [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+ *) Add ECDH engine support.
+ [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add ECDH in new directory crypto/ecdh/.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Let BN_rand_range() abort with an error after 100 iterations
+ without success (which indicates a broken PRNG).
+ [Bodo Moeller]
+
+ *) Change BN_mod_sqrt() so that it verifies that the input value
+ is really the square of the return value. (Previously,
+ BN_mod_sqrt would show GIGO behaviour.)
+ [Bodo Moeller]
+
+ *) Add named elliptic curves over binary fields from X9.62, SECG,
+ and WAP/WTLS; add OIDs that were still missing.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Extend the EC library for elliptic curves over binary fields
+ (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+ New EC_METHOD:
+
+ EC_GF2m_simple_method
+
+ New API functions:
+
+ EC_GROUP_new_curve_GF2m
+ EC_GROUP_set_curve_GF2m
+ EC_GROUP_get_curve_GF2m
+ EC_POINT_set_affine_coordinates_GF2m
+ EC_POINT_get_affine_coordinates_GF2m
+ EC_POINT_set_compressed_coordinates_GF2m
+
+ Point compression for binary fields is disabled by default for
+ patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+ enable it).
+
+ As binary polynomials are represented as BIGNUMs, various members
+ of the EC_GROUP and EC_POINT data structures can be shared
+ between the implementations for prime fields and binary fields;
+ the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+ are essentially identical to their ..._GFp counterparts.
+ (For simplicity, the '..._GFp' prefix has been dropped from
+ various internal method names.)
+
+ An internal 'field_div' method (similar to 'field_mul' and
+ 'field_sqr') has been added; this is used only for binary fields.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+ through methods ('mul', 'precompute_mult').
+
+ The generic implementations (now internally called 'ec_wNAF_mul'
+ and 'ec_wNAF_precomputed_mult') remain the default if these
+ methods are undefined.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New function EC_GROUP_get_degree, which is defined through
+ EC_METHOD. For curves over prime fields, this returns the bit
+ length of the modulus.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New functions EC_GROUP_dup, EC_POINT_dup.
+ (These simply call ..._new and ..._copy).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+ Polynomials are represented as BIGNUMs (where the sign bit is not
+ used) in the following functions [macros]:
+
+ BN_GF2m_add
+ BN_GF2m_sub [= BN_GF2m_add]
+ BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
+ BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
+ BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
+ BN_GF2m_mod_inv
+ BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
+ BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
+ BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
+ BN_GF2m_cmp [= BN_ucmp]
+
+ (Note that only the 'mod' functions are actually for fields GF(2^m).
+ BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+ For some functions, an the irreducible polynomial defining a
+ field can be given as an 'unsigned int[]' with strictly
+ decreasing elements giving the indices of those bits that are set;
+ i.e., p[] represents the polynomial
+ f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ where
+ p[0] > p[1] > ... > p[k] = 0.
+ This applies to the following functions:
+
+ BN_GF2m_mod_arr
+ BN_GF2m_mod_mul_arr
+ BN_GF2m_mod_sqr_arr
+ BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
+ BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
+ BN_GF2m_mod_exp_arr
+ BN_GF2m_mod_sqrt_arr
+ BN_GF2m_mod_solve_quad_arr
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ Conversion can be performed by the following functions:
+
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ bntest.c has additional tests for binary polynomial arithmetic.
+
+ Two implementations for BN_GF2m_mod_div() are available.
+ The default algorithm simply uses BN_GF2m_mod_inv() and
+ BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
+ if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+ copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add new error code 'ERR_R_DISABLED' that can be used when some
+ functionality is disabled at compile-time.
+ [Douglas Stebila <douglas.stebila at sun.com>]
+
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+ functions
+ EC_GROUP_set_asn1_flag()
+ EC_GROUP_get_asn1_flag()
+ EC_GROUP_set_point_conversion_form()
+ EC_GROUP_get_point_conversion_form()
+ These control ASN1 encoding details:
+ - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+ has been set to OPENSSL_EC_NAMED_CURVE.
+ - Points are encoded in uncompressed form by default; options for
+ asn1_for are as for point2oct, namely
+ POINT_CONVERSION_COMPRESSED
+ POINT_CONVERSION_UNCOMPRESSED
+ POINT_CONVERSION_HYBRID
+
+ Also add 'seed' and 'seed_len' members to EC_GROUP with access
+ functions
+ EC_GROUP_set_seed()
+ EC_GROUP_get0_seed()
+ EC_GROUP_get_seed_len()
+ This is used only for ASN1 purposes (so far).
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add 'field_type' member to EC_METHOD, which holds the NID
+ of the appropriate field type OID. The new function
+ EC_METHOD_get_field_type() returns this value.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add functions
+ EC_POINT_point2bn()
+ EC_POINT_bn2point()
+ EC_POINT_point2hex()
+ EC_POINT_hex2point()
+ providing useful interfaces to EC_POINT_point2oct() and
+ EC_POINT_oct2point().
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Change internals of the EC library so that the functions
+ EC_GROUP_set_generator()
+ EC_GROUP_get_generator()
+ EC_GROUP_get_order()
+ EC_GROUP_get_cofactor()
+ are implemented directly in crypto/ec/ec_lib.c and not dispatched
+ to methods, which would lead to unnecessary code duplication when
+ adding different types of curves.
+ [Nils Larsch <nla at trustcenter.de> with input by Bodo Moeller]
+
+ *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+ arithmetic, and such that modified wNAFs are generated
+ (which avoid length expansion in many cases).
+ [Bodo Moeller]
+
+ *) Add a function EC_GROUP_check_discriminant() (defined via
+ EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+ Add a function EC_GROUP_check() that makes some sanity tests
+ on a EC_GROUP, its generator and order. This includes
+ EC_GROUP_check_discriminant().
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add ECDSA in new directory crypto/ecdsa/.
+
+ Add applications 'openssl ecparam' and 'openssl ecdsa'
+ (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+ ECDSA support is also included in various other files across the
+ library. Most notably,
+ - 'openssl req' now has a '-newkey ecdsa:file' option;
+ - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+ - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+ d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+ them suitable for ECDSA where domain parameters must be
+ extracted before the specific public key;
+ - ECDSA engine support has been added.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Include some named elliptic curves, and add OIDs from X9.62,
+ SECG, and WAP/WTLS. Each curve can be obtained from the new
+ function
+ EC_GROUP_new_by_curve_name(),
+ and the list of available named curves can be obtained with
+ EC_get_builtin_curves().
+ Also add a 'curve_name' member to EC_GROUP objects, which can be
+ accessed via
+ EC_GROUP_set_curve_name()
+ EC_GROUP_get_curve_name()
+ [Nils Larsch <larsch at trustcenter.de, Bodo Moeller]
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+
+ Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
+
+ *) Cleanse PEM buffers before freeing them since they may contain
+ sensitive data.
+ [Benjamin Bennett <ben at psc.edu>]
+
+ *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+ a ciphersuite string such as "DEFAULT:RSA" cannot enable
+ authentication-only ciphersuites.
+ [Bodo Moeller]
+
+ *) Since AES128 and AES256 share a single mask bit in the logic of
+ ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+ kludge to work properly if AES128 is available and AES256 isn't.
+ [Victor Duchovni]
+
+ *) Expand security boundary to match 1.1.1 module.
+ [Steve Henson]
+
+ *) Remove redundant features: hash file source, editing of test vectors
+ modify fipsld to use external fips_premain.c signature.
+ [Steve Henson]
+
+ *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+ run algorithm test programs.
+ [Steve Henson]
+
+ *) Make algorithm test programs more tolerant of whitespace.
+ [Steve Henson]
+
+ *) Have SSL/TLS server implementation tolerate "mismatched" record
+ protocol version while receiving ClientHello even if the
+ ClientHello is fragmented. (The server can't insist on the
+ particular protocol version it has chosen before the ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
+ *) Load error codes if they are not already present instead of using a
+ static variable. This allows them to be cleanly unloaded and reloaded.
+ [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
+
+ *) Introduce limits to prevent malicious keys being able to
+ cause a denial of service. (CVE-2006-2940)
+ [Steve Henson, Bodo Moeller]
+
+ *) Fix ASN.1 parsing of certain invalid structures that can result
+ in a denial of service. (CVE-2006-2937) [Steve Henson]
+
+ *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+ (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Fix SSL client code which could crash if connecting to a
+ malicious SSLv2 server. (CVE-2006-4343)
+ [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Change ciphersuite string processing so that an explicit
+ ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+ will no longer include "AES128-SHA"), and any other similar
+ ciphersuite (same bitmap) from *other* protocol versions (so that
+ "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+ SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
+ changes from 0.9.8b and 0.9.8d.
+ [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
+
+ *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+ (CVE-2006-4339) [Ben Laurie and Google Security Team]
+
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable rogue ciphersuites:
+
+ - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+ - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+ - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+ The latter two were purportedly from
+ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+ appear there.
+
+ Also deactive the remaining ciphersuites from
+ draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
+ unofficial, and the ID has long expired.
+ [Bodo Moeller]
+
+ *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ dual-core machines) and other potential thread-safety issues.
+ [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j [04 May 2006]
+
+ *) Adapt fipsld and the build system to link against the validated FIPS
+ module in FIPS mode.
+ [Steve Henson]
+
+ *) Fixes for VC++ 2005 build under Windows.
+ [Steve Henson]
+
+ *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
+ from a Windows bash shell such as MSYS. It is autodetected from the
+ "config" script when run from a VC++ environment. Modify standard VC++
+ build to use fipscanister.o from the GNU make build.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
+
+ *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+ The value now differs depending on if you build for FIPS or not.
+ BEWARE! A program linked with a shared FIPSed libcrypto can't be
+ safely run with a non-FIPSed libcrypto, as it may crash because of
+ the difference induced by this change.
+ [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Minimal support for X9.31 signatures and PSS padding modes. This is
+ mainly for FIPS compliance and not fully integrated at this stage.
+ [Steve Henson]
+
+ *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+ the exponentiation using a fixed-length exponent. (Otherwise,
+ the information leaked through timing could expose the secret key
+ after many signatures; cf. Bleichenbacher's attack on DSA with
+ biased k.)
+ [Bodo Moeller]
+
+ *) Make a new fixed-window mod_exp implementation the default for
+ RSA, DSA, and DH private-key operations so that the sequence of
+ squares and multiplies and the memory access pattern are
+ independent of the particular secret key. This will mitigate
+ cache-timing and potential related attacks.
+
+ BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+ and this is automatically used by BN_mod_exp_mont() if the new flag
+ BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
+ will use this BN flag for private exponents unless the flag
+ RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+ DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+ [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+ *) Change the client implementation for SSLv23_method() and
+ SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+ Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+ (Previously, the SSL 2.0 backwards compatible Client Hello
+ message format would be used even with SSL_OP_NO_SSLv2.)
+ [Bodo Moeller]
+
+ *) Add support for smime-type MIME parameter in S/MIME messages which some
+ clients need.
+ [Steve Henson]
+
+ *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+ a threadsafe manner. Modify rsa code to use new function and add calls
+ to dsa and dh code (which had race conditions before).
+ [Steve Henson]
+
+ *) Include the fixed error library code in the C error file definitions
+ instead of fixing them up at runtime. This keeps the error code
+ structures constant.
+ [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
+
+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
+ *) Fixes for newer kerberos headers. NB: the casts are needed because
+ the 'length' field is signed on one version and unsigned on another
+ with no (?) obvious way to tell the difference, without these VC++
+ complains. Also the "definition" of FAR (blank) is no longer included
+ nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+ some needed definitions.
+ [Steve Henson]
+
+ *) Undo Cygwin change.
+ [Ulf M\xF6ller]
+
+ *) Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
+
+ *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+ server and client random values. Previously
+ (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+ less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+ This change has negligible security impact because:
+
+ 1. Server and client random values still have 24 bytes of pseudo random
+ data.
+
+ 2. Server and client random values are sent in the clear in the initial
+ handshake.
+
+ 3. The master secret is derived using the premaster secret (48 bytes in
+ size for static RSA ciphersuites) as well as client server and random
+ values.
+
+ The OpenSSL team would like to thank the UK NISCC for bringing this issue
+ to our attention.
+
+ [Stephen Henson, reported by UK NISCC]
+
+ *) Use Windows randomness collection on Cygwin.
+ [Ulf M\xF6ller]
+
+ *) Fix hang in EGD/PRNGD query when communication socket is closed
+ prematurely by EGD/PRNGD.
+ [Darren Tucker <dtucker at zip.com.au> via Lutz J\xE4nicke, resolves #1014]
+
+ *) Prompt for pass phrases when appropriate for PKCS12 input format.
+ [Steve Henson]
+
+ *) Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ [Andy Polyakov]
+
+ *) Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ [Nauticus Networks SSL Team <openssl at nauticusnet.com>, Steve Henson]
+
+ *) Add new -passin argument to dgst.
+ [Steve Henson]
+
+ *) Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ [Steve Henson]
+
+ *) Make an explicit check during certificate validation to see that
+ the CA setting in each certificate on the chain is correct. As a
+ side effect always do the following basic checks on extensions,
+ not just when there's an associated purpose to the check:
+
+ - if there is an unhandled critical extension (unless the user
+ has chosen to ignore this fault)
+ - if the path length has been exceeded (if one is set at all)
+ - that certain extensions fit the associated purpose (if one has
+ been given)
+ [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
+
+ *) Avoid a race condition when CRLs are checked in a multi threaded
+ environment. This would happen due to the reordering of the revoked
+ entries during signature checking and serial number lookup. Now the
+ encoding is cached and the serial number sort performed under a lock.
+ Add new STACK function sk_is_sorted().
+ [Steve Henson]
+
+ *) Add Delta CRL to the extension code.
+ [Steve Henson]
+
+ *) Various fixes to s3_pkt.c so alerts are sent properly.
+ [David Holmes <d.holmes at f5.com>]
+
+ *) Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation utilities.
+ This is done by creating a random 64 bit value for the initial serial
+ number when a serial number file is created or when a self signed
+ certificate is created using 'openssl req -x509'. The initial serial
+ number file is created using 'openssl x509 -next_serial' in CA.pl
+ rather than being initialized to 1.
+ [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+ (CVE-2004-0112)
+ [Joe Orton, Steve Henson]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) X509 verify fixes. Disable broken certificate workarounds when
+ X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+ keyUsage extension present. Don't accept CRLs with unhandled critical
+ extensions: since verify currently doesn't process CRL extensions this
+ rejects a CRL with *any* critical extensions. Add new verify error codes
+ for these cases.
+ [Steve Henson]
+
+ *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+ A clarification of RFC2560 will require the use of OCTET STRINGs and
+ some implementations cannot handle the current raw format. Since OpenSSL
+ copies and compares OCSP nonces as opaque blobs without any attempt at
+ parsing them this should not create any compatibility issues.
+ [Steve Henson]
+
+ *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+ calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+ this HMAC (and other) operations are several times slower than OpenSSL
+ < 0.9.7.
+ [Steve Henson]
+
+ *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+ [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+ *) Use the correct content when signing type "other".
+ [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+ Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
+ *) New -ignore_err option in ocsp application to stop the server
+ exiting on the first error in a request.
+ [Steve Henson]
+
+ *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ [Steve Henson]
+
+ *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+ extra data after the compression methods not only for TLS 1.0
+ but also for SSL 3.0 (as required by the specification).
+ [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+ *) Change X509_certificate_type() to mark the key as exported/exportable
+ when it's 512 *bits* long, not 512 bytes.
+ [Richard Levitte]
+
+ *) Change AES_cbc_encrypt() so it outputs exact multiple of
+ blocks during encryption.
+ [Richard Levitte]
+
+ *) Various fixes to base64 BIO and non blocking I/O. On write
+ flushes were not handled properly if the BIO retried. On read
+ data was not being buffered properly and had various logic bugs.
+ This also affects blocking I/O when the data being decoded is a
+ certain size.
+ [Steve Henson]
+
+ *) Various S/MIME bugfixes and compatibility changes:
+ output correct application/pkcs7 MIME type if
+ PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+ Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+ of files as .eml work). Correctly handle very long lines in MIME
+ parser.
+ [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
+
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
+ *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+ ENGINE as defaults for all supported algorithms irrespective of
+ the 'flags' parameter. 'flags' is now honoured, so applications
+ should make sure they are passing it correctly.
+ [Geoff Thorpe]
+
+ *) Target "mingw" now allows native Windows code to be generated in
+ the Cygwin environment as well as with the MinGW compiler.
+ [Ulf Moeller]
+
+ Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CVE-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ *) Make the no-err option work as intended. The intention with no-err
+ is not to have the whole error stack handling routines removed from
+ libcrypto, it's only intended to remove all the function name and
+ reason texts, thereby removing some of the footprint that may not
+ be interesting if those errors aren't displayed anyway.
+
+ NOTE: it's still possible for any application or module to have it's
+ own set of error texts inserted. The routines are there, just not
+ used by default when no-err is given.
+ [Richard Levitte]
+
+ *) Add support for FreeBSD on IA64.
+ [dirk.meyer at dinoex.sub.org via Richard Levitte, resolves #454]
+
+ *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+ Kerberos function mit_des_cbc_cksum(). Before this change,
+ the value returned by DES_cbc_cksum() was like the one from
+ mit_des_cbc_cksum(), except the bytes were swapped.
+ [Kevin Greaney <Kevin.Greaney at hp.com> and Richard Levitte]
+
+ *) Allow an application to disable the automatic SSL chain building.
+ Before this a rather primitive chain build was always performed in
+ ssl3_output_cert_chain(): an application had no way to send the
+ correct chain if the automatic operation produced an incorrect result.
+
+ Now the chain builder is disabled if either:
+
+ 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+ 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+ The reasoning behind this is that an application would not want the
+ auto chain building to take place if extra chain certificates are
+ present and it might also want a means of sending no additional
+ certificates (for example the chain has two certificates and the
+ root is omitted).
+ [Steve Henson]
+
+ *) Add the possibility to build without the ENGINE framework.
+ [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+ *) Under Win32 gmtime() can return NULL: check return value in
+ OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+ [Steve Henson]
+
+ *) DSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Ivan D Nestlerode <nestler at MIT.EDU>,
+ Nils Larsch <nla at trustcenter.de> via PR#459)
+ [Lutz Jaenicke]
+
+ *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+ checked on reconnect on the client side, therefore session resumption
+ could still fail with a "ssl session id is different" error. This
+ behaviour is masked when SSL_OP_ALL is used due to
+ SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+ Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+ followup to PR #377.
+ [Lutz Jaenicke]
+
+ *) IA-32 assembler support enhancements: unified ELF targets, support
+ for SCO/Caldera platforms, fix for Cygwin shared build.
+ [Andy Polyakov]
+
+ *) Add support for FreeBSD on sparc64. As a consequence, support for
+ FreeBSD on non-x86 processors is separate from x86 processors on
+ the config script, much like the NetBSD support.
+ [Richard Levitte & Kris Kennaway <kris at obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
+
+ [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+ OpenSSL 0.9.7.]
+
+ *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+ code (06) was taken as the first octet of the session ID and the last
+ octet was ignored consequently. As a result SSLv2 client side session
+ caching could not have worked due to the session ID mismatch between
+ client and server.
+ Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+ PR #377.
+ [Lutz Jaenicke]
+
+ *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+ instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
+ removed entirely.
+ [Richard Levitte]
+
+ *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
+ seems that in spite of existing for more than a year, many application
+ author have done nothing to provide the necessary callbacks, which
+ means that this particular engine will not work properly anywhere.
+ This is a very unfortunate situation which forces us, in the name
+ of usability, to give the hw_ncipher.c a static lock, which is part
+ of libcrypto.
+ NOTE: This is for the 0.9.7 series ONLY. This hack will never
+ appear in 0.9.8 or later. We EXPECT application authors to have
+ dealt properly with this when 0.9.8 is released (unless we actually
+ make such changes in the libcrypto locking code that changes will
+ have to be made anyway).
+ [Richard Levitte]
+
+ *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+ octets have been read, EOF or an error occurs. Without this change
+ some truncated ASN1 structures will not produce an error.
+ [Steve Henson]
+
+ *) Disable Heimdal support, since it hasn't been fully implemented.
+ Still give the possibility to force the use of Heimdal, but with
+ warnings and a request that patches get sent to openssl-dev.
+ [Richard Levitte]
+
+ *) Add the VC-CE target, introduce the WINCE sysname, and add
+ INSTALL.WCE and appropriate conditionals to make it build.
+ [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+ *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+ cygssl-x.y.z.dll, where x, y and z are the major, minor and
+ edit numbers of the version.
+ [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+ *) Introduce safe string copy and catenation functions
+ (BUF_strlcpy() and BUF_strlcat()).
+ [Ben Laurie (CHATS) and Richard Levitte]
+
+ *) Avoid using fixed-size buffers for one-line DNs.
+ [Ben Laurie (CHATS)]
+
+ *) Add BUF_MEM_grow_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid using fixed size buffers for configuration file location.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation for various CA files.
+ [Ben Laurie (CHATS)]
+
+ *) Use sizeof in preference to magic numbers.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation in cert requests.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to check for (supposedly impossible) buffer
+ overflows.
+ [Ben Laurie (CHATS)]
+
+ *) Don't cache truncated DNS entries in the local cache (this could
+ potentially lead to a spoofing attack).
+ [Ben Laurie (CHATS)]
+
+ *) Fix various buffers to be large enough for hex/decimal
+ representations in a platform independent manner.
+ [Ben Laurie (CHATS)]
+
+ *) Add CRYPTO_realloc_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Add BIO_indent() to avoid much slightly worrying code to do
+ indents.
+ [Ben Laurie (CHATS)]
+
+ *) Convert sprintf()/BIO_puts() to BIO_printf().
+ [Ben Laurie (CHATS)]
+
+ *) buffer_gets() could terminate with the buffer only half
+ full. Fixed.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to prevent user-supplied crypto functions from
+ overflowing internal buffers by having large block sizes, etc.
+ [Ben Laurie (CHATS)]
+
+ *) New OPENSSL_assert() macro (similar to assert(), but enabled
+ unconditionally).
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused copy of key in RC4.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+ [Ben Laurie (CHATS)]
+
+ *) Fix off-by-one error in EGD path.
+ [Ben Laurie (CHATS)]
+
+ *) If RANDFILE path is too long, ignore instead of truncating.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized X.509 structure
+ CBCParameter.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous function knumber().
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous structure, KSSL_ERR.
+ [Ben Laurie (CHATS)]
+
+ *) Protect against overlong session ID context length in an encoded
+ session object. Since these are local, this does not appear to be
+ exploitable.
+ [Ben Laurie (CHATS)]
+
+ *) Change from security patch (see 0.9.6e below) that did not affect
+ the 0.9.6 release series:
+
+ Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CVE-2002-0657)
+ [Ben Laurie (CHATS)]
+
+ *) Change the SSL kerb5 codes to match RFC 2712.
+ [Richard Levitte]
+
+ *) Make -nameopt work fully for req and add -reqopt switch.
+ [Michael Bell <michael.bell at rz.hu-berlin.de>, Steve Henson]
+
+ *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+ [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve at opera.com>]
+
+ *) Make sure tests can be performed even if the corresponding algorithms
+ have been removed entirely. This was also the last step to make
+ OpenSSL compilable with DJGPP under all reasonable conditions.
+ [Richard Levitte, Doug Kaufman <dkaufman at rahul.net>]
+
+ *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+ to allow version independent disabling of normally unselected ciphers,
+ which may be activated as a side-effect of selecting a single cipher.
+
+ (E.g., cipher list string "RSA" enables ciphersuites that are left
+ out of "ALL" because they do not provide symmetric encryption.
+ "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Add appropriate support for separate platform-dependent build
+ directories. The recommended way to make a platform-dependent
+ build directory is the following (tested on Linux), maybe with
+ some local tweaks:
+
+ # Place yourself outside of the OpenSSL source tree. In
+ # this example, the environment variable OPENSSL_SOURCE
+ # is assumed to contain the absolute OpenSSL source directory.
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+ mkdir -p `dirname $F`
+ ln -s $OPENSSL_SOURCE/$F $F
+ done
+
+ To be absolutely sure not to disturb the source tree, a "make clean"
+ is a good thing. If it isn't successfull, don't worry about it,
+ it probably means the source directory is very clean.
+ [Richard Levitte]
+
+ *) Make sure any ENGINE control commands make local copies of string
+ pointers passed to them whenever necessary. Otherwise it is possible
+ the caller may have overwritten (or deallocated) the original string
+ data when a later ENGINE operation tries to use the stored values.
+ [G\xF6tz Babin-Ebell <babinebell at trustcenter.de>]
+
+ *) Improve diagnostics in file reading and command-line digests.
+ [Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
+
+ *) Add AES modes CFB and OFB to the object database. Correct an
+ error in AES-CFB decryption.
+ [Richard Levitte]
+
+ *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+ allows existing EVP_CIPHER_CTX structures to be reused after
+ calling EVP_*Final(). This behaviour is used by encryption
+ BIOs and some applications. This has the side effect that
+ applications must explicitly clean up cipher contexts with
+ EVP_CIPHER_CTX_cleanup() or they will leak memory.
+ [Steve Henson]
+
+ *) Check the values of dna and dnb in bn_mul_recursive before calling
+ bn_mul_comba (a non zero value means the a or b arrays do not contain
+ n2 elements) and fallback to bn_mul_normal if either is not zero.
+ [Steve Henson]
+
+ *) Fix escaping of non-ASCII characters when using the -subj option
+ of the "openssl req" command line tool. (Robert Joop <joop at fokus.gmd.de>)
+ [Lutz Jaenicke]
+
+ *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+ form for "surname", serialNumber has no short form.
+ Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+ therefore remove "mail" short name for "internet 7".
+ The OID for unique identifiers in X509 certificates is
+ x500UniqueIdentifier, not uniqueIdentifier.
+ Some more OID additions. (Michael Bell <michael.bell at rz.hu-berlin.de>)
+ [Lutz Jaenicke]
+
+ *) Add an "init" command to the ENGINE config module and auto initialize
+ ENGINEs. Without any "init" command the ENGINE will be initialized
+ after all ctrl commands have been executed on it. If init=1 the
+ ENGINE is initailized at that point (ctrls before that point are run
+ on the uninitialized ENGINE and after on the initialized one). If
+ init=0 then the ENGINE will not be iniatialized at all.
+ [Steve Henson]
+
+ *) Fix the 'app_verify_callback' interface so that the user-defined
+ argument is actually passed to the callback: In the
+ SSL_CTX_set_cert_verify_callback() prototype, the callback
+ declaration has been changed from
+ int (*cb)()
+ into
+ int (*cb)(X509_STORE_CTX *,void *);
+ in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+ i=s->ctx->app_verify_callback(&ctx)
+ has been changed into
+ i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+ To update applications using SSL_CTX_set_cert_verify_callback(),
+ a dummy argument can be added to their callback functions.
+ [D. K. Smetters <smetters at parc.xerox.com>]
+
+ *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+ [Maurice Gittens <maurice at gittens.nl>, touchups by Geoff Thorpe]
+
+ *) Add and OPENSSL_LOAD_CONF define which will cause
+ OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+ This allows older applications to transparently support certain
+ OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+ Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+ load the config file and OPENSSL_add_all_algorithms_conf() which will
+ always load it have also been added.
+ [Steve Henson]
+
+ *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+ Adjust NIDs and EVP layer.
+ [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+ *) Config modules support in openssl utility.
+
+ Most commands now load modules from the config file,
+ though in a few (such as version) this isn't done
+ because it couldn't be used for anything.
+
+ In the case of ca and req the config file used is
+ the same as the utility itself: that is the -config
+ command line option can be used to specify an
+ alternative file.
+ [Steve Henson]
+
+ *) Move default behaviour from OPENSSL_config(). If appname is NULL
+ use "openssl_conf" if filename is NULL use default openssl config file.
+ [Steve Henson]
+
+ *) Add an argument to OPENSSL_config() to allow the use of an alternative
+ config section name. Add a new flag to tolerate a missing config file
+ and move code to CONF_modules_load_file().
+ [Steve Henson]
+
+ *) Support for crypto accelerator cards from Accelerated Encryption
+ Processing, www.aep.ie. (Use engine 'aep')
+ The support was copied from 0.9.6c [engine] and adapted/corrected
+ to work with the new engine framework.
+ [AEP Inc. and Richard Levitte]
+
+ *) Support for SureWare crypto accelerator cards from Baltimore
+ Technologies. (Use engine 'sureware')
+ The support was copied from 0.9.6c [engine] and adapted
+ to work with the new engine framework.
+ [Richard Levitte]
+
+ *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+ make the newer ENGINE framework commands for the CHIL engine work.
+ [Toomas Kiisk <vix at cyber.ee> and Richard Levitte]
+
+ *) Make it possible to produce shared libraries on ReliantUNIX.
+ [Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> via Richard Levitte]
+
+ *) Add the configuration target debug-linux-ppro.
+ Make 'openssl rsa' use the general key loading routines
+ implemented in apps.c, and make those routines able to
+ handle the key format FORMAT_NETSCAPE and the variant
+ FORMAT_IISSGC.
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Add -keyform to rsautl, and document -engine.
+ [Richard Levitte, inspired by Toomas Kiisk <vix at cyber.ee>]
+
+ *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+ BIO_R_NO_SUCH_FILE error code rather than the generic
+ ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+ [Ben Laurie]
+
+ *) Add new functions
+ ERR_peek_last_error
+ ERR_peek_last_error_line
+ ERR_peek_last_error_line_data.
+ These are similar to
+ ERR_peek_error
+ ERR_peek_error_line
+ ERR_peek_error_line_data,
+ but report on the latest error recorded rather than the first one
+ still in the error queue.
+ [Ben Laurie, Bodo Moeller]
+
+ *) default_algorithms option in ENGINE config module. This allows things
+ like:
+ default_algorithms = ALL
+ default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+ [Steve Henson]
+
+ *) Prelminary ENGINE config module.
+ [Steve Henson]
+
+ *) New experimental application configuration code.
+ [Steve Henson]
+
+ *) Change the AES code to follow the same name structure as all other
+ symmetric ciphers, and behave the same way. Move everything to
+ the directory crypto/aes, thereby obsoleting crypto/rijndael.
+ [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+ *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+ [Ben Laurie and Theo de Raadt]
+
+ *) Add option to output public keys in req command.
+ [Massimiliano Pala madwolf at openca.org]
+
+ *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+ (up to about 10% better than before for P-192 and P-224).
+ [Bodo Moeller]
+
+ *) New functions/macros
+
+ SSL_CTX_set_msg_callback(ctx, cb)
+ SSL_CTX_set_msg_callback_arg(ctx, arg)
+ SSL_set_msg_callback(ssl, cb)
+ SSL_set_msg_callback_arg(ssl, arg)
+
+ to request calling a callback function
+
+ void cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg)
+
+ whenever a protocol message has been completely received
+ (write_p == 0) or sent (write_p == 1). Here 'version' is the
+ protocol version according to which the SSL library interprets
+ the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+ TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
+ the content type as defined in the SSL 3.0/TLS 1.0 protocol
+ specification (change_cipher_spec(20), alert(21), handshake(22)).
+ 'buf' and 'len' point to the actual message, 'ssl' to the
+ SSL object, and 'arg' is the application-defined value set by
+ SSL[_CTX]_set_msg_callback_arg().
+
+ 'openssl s_client' and 'openssl s_server' have new '-msg' options
+ to enable a callback that displays all protocol messages.
+ [Bodo Moeller]
+
+ *) Change the shared library support so shared libraries are built as
+ soon as the corresponding static library is finished, and thereby get
+ openssl and the test programs linked against the shared library.
+ This still only happens when the keyword "shard" has been given to
+ the configuration scripts.
+
+ NOTE: shared library support is still an experimental thing, and
+ backward binary compatibility is still not guaranteed.
+ ["Maciej W. Rozycki" <macro at ds2.pg.gda.pl> and Richard Levitte]
+
+ *) Add support for Subject Information Access extension.
+ [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+ *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+ additional bytes when new memory had to be allocated, not just
+ when reusing an existing buffer.
+ [Bodo Moeller]
+
+ *) New command line and configuration option 'utf8' for the req command.
+ This allows field values to be specified as UTF8 strings.
+ [Steve Henson]
+
+ *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+ runs for the former and machine-readable output for the latter.
+ [Ben Laurie]
+
+ *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
+ of the e-mail address in the DN (i.e., it will go into a certificate
+ extension only). The new configuration file option 'email_in_dn = no'
+ has the same effect.
+ [Massimiliano Pala madwolf at openca.org]
+
+ *) Change all functions with names starting with des_ to be starting
+ with DES_ instead. Add wrappers that are compatible with libdes,
+ but are named _ossl_old_des_*. Finally, add macros that map the
+ des_* symbols to the corresponding _ossl_old_des_* if libdes
+ compatibility is desired. If OpenSSL 0.9.6c compatibility is
+ desired, the des_* symbols will be mapped to DES_*, with one
+ exception.
+
+ Since we provide two compatibility mappings, the user needs to
+ define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+ compatibility is desired. The default (i.e., when that macro
+ isn't defined) is OpenSSL 0.9.6c compatibility.
+
+ There are also macros that enable and disable the support of old
+ des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+ and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
+ are defined, the default will apply: to support the old des routines.
+
+ In either case, one must include openssl/des.h to get the correct
+ definitions. Do not try to just include openssl/des_old.h, that
+ won't work.
+
+ NOTE: This is a major break of an old API into a new one. Software
+ authors are encouraged to switch to the DES_ style functions. Some
+ time in the future, des_old.h and the libdes compatibility functions
+ will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+ default), and then completely removed.
+ [Richard Levitte]
+
+ *) Test for certificates which contain unsupported critical extensions.
+ If such a certificate is found during a verify operation it is
+ rejected by default: this behaviour can be overridden by either
+ handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+ by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+ X509_supported_extension() has also been added which returns 1 if a
+ particular extension is supported.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP cipher functions in similar way to digests
+ to retain compatibility with existing code.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+ compatibility with existing code. In particular the 'ctx' parameter does
+ not have to be to be initialized before the call to EVP_DigestInit() and
+ it is tidied up after a call to EVP_DigestFinal(). New function
+ EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+ EVP_MD_CTX_copy() changed to not require the destination to be
+ initialized valid and new function EVP_MD_CTX_copy_ex() added which
+ requires the destination to be valid.
+
+ Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+ EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+ [Steve Henson]
+
+ *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+ so that complete 'Handshake' protocol structures are kept in memory
+ instead of overwriting 'msg_type' and 'length' with 'body' data.
+ [Bodo Moeller]
+
+ *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+ [Massimo Santin via Richard Levitte]
+
+ *) Major restructuring to the underlying ENGINE code. This includes
+ reduction of linker bloat, separation of pure "ENGINE" manipulation
+ (initialisation, etc) from functionality dealing with implementations
+ of specific crypto iterfaces. This change also introduces integrated
+ support for symmetric ciphers and digest implementations - so ENGINEs
+ can now accelerate these by providing EVP_CIPHER and EVP_MD
+ implementations of their own. This is detailed in crypto/engine/README
+ as it couldn't be adequately described here. However, there are a few
+ API changes worth noting - some RSA, DSA, DH, and RAND functions that
+ were changed in the original introduction of ENGINE code have now
+ reverted back - the hooking from this code to ENGINE is now a good
+ deal more passive and at run-time, operations deal directly with
+ RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+ dereferencing through an ENGINE pointer any more. Also, the ENGINE
+ functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+ they were not being used by the framework as there is no concept of a
+ BIGNUM_METHOD and they could not be generalised to the new
+ 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+ ENGINE_cpy() has been removed as it cannot be consistently defined in
+ the new code.
+ [Geoff Thorpe]
+
+ *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+ [Steve Henson]
+
+ *) Change mkdef.pl to sort symbols that get the same entry number,
+ and make sure the automatically generated functions ERR_load_*
+ become part of libeay.num as well.
+ [Richard Levitte]
+
+ *) New function SSL_renegotiate_pending(). This returns true once
+ renegotiation has been requested (either SSL_renegotiate() call
+ or HelloRequest/ClientHello receveived from the peer) and becomes
+ false once a handshake has been completed.
+ (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+ sends a HelloRequest, but does not ensure that a handshake takes
+ place. SSL_renegotiate_pending() is useful for checking if the
+ client has followed the request.)
+ [Bodo Moeller]
+
+ *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+ By default, clients may request session resumption even during
+ renegotiation (if session ID contexts permit); with this option,
+ session resumption is possible only in the first handshake.
+
+ SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
+ more bits available for options that should not be part of
+ SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+ [Bodo Moeller]
+
+ *) Add some demos for certificate and certificate request creation.
+ [Steve Henson]
+
+ *) Make maximum certificate chain size accepted from the peer application
+ settable (SSL*_get/set_max_cert_list()), as proposed by
+ "Douglas E. Engert" <deengert at anl.gov>.
+ [Lutz Jaenicke]
+
+ *) Add support for shared libraries for Unixware-7
+ (Boyd Lynn Gerber <gerberb at zenez.com>).
+ [Lutz Jaenicke]
+
+ *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+ be done prior to destruction. Use this to unload error strings from
+ ENGINEs that load their own error strings. NB: This adds two new API
+ functions to "get" and "set" this destroy handler in an ENGINE.
+ [Geoff Thorpe]
+
+ *) Alter all existing ENGINE implementations (except "openssl" and
+ "openbsd") to dynamically instantiate their own error strings. This
+ makes them more flexible to be built both as statically-linked ENGINEs
+ and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+ Also, add stub code to each that makes building them as self-contained
+ shared-libraries easier (see README.ENGINE).
+ [Geoff Thorpe]
+
+ *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+ implementations into applications that are completely implemented in
+ self-contained shared-libraries. The "dynamic" ENGINE exposes control
+ commands that can be used to configure what shared-library to load and
+ to control aspects of the way it is handled. Also, made an update to
+ the README.ENGINE file that brings its information up-to-date and
+ provides some information and instructions on the "dynamic" ENGINE
+ (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+ [Geoff Thorpe]
+
+ *) Make it possible to unload ranges of ERR strings with a new
+ "ERR_unload_strings" function.
+ [Geoff Thorpe]
+
+ *) Add a copy() function to EVP_MD.
+ [Ben Laurie]
+
+ *) Make EVP_MD routines take a context pointer instead of just the
+ md_data void pointer.
+ [Ben Laurie]
+
+ *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+ that the digest can only process a single chunk of data
+ (typically because it is provided by a piece of
+ hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+ is only going to provide a single chunk of data, and hence the
+ framework needn't accumulate the data for oneshot drivers.
+ [Ben Laurie]
+
+ *) As with "ERR", make it possible to replace the underlying "ex_data"
+ functions. This change also alters the storage and management of global
+ ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+ RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+ index counters. The API functions that use this state have been changed
+ to take a "class_index" rather than pointers to the class's local STACK
+ and counter, and there is now an API function to dynamically create new
+ classes. This centralisation allows us to (a) plug a lot of the
+ thread-safety problems that existed, and (b) makes it possible to clean
+ up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+ such data would previously have always leaked in application code and
+ workarounds were in place to make the memory debugging turn a blind eye
+ to it. Application code that doesn't use this new function will still
+ leak as before, but their memory debugging output will announce it now
+ rather than letting it slide.
+
+ Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+ induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+ has a return value to indicate success or failure.
+ [Geoff Thorpe]
+
+ *) Make it possible to replace the underlying "ERR" functions such that the
+ global state (2 LHASH tables and 2 locks) is only used by the "default"
+ implementation. This change also adds two functions to "get" and "set"
+ the implementation prior to it being automatically set the first time
+ any other ERR function takes place. Ie. an application can call "get",
+ pass the return value to a module it has just loaded, and that module
+ can call its own "set" function using that value. This means the
+ module's "ERR" operations will use (and modify) the error state in the
+ application and not in its own statically linked copy of OpenSSL code.
+ [Geoff Thorpe]
+
+ *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+ reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+ the operation, and provides a more encapsulated way for external code
+ (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+ to use these functions rather than manually incrementing the counts.
+
+ Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+ [Geoff Thorpe]
+
+ *) Add EVP test program.
+ [Ben Laurie]
+
+ *) Add symmetric cipher support to ENGINE. Expect the API to change!
+ [Ben Laurie]
+
+ *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+ X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+ X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+ These allow a CRL to be built without having to access X509_CRL fields
+ directly. Modify 'ca' application to use new functions.
+ [Steve Henson]
+
+ *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+ bug workarounds. Rollback attack detection is a security feature.
+ The problem will only arise on OpenSSL servers when TLSv1 is not
+ available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+ Software authors not wanting to support TLSv1 will have special reasons
+ for their choice and can explicitly enable this option.
+ [Bodo Moeller, Lutz Jaenicke]
+
+ *) Rationalise EVP so it can be extended: don't include a union of
+ cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+ (similar to those existing for EVP_CIPHER_CTX).
+ Usage example:
+
+ EVP_MD_CTX md;
+
+ EVP_MD_CTX_init(&md); /* new function call */
+ EVP_DigestInit(&md, EVP_sha1());
+ EVP_DigestUpdate(&md, in, len);
+ EVP_DigestFinal(&md, out, NULL);
+ EVP_MD_CTX_cleanup(&md); /* new function call */
+
+ [Ben Laurie]
+
+ *) Make DES key schedule conform to the usual scheme, as well as
+ correcting its structure. This means that calls to DES functions
+ now have to pass a pointer to a des_key_schedule instead of a
+ plain des_key_schedule (which was actually always a pointer
+ anyway): E.g.,
+
+ des_key_schedule ks;
+
+ des_set_key_checked(..., &ks);
+ des_ncbc_encrypt(..., &ks, ...);
+
+ (Note that a later change renames 'des_...' into 'DES_...'.)
+ [Ben Laurie]
+
+ *) Initial reduction of linker bloat: the use of some functions, such as
+ PEM causes large amounts of unused functions to be linked in due to
+ poor organisation. For example pem_all.c contains every PEM function
+ which has a knock on effect of linking in large amounts of (unused)
+ ASN1 code. Grouping together similar functions and splitting unrelated
+ functions prevents this.
+ [Steve Henson]
+
+ *) Cleanup of EVP macros.
+ [Ben Laurie]
+
+ *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+ correct _ecb suffix.
+ [Ben Laurie]
+
+ *) Add initial OCSP responder support to ocsp application. The
+ revocation information is handled using the text based index
+ use by the ca application. The responder can either handle
+ requests generated internally, supplied in files (for example
+ via a CGI script) or using an internal minimal server.
+ [Steve Henson]
+
+ *) Add configuration choices to get zlib compression for TLS.
+ [Richard Levitte]
+
+ *) Changes to Kerberos SSL for RFC 2712 compliance:
+ 1. Implemented real KerberosWrapper, instead of just using
+ KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw at sxw.org.uk>]
+ 2. Implemented optional authenticator field of KerberosWrapper.
+
+ Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+ and authenticator structs; see crypto/krb5/.
+
+ Generalized Kerberos calls to support multiple Kerberos libraries.
+ [Vern Staats <staatsvr at asc.hpc.mil>,
+ Jeffrey Altman <jaltman at columbia.edu>
+ via Richard Levitte]
+
+ *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+ already does with RSA. testdsa.h now has 'priv_key/pub_key'
+ values for each of the key sizes rather than having just
+ parameters (and 'speed' generating keys each time).
+ [Geoff Thorpe]
+
+ *) Speed up EVP routines.
+ Before:
+encrypt
+type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
+des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
+des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
+decrypt
+des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
+des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
+des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
+ After:
+encrypt
+des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
+decrypt
+des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
+ [Ben Laurie]
+
+ *) Added the OS2-EMX target.
+ ["Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte]
+
+ *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+ to support NCONF routines in extension code. New function CONF_set_nconf()
+ to allow functions which take an NCONF to also handle the old LHASH
+ structure: this means that the old CONF compatible routines can be
+ retained (in particular wrt extensions) without having to duplicate the
+ code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+ [Steve Henson]
+
+ *) Enhance the general user interface with mechanisms for inner control
+ and with possibilities to have yes/no kind of prompts.
+ [Richard Levitte]
+
+ *) Change all calls to low level digest routines in the library and
+ applications to use EVP. Add missing calls to HMAC_cleanup() and
+ don't assume HMAC_CTX can be copied using memcpy().
+ [Verdon Walker <VWalker at novell.com>, Steve Henson]
+
+ *) Add the possibility to control engines through control names but with
+ arbitrary arguments instead of just a string.
+ Change the key loaders to take a UI_METHOD instead of a callback
+ function pointer. NOTE: this breaks binary compatibility with earlier
+ versions of OpenSSL [engine].
+ Adapt the nCipher code for these new conditions and add a card insertion
+ callback.
+ [Richard Levitte]
+
+ *) Enhance the general user interface with mechanisms to better support
+ dialog box interfaces, application-defined prompts, the possibility
+ to use defaults (for example default passwords from somewhere else)
+ and interrupts/cancellations.
+ [Richard Levitte]
+
+ *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+ attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+ [Steve Henson]
+
+ *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+ tidy up some unnecessarily weird code in 'sk_new()').
+ [Geoff, reported by Diego Tartara <dtartara at novamens.com>]
+
+ *) Change the key loading routines for ENGINEs to use the same kind
+ callback (pem_password_cb) as all other routines that need this
+ kind of callback.
+ [Richard Levitte]
+
+ *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+ 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+ than this minimum value is recommended.
+ [Lutz Jaenicke]
+
+ *) New random seeder for OpenVMS, using the system process statistics
+ that are easily reachable.
+ [Richard Levitte]
+
+ *) Windows apparently can't transparently handle global
+ variables defined in DLLs. Initialisations such as:
+
+ const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+ wont compile. This is used by the any applications that need to
+ declare their own ASN1 modules. This was fixed by adding the option
+ EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+ needed for static libraries under Win32.
+ [Steve Henson]
+
+ *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+ setting of purpose and trust fields. New X509_STORE trust and
+ purpose functions and tidy up setting in other SSL functions.
+ [Steve Henson]
+
+ *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+ structure. These are inherited by X509_STORE_CTX when it is
+ initialised. This allows various defaults to be set in the
+ X509_STORE structure (such as flags for CRL checking and custom
+ purpose or trust settings) for functions which only use X509_STORE_CTX
+ internally such as S/MIME.
+
+ Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+ trust settings if they are not set in X509_STORE. This allows X509_STORE
+ purposes and trust (in S/MIME for example) to override any set by default.
+
+ Add command line options for CRL checking to smime, s_client and s_server
+ applications.
+ [Steve Henson]
+
+ *) Initial CRL based revocation checking. If the CRL checking flag(s)
+ are set then the CRL is looked up in the X509_STORE structure and
+ its validity and signature checked, then if the certificate is found
+ in the CRL the verify fails with a revoked error.
+
+ Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+ Command line options added to 'verify' application to support this.
+
+ This needs some additional work, such as being able to handle multiple
+ CRLs with different times, extension based lookup (rather than just
+ by subject name) and ultimately more complete V2 CRL extension
+ handling.
+ [Steve Henson]
+
+ *) Add a general user interface API (crypto/ui/). This is designed
+ to replace things like des_read_password and friends (backward
+ compatibility functions using this new API are provided).
+ The purpose is to remove prompting functions from the DES code
+ section as well as provide for prompting through dialog boxes in
+ a window system and the like.
+ [Richard Levitte]
+
+ *) Add "ex_data" support to ENGINE so implementations can add state at a
+ per-structure level rather than having to store it globally.
+ [Geoff]
+
+ *) Make it possible for ENGINE structures to be copied when retrieved by
+ ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+ This causes the "original" ENGINE structure to act like a template,
+ analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+ operational state can be localised to each ENGINE structure, despite the
+ fact they all share the same "methods". New ENGINE structures returned in
+ this case have no functional references and the return value is the single
+ structural reference. This matches the single structural reference returned
+ by ENGINE_by_id() normally, when it is incremented on the pre-existing
+ ENGINE structure.
+ [Geoff]
+
+ *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+ needs to match any other type at all we need to manually clear the
+ tag cache.
+ [Steve Henson]
+
+ *) Changes to the "openssl engine" utility to include;
+ - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+ about an ENGINE's available control commands.
+ - executing control commands from command line arguments using the
+ '-pre' and '-post' switches. '-post' is only used if '-t' is
+ specified and the ENGINE is successfully initialised. The syntax for
+ the individual commands are colon-separated, for example;
+ openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+ [Geoff]
+
+ *) New dynamic control command support for ENGINEs. ENGINEs can now
+ declare their own commands (numbers), names (strings), descriptions,
+ and input types for run-time discovery by calling applications. A
+ subset of these commands are implicitly classed as "executable"
+ depending on their input type, and only these can be invoked through
+ the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+ can be based on user input, config files, etc). The distinction is
+ that "executable" commands cannot return anything other than a boolean
+ result and can only support numeric or string input, whereas some
+ discoverable commands may only be for direct use through
+ ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+ pointers, or other custom uses. The "executable" commands are to
+ support parameterisations of ENGINE behaviour that can be
+ unambiguously defined by ENGINEs and used consistently across any
+ OpenSSL-based application. Commands have been added to all the
+ existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+ control over shared-library paths without source code alterations.
+ [Geoff]
+
+ *) Changed all ENGINE implementations to dynamically allocate their
+ ENGINEs rather than declaring them statically. Apart from this being
+ necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+ this also allows the implementations to compile without using the
+ internal engine_int.h header.
+ [Geoff]
+
+ *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+ 'const' value. Any code that should be able to modify a RAND_METHOD
+ should already have non-const pointers to it (ie. they should only
+ modify their own ones).
+ [Geoff]
+
+ *) Made a variety of little tweaks to the ENGINE code.
+ - "atalla" and "ubsec" string definitions were moved from header files
+ to C code. "nuron" string definitions were placed in variables
+ rather than hard-coded - allowing parameterisation of these values
+ later on via ctrl() commands.
+ - Removed unused "#if 0"'d code.
+ - Fixed engine list iteration code so it uses ENGINE_free() to release
+ structural references.
+ - Constified the RAND_METHOD element of ENGINE structures.
+ - Constified various get/set functions as appropriate and added
+ missing functions (including a catch-all ENGINE_cpy that duplicates
+ all ENGINE values onto a new ENGINE except reference counts/state).
+ - Removed NULL parameter checks in get/set functions. Setting a method
+ or function to NULL is a way of cancelling out a previously set
+ value. Passing a NULL ENGINE parameter is just plain stupid anyway
+ and doesn't justify the extra error symbols and code.
+ - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+ flags from engine_int.h to engine.h.
+ - Changed prototypes for ENGINE handler functions (init(), finish(),
+ ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+ [Geoff]
+
+ *) Implement binary inversion algorithm for BN_mod_inverse in addition
+ to the algorithm using long division. The binary algorithm can be
+ used only if the modulus is odd. On 32-bit systems, it is faster
+ only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+ roughly 5-15% for 256-bit moduli), so we use it only for moduli
+ up to 450 bits. In 64-bit environments, the binary algorithm
+ appears to be advantageous for much longer moduli; here we use it
+ for moduli up to 2048 bits.
+ [Bodo Moeller]
+
+ *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+ could not support the combine flag in choice fields.
+ [Steve Henson]
+
+ *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+ extensions from a certificate request to the certificate.
+ [Steve Henson]
+
+ *) Allow multiple 'certopt' and 'nameopt' options to be separated
+ by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+ file: this allows the display of the certificate about to be
+ signed to be customised, to allow certain fields to be included
+ or excluded and extension details. The old system didn't display
+ multicharacter strings properly, omitted fields not in the policy
+ and couldn't display additional details such as extensions.
+ [Steve Henson]
+
+ *) Function EC_POINTs_mul for multiple scalar multiplication
+ of an arbitrary number of elliptic curve points
+ \sum scalars[i]*points[i],
+ optionally including the generator defined for the EC_GROUP:
+ scalar*generator + \sum scalars[i]*points[i].
+
+ EC_POINT_mul is a simple wrapper function for the typical case
+ that the point list has just one item (besides the optional
+ generator).
+ [Bodo Moeller]
+
+ *) First EC_METHODs for curves over GF(p):
+
+ EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+ operations and provides various method functions that can also
+ operate with faster implementations of modular arithmetic.
+
+ EC_GFp_mont_method() reuses most functions that are part of
+ EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+ [Bodo Moeller; point addition and point doubling
+ implementation directly derived from source code provided by
+ Lenka Fibikova <fibikova at exp-math.uni-essen.de>]
+
+ *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+ crypto/ec/ec_lib.c):
+
+ Curves are EC_GROUP objects (with an optional group generator)
+ based on EC_METHODs that are built into the library.
+
+ Points are EC_POINT objects based on EC_GROUP objects.
+
+ Most of the framework would be able to handle curves over arbitrary
+ finite fields, but as there are no obvious types for fields other
+ than GF(p), some functions are limited to that for now.
+ [Bodo Moeller]
+
+ *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
+ that the file contains a complete HTTP response.
+ [Richard Levitte]
+
+ *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+ change the def and num file printf format specifier from "%-40sXXX"
+ to "%-39s XXX". The latter will always guarantee a space after the
+ field while the former will cause them to run together if the field
+ is 40 of more characters long.
+ [Steve Henson]
+
+ *) Constify the cipher and digest 'method' functions and structures
+ and modify related functions to take constant EVP_MD and EVP_CIPHER
+ pointers.
+ [Steve Henson]
+
+ *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+ in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
+ [Bodo Moeller]
+
+ *) Modify EVP_Digest*() routines so they now return values. Although the
+ internal software routines can never fail additional hardware versions
+ might.
+ [Steve Henson]
+
+ *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+ Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+ (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+ ASN1 error codes
+ ERR_R_NESTED_ASN1_ERROR
+ ...
+ ERR_R_MISSING_ASN1_EOS
+ were 4 .. 9, conflicting with
+ ERR_LIB_RSA (= ERR_R_RSA_LIB)
+ ...
+ ERR_LIB_PEM (= ERR_R_PEM_LIB).
+ They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+ Add new error code 'ERR_R_INTERNAL_ERROR'.
+ [Bodo Moeller]
+
+ *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+ suffices.
+ [Bodo Moeller]
+
+ *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
+ sets the subject name for a new request or supersedes the
+ subject name in a given request. Formats that can be parsed are
+ 'CN=Some Name, OU=myOU, C=IT'
+ and
+ 'CN=Some Name/OU=myOU/C=IT'.
+
+ Add options '-batch' and '-verbose' to 'openssl req'.
+ [Massimiliano Pala <madwolf at hackmasters.net>]
+
+ *) Introduce the possibility to access global variables through
+ functions on platform were that's the best way to handle exporting
+ global variables in shared libraries. To enable this functionality,
+ one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+ "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+ is normally done by Configure or something similar).
+
+ To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+ in the source file (foo.c) like this:
+
+ OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+ OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+ To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+ and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+ OPENSSL_DECLARE_GLOBAL(int,foo);
+ #define foo OPENSSL_GLOBAL_REF(foo)
+ OPENSSL_DECLARE_GLOBAL(double,bar);
+ #define bar OPENSSL_GLOBAL_REF(bar)
+
+ The #defines are very important, and therefore so is including the
+ header file everywhere where the defined globals are used.
+
+ The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+ of ASN.1 items, but that structure is a bit different.
+
+ The largest change is in util/mkdef.pl which has been enhanced with
+ better and easier to understand logic to choose which symbols should
+ go into the Windows .def files as well as a number of fixes and code
+ cleanup (among others, algorithm keywords are now sorted
+ lexicographically to avoid constant rewrites).
+ [Richard Levitte]
+
+ *) In BN_div() keep a copy of the sign of 'num' before writing the
+ result to 'rm' because if rm==num the value will be overwritten
+ and produce the wrong result if 'num' is negative: this caused
+ problems with BN_mod() and BN_nnmod().
+ [Steve Henson]
+
+ *) Function OCSP_request_verify(). This checks the signature on an
+ OCSP request and verifies the signer certificate. The signer
+ certificate is just checked for a generic purpose and OCSP request
+ trust settings.
+ [Steve Henson]
+
+ *) Add OCSP_check_validity() function to check the validity of OCSP
+ responses. OCSP responses are prepared in real time and may only
+ be a few seconds old. Simply checking that the current time lies
+ between thisUpdate and nextUpdate max reject otherwise valid responses
+ caused by either OCSP responder or client clock inaccuracy. Instead
+ we allow thisUpdate and nextUpdate to fall within a certain period of
+ the current time. The age of the response can also optionally be
+ checked. Two new options -validity_period and -status_age added to
+ ocsp utility.
+ [Steve Henson]
+
+ *) If signature or public key algorithm is unrecognized print out its
+ OID rather that just UNKNOWN.
+ [Steve Henson]
+
+ *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+ OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+ ID to be generated from the issuer certificate alone which can then be
+ passed to OCSP_id_issuer_cmp().
+ [Steve Henson]
+
+ *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+ ASN1 modules to export functions returning ASN1_ITEM pointers
+ instead of the ASN1_ITEM structures themselves. This adds several
+ new macros which allow the underlying ASN1 function/structure to
+ be accessed transparently. As a result code should not use ASN1_ITEM
+ references directly (such as &X509_it) but instead use the relevant
+ macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+ use of the new ASN1 code on platforms where exporting structures
+ is problematical (for example in shared libraries) but exporting
+ functions returning pointers to structures is not.
+ [Steve Henson]
+
+ *) Add support for overriding the generation of SSL/TLS session IDs.
+ These callbacks can be registered either in an SSL_CTX or per SSL.
+ The purpose of this is to allow applications to control, if they wish,
+ the arbitrary values chosen for use as session IDs, particularly as it
+ can be useful for session caching in multiple-server environments. A
+ command-line switch for testing this (and any client code that wishes
+ to use such a feature) has been added to "s_server".
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+ of the form '#if defined(...) || defined(...) || ...' and
+ '#if !defined(...) && !defined(...) && ...'. This also avoids
+ the growing number of special cases it was previously handling.
+ [Richard Levitte]
+
+ *) Make all configuration macros available for application by making
+ sure they are available in opensslconf.h, by giving them names starting
+ with "OPENSSL_" to avoid conflicts with other packages and by making
+ sure e_os2.h will cover all platform-specific cases together with
+ opensslconf.h.
+ Additionally, it is now possible to define configuration/platform-
+ specific names (called "system identities"). In the C code, these
+ are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
+ macro with the name beginning with "OPENSSL_SYS_", which is determined
+ from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+ what is available.
+ [Richard Levitte]
+
+ *) New option -set_serial to 'req' and 'x509' this allows the serial
+ number to use to be specified on the command line. Previously self
+ signed certificates were hard coded with serial number 0 and the
+ CA options of 'x509' had to use a serial number in a file which was
+ auto incremented.
+ [Steve Henson]
+
+ *) New options to 'ca' utility to support V2 CRL entry extensions.
+ Currently CRL reason, invalidity date and hold instruction are
+ supported. Add new CRL extensions to V3 code and some new objects.
+ [Steve Henson]
+
+ *) New function EVP_CIPHER_CTX_set_padding() this is used to
+ disable standard block padding (aka PKCS#5 padding) in the EVP
+ API, which was previously mandatory. This means that the data is
+ not padded in any way and so the total length much be a multiple
+ of the block size, otherwise an error occurs.
+ [Steve Henson]
+
+ *) Initial (incomplete) OCSP SSL support.
+ [Steve Henson]
+
+ *) New function OCSP_parse_url(). This splits up a URL into its host,
+ port and path components: primarily to parse OCSP URLs. New -url
+ option to ocsp utility.
+ [Steve Henson]
+
+ *) New nonce behavior. The return value of OCSP_check_nonce() now
+ reflects the various checks performed. Applications can decide
+ whether to tolerate certain situations such as an absent nonce
+ in a response when one was present in a request: the ocsp application
+ just prints out a warning. New function OCSP_add1_basic_nonce()
+ this is to allow responders to include a nonce in a response even if
+ the request is nonce-less.
+ [Steve Henson]
+
+ *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+ skipped when using openssl x509 multiple times on a single input file,
+ e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+ [Bodo Moeller]
+
+ *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+ set string type: to handle setting ASN1_TIME structures. Fix ca
+ utility to correctly initialize revocation date of CRLs.
+ [Steve Henson]
+
+ *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+ the clients preferred ciphersuites and rather use its own preferences.
+ Should help to work around M$ SGC (Server Gated Cryptography) bug in
+ Internet Explorer by ensuring unchanged hash method during stepup.
+ (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+ [Lutz Jaenicke]
+
+ *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+ to aes and add a new 'exist' option to print out symbols that don't
+ appear to exist.
+ [Steve Henson]
+
+ *) Additional options to ocsp utility to allow flags to be set and
+ additional certificates supplied.
+ [Steve Henson]
+
+ *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+ OCSP client a number of certificate to only verify the response
+ signature against.
+ [Richard Levitte]
+
+ *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+ handle the new API. Currently only ECB, CBC modes supported. Add new
+ AES OIDs.
+
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
+
+ *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+ request to response.
+ [Steve Henson]
+
+ *) Functions for OCSP responders. OCSP_request_onereq_count(),
+ OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+ extract information from a certificate request. OCSP_response_create()
+ creates a response and optionally adds a basic response structure.
+ OCSP_basic_add1_status() adds a complete single response to a basic
+ response and returns the OCSP_SINGLERESP structure just added (to allow
+ extensions to be included for example). OCSP_basic_add1_cert() adds a
+ certificate to a basic response and OCSP_basic_sign() signs a basic
+ response with various flags. New helper functions ASN1_TIME_check()
+ (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+ (converts ASN1_TIME to GeneralizedTime).
+ [Steve Henson]
+
+ *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+ in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+ structure from a certificate. X509_pubkey_digest() digests the public_key
+ contents: this is used in various key identifiers.
+ [Steve Henson]
+
+ *) Make sk_sort() tolerate a NULL argument.
+ [Steve Henson reported by Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+ passed by the function are trusted implicitly. If any of them signed the
+ response then it is assumed to be valid and is not verified.
+ [Steve Henson]
+
+ *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+ to data. This was previously part of the PKCS7 ASN1 code. This
+ was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support at securenetterm.com>]
+
+ *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+ routines: without these tracing memory leaks is very painful.
+ Fix leaks in PKCS12 and PKCS7 routines.
+ [Steve Henson]
+
+ *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+ Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+ effectively meant GeneralizedTime would never be used. Now it
+ is initialised to -1 but X509_time_adj() now has to check the value
+ and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+ V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support at securenetterm.com>]
+
+ *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+ result in a zero length in the ASN1_INTEGER structure which was
+ not consistent with the structure when d2i_ASN1_INTEGER() was used
+ and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+ to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+ where it did not print out a minus for negative ASN1_INTEGER.
+ [Steve Henson]
+
+ *) Add summary printout to ocsp utility. The various functions which
+ convert status values to strings have been renamed to:
+ OCSP_response_status_str(), OCSP_cert_status_str() and
+ OCSP_crl_reason_str() and are no longer static. New options
+ to verify nonce values and to disable verification. OCSP response
+ printout format cleaned up.
+ [Steve Henson]
+
+ *) Add additional OCSP certificate checks. These are those specified
+ in RFC2560. This consists of two separate checks: the CA of the
+ certificate being checked must either be the OCSP signer certificate
+ or the issuer of the OCSP signer certificate. In the latter case the
+ OCSP signer certificate must contain the OCSP signing extended key
+ usage. This check is performed by attempting to match the OCSP
+ signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+ in the OCSP_CERTID structures of the response.
+ [Steve Henson]
+
+ *) Initial OCSP certificate verification added to OCSP_basic_verify()
+ and related routines. This uses the standard OpenSSL certificate
+ verify routines to perform initial checks (just CA validity) and
+ to obtain the certificate chain. Then additional checks will be
+ performed on the chain. Currently the root CA is checked to see
+ if it is explicitly trusted for OCSP signing. This is used to set
+ a root CA as a global signing root: that is any certificate that
+ chains to that CA is an acceptable OCSP signing certificate.
+ [Steve Henson]
+
+ *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+ extensions from a separate configuration file.
+ As when reading extensions from the main configuration file,
+ the '-extensions ...' option may be used for specifying the
+ section to use.
+ [Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New OCSP utility. Allows OCSP requests to be generated or
+ read. The request can be sent to a responder and the output
+ parsed, outputed or printed in text form. Not complete yet:
+ still needs to check the OCSP response validity.
+ [Steve Henson]
+
+ *) New subcommands for 'openssl ca':
+ 'openssl ca -status <serial>' prints the status of the cert with
+ the given serial number (according to the index file).
+ 'openssl ca -updatedb' updates the expiry status of certificates
+ in the index file.
+ [Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New '-newreq-nodes' command option to CA.pl. This is like
+ '-newreq', but calls 'openssl req' with the '-nodes' option
+ so that the resulting key is not encrypted.
+ [Damien Miller <djm at mindrot.org>]
+
+ *) New configuration for the GNU Hurd.
+ [Jonathan Bartlett <johnnyb at wolfram.com> via Richard Levitte]
+
+ *) Initial code to implement OCSP basic response verify. This
+ is currently incomplete. Currently just finds the signer's
+ certificate and verifies the signature on the response.
+ [Steve Henson]
+
+ *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+ value of OPENSSLDIR. This is available via the new '-d' option
+ to 'openssl version', and is also included in 'openssl version -a'.
+ [Bodo Moeller]
+
+ *) Allowing defining memory allocation callbacks that will be given
+ file name and line number information in additional arguments
+ (a const char* and an int). The basic functionality remains, as
+ well as the original possibility to just replace malloc(),
+ realloc() and free() by functions that do not know about these
+ additional arguments. To register and find out the current
+ settings for extended allocation functions, the following
+ functions are provided:
+
+ CRYPTO_set_mem_ex_functions
+ CRYPTO_set_locked_mem_ex_functions
+ CRYPTO_get_mem_ex_functions
+ CRYPTO_get_locked_mem_ex_functions
+
+ These work the same way as CRYPTO_set_mem_functions and friends.
+ CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+ extended allocation function is enabled.
+ Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+ a conventional allocation function is enabled.
+ [Richard Levitte, Bodo Moeller]
+
+ *) Finish off removing the remaining LHASH function pointer casts.
+ There should no longer be any prototype-casting required when using
+ the LHASH abstraction, and any casts that remain are "bugs". See
+ the callback types and macros at the head of lhash.h for details
+ (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+ [Geoff Thorpe]
+
+ *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+ If /dev/[u]random devices are not available or do not return enough
+ entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+ be queried.
+ The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+ /etc/entropy will be queried once each in this sequence, quering stops
+ when enough entropy was collected without querying more sockets.
+ [Lutz Jaenicke]
+
+ *) Change the Unix RAND_poll() variant to be able to poll several
+ random devices, as specified by DEVRANDOM, until a sufficient amount
+ of data has been collected. We spend at most 10 ms on each file
+ (select timeout) and read in non-blocking mode. DEVRANDOM now
+ defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+ (previously it was just the string "/dev/urandom"), so on typical
+ platforms the 10 ms delay will never occur.
+ Also separate out the Unix variant to its own file, rand_unix.c.
+ For VMS, there's a currently-empty rand_vms.c.
+ [Richard Levitte]
+
+ *) Move OCSP client related routines to ocsp_cl.c. These
+ provide utility functions which an application needing
+ to issue a request to an OCSP responder and analyse the
+ response will typically need: as opposed to those which an
+ OCSP responder itself would need which will be added later.
+
+ OCSP_request_sign() signs an OCSP request with an API similar
+ to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+ response. OCSP_response_get1_basic() extracts basic response
+ from response. OCSP_resp_find_status(): finds and extracts status
+ information from an OCSP_CERTID structure (which will be created
+ when the request structure is built). These are built from lower
+ level functions which work on OCSP_SINGLERESP structures but
+ wont normally be used unless the application wishes to examine
+ extensions in the OCSP response for example.
+
+ Replace nonce routines with a pair of functions.
+ OCSP_request_add1_nonce() adds a nonce value and optionally
+ generates a random value. OCSP_check_nonce() checks the
+ validity of the nonce in an OCSP response.
+ [Steve Henson]
+
+ *) Change function OCSP_request_add() to OCSP_request_add0_id().
+ This doesn't copy the supplied OCSP_CERTID and avoids the
+ need to free up the newly created id. Change return type
+ to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+ This can then be used to add extensions to the request.
+ Deleted OCSP_request_new(), since most of its functionality
+ is now in OCSP_REQUEST_new() (and the case insensitive name
+ clash) apart from the ability to set the request name which
+ will be added elsewhere.
+ [Steve Henson]
+
+ *) Update OCSP API. Remove obsolete extensions argument from
+ various functions. Extensions are now handled using the new
+ OCSP extension code. New simple OCSP HTTP function which
+ can be used to send requests and parse the response.
+ [Steve Henson]
+
+ *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+ ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+ uses the special reorder version of SET OF to sort the attributes
+ and reorder them to match the encoded order. This resolves a long
+ standing problem: a verify on a PKCS7 structure just after signing
+ it used to fail because the attribute order did not match the
+ encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+ it uses the received order. This is necessary to tolerate some broken
+ software that does not order SET OF. This is handled by encoding
+ as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+ to produce the required SET OF.
+ [Steve Henson]
+
+ *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+ OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+ files to get correct declarations of the ASN.1 item variables.
+ [Richard Levitte]
+
+ *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+ PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+ asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+ NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+ New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+ ASN1_ITEM and no wrapper functions.
+ [Steve Henson]
+
+ *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+ replace the old function pointer based I/O routines. Change most of
+ the *_d2i_bio() and *_d2i_fp() functions to use these.
+ [Steve Henson]
+
+ *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+ lines, recognice more "algorithms" that can be deselected, and make
+ it complain about algorithm deselection that isn't recognised.
+ [Richard Levitte]
+
+ *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+ unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+ to use new functions. Add NO_ASN1_OLD which can be set to remove
+ some old style ASN1 functions: this can be used to determine if old
+ code will still work when these eventually go away.
+ [Steve Henson]
+
+ *) New extension functions for OCSP structures, these follow the
+ same conventions as certificates and CRLs.
+ [Steve Henson]
+
+ *) New function X509V3_add1_i2d(). This automatically encodes and
+ adds an extension. Its behaviour can be customised with various
+ flags to append, replace or delete. Various wrappers added for
+ certifcates and CRLs.
+ [Steve Henson]
+
+ *) Fix to avoid calling the underlying ASN1 print routine when
+ an extension cannot be parsed. Correct a typo in the
+ OCSP_SERVICELOC extension. Tidy up print OCSP format.
+ [Steve Henson]
+
+ *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+ entries for variables.
+ [Steve Henson]
+
+ *) Add functionality to apps/openssl.c for detecting locking
+ problems: As the program is single-threaded, all we have
+ to do is register a locking callback using an array for
+ storing which locks are currently held by the program.
+ [Bodo Moeller]
+
+ *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+ SSL_get_ex_data_X509_STORE_idx(), which is used in
+ ssl_verify_cert_chain() and thus can be called at any time
+ during TLS/SSL handshakes so that thread-safety is essential.
+ Unfortunately, the ex_data design is not at all suited
+ for multi-threaded use, so it probably should be abolished.
+ [Bodo Moeller]
+
+ *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+ [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+ *) Move common extension printing code to new function
+ X509V3_print_extensions(). Reorganise OCSP print routines and
+ implement some needed OCSP ASN1 functions. Add OCSP extensions.
+ [Steve Henson]
+
+ *) New function X509_signature_print() to remove duplication in some
+ print routines.
+ [Steve Henson]
+
+ *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+ set (this was treated exactly the same as SET OF previously). This
+ is used to reorder the STACK representing the structure to match the
+ encoding. This will be used to get round a problem where a PKCS7
+ structure which was signed could not be verified because the STACK
+ order did not reflect the encoded order.
+ [Steve Henson]
+
+ *) Reimplement the OCSP ASN1 module using the new code.
+ [Steve Henson]
+
+ *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+ for its ASN1 operations. The old style function pointers still exist
+ for now but they will eventually go away.
+ [Steve Henson]
+
+ *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+ completely replaces the old ASN1 functionality with a table driven
+ encoder and decoder which interprets an ASN1_ITEM structure describing
+ the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+ largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+ has also been converted to the new form.
+ [Steve Henson]
+
+ *) Change BN_mod_exp_recp so that negative moduli are tolerated
+ (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
+ so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+ for negative moduli.
+ [Bodo Moeller]
+
+ *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+ of not touching the result's sign bit.
+ [Bodo Moeller]
+
+ *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+ set.
+ [Bodo Moeller]
+
+ *) Changed the LHASH code to use prototypes for callbacks, and created
+ macros to declare and implement thin (optionally static) functions
+ that provide type-safety and avoid function pointer casting for the
+ type-specific callbacks.
+ [Geoff Thorpe]
+
+ *) Added Kerberos Cipher Suites to be used with TLS, as written in
+ RFC 2712.
+ [Veers Staats <staatsvr at asc.hpc.mil>,
+ Jeffrey Altman <jaltman at columbia.edu>, via Richard Levitte]
+
+ *) Reformat the FAQ so the different questions and answers can be divided
+ in sections depending on the subject.
+ [Richard Levitte]
+
+ *) Have the zlib compression code load ZLIB.DLL dynamically under
+ Windows.
+ [Richard Levitte]
+
+ *) New function BN_mod_sqrt for computing square roots modulo a prime
+ (using the probabilistic Tonelli-Shanks algorithm unless
+ p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
+ be handled deterministically).
+ [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+ *) Make BN_mod_inverse faster by explicitly handling small quotients
+ in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+ 512 bits], about 30% for larger ones [1024 or 2048 bits].)
+ [Bodo Moeller]
+
+ *) New function BN_kronecker.
+ [Bodo Moeller]
+
+ *) Fix BN_gcd so that it works on negative inputs; the result is
+ positive unless both parameters are zero.
+ Previously something reasonably close to an infinite loop was
+ possible because numbers could be growing instead of shrinking
+ in the implementation of Euclid's algorithm.
+ [Bodo Moeller]
+
+ *) Fix BN_is_word() and BN_is_one() macros to take into account the
+ sign of the number in question.
+
+ Fix BN_is_word(a,w) to work correctly for w == 0.
+
+ The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+ because its test if the absolute value of 'a' equals 'w'.
+ Note that BN_abs_is_word does *not* handle w == 0 reliably;
+ it exists mostly for use in the implementations of BN_is_zero(),
+ BN_is_one(), and BN_is_word().
+ [Bodo Moeller]
+
+ *) New function BN_swap.
+ [Bodo Moeller]
+
+ *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+ the exponentiation functions are more likely to produce reasonable
+ results on negative inputs.
+ [Bodo Moeller]
+
+ *) Change BN_mod_mul so that the result is always non-negative.
+ Previously, it could be negative if one of the factors was negative;
+ I don't think anyone really wanted that behaviour.
+ [Bodo Moeller]
+
+ *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+ (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+ and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+ and add new functions:
+
+ BN_nnmod
+ BN_mod_sqr
+ BN_mod_add
+ BN_mod_add_quick
+ BN_mod_sub
+ BN_mod_sub_quick
+ BN_mod_lshift1
+ BN_mod_lshift1_quick
+ BN_mod_lshift
+ BN_mod_lshift_quick
+
+ These functions always generate non-negative results.
+
+ BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
+ such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
+
+ BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+ BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
+ be reduced modulo m.
+ [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+ The following entry accidentily appeared in the CHANGES file
+ distributed with OpenSSL 0.9.7. The modifications described in
+ it do *not* apply to OpenSSL 0.9.7.
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+#endif
+
+ *) In 'openssl passwd', verify passwords read from the terminal
+ unless the '-salt' option is used (which usually means that
+ verification would just waste user's time since the resulting
+ hash is going to be compared with some given password hash)
+ or the new '-noverify' option is used.
+
+ This is an incompatible change, but it does not affect
+ non-interactive use of 'openssl passwd' (passwords on the command
+ line, '-stdin' option, '-in ...' option) and thus should not
+ cause any problems.
+ [Bodo Moeller]
+
+ *) Remove all references to RSAref, since there's no more need for it.
+ [Richard Levitte]
+
+ *) Make DSO load along a path given through an environment variable
+ (SHLIB_PATH) with shl_load().
+ [Richard Levitte]
+
+ *) Constify the ENGINE code as a result of BIGNUM constification.
+ Also constify the RSA code and most things related to it. In a
+ few places, most notable in the depth of the ASN.1 code, ugly
+ casts back to non-const were required (to be solved at a later
+ time)
+ [Richard Levitte]
+
+ *) Make it so the openssl application has all engines loaded by default.
+ [Richard Levitte]
+
+ *) Constify the BIGNUM routines a little more.
+ [Richard Levitte]
+
+ *) Add the following functions:
+
+ ENGINE_load_cswift()
+ ENGINE_load_chil()
+ ENGINE_load_atalla()
+ ENGINE_load_nuron()
+ ENGINE_load_builtin_engines()
+
+ That way, an application can itself choose if external engines that
+ are built-in in OpenSSL shall ever be used or not. The benefit is
+ that applications won't have to be linked with libdl or other dso
+ libraries unless it's really needed.
+
+ Changed 'openssl engine' to load all engines on demand.
+ Changed the engine header files to avoid the duplication of some
+ declarations (they differed!).
+ [Richard Levitte]
+
+ *) 'openssl engine' can now list capabilities.
+ [Richard Levitte]
+
+ *) Better error reporting in 'openssl engine'.
+ [Richard Levitte]
+
+ *) Never call load_dh_param(NULL) in s_server.
+ [Bodo Moeller]
+
+ *) Add engine application. It can currently list engines by name and
+ identity, and test if they are actually available.
+ [Richard Levitte]
+
+ *) Improve RPM specification file by forcing symbolic linking and making
+ sure the installed documentation is also owned by root.root.
+ [Damien Miller <djm at mindrot.org>]
+
+ *) Give the OpenSSL applications more possibilities to make use of
+ keys (public as well as private) handled by engines.
+ [Richard Levitte]
+
+ *) Add OCSP code that comes from CertCo.
+ [Richard Levitte]
+
+ *) Add VMS support for the Rijndael code.
+ [Richard Levitte]
+
+ *) Added untested support for Nuron crypto accelerator.
+ [Ben Laurie]
+
+ *) Add support for external cryptographic devices. This code was
+ previously distributed separately as the "engine" branch.
+ [Geoff Thorpe, Richard Levitte]
+
+ *) Rework the filename-translation in the DSO code. It is now possible to
+ have far greater control over how a "name" is turned into a filename
+ depending on the operating environment and any oddities about the
+ different shared library filenames on each system.
+ [Geoff Thorpe]
+
+ *) Support threads on FreeBSD-elf in Configure.
+ [Richard Levitte]
+
+ *) Fix for SHA1 assembly problem with MASM: it produces
+ warnings about corrupt line number information when assembling
+ with debugging information. This is caused by the overlapping
+ of two sections.
+ [Bernd Matthes <mainbug at celocom.de>, Steve Henson]
+
+ *) NCONF changes.
+ NCONF_get_number() has no error checking at all. As a replacement,
+ NCONF_get_number_e() is defined (_e for "error checking") and is
+ promoted strongly. The old NCONF_get_number is kept around for
+ binary backward compatibility.
+ Make it possible for methods to load from something other than a BIO,
+ by providing a function pointer that is given a name instead of a BIO.
+ For example, this could be used to load configuration data from an
+ LDAP server.
+ [Richard Levitte]
+
+ *) Fix for non blocking accept BIOs. Added new I/O special reason
+ BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+ with non blocking I/O was not possible because no retry code was
+ implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+ this case.
+ [Steve Henson]
+
+ *) Added the beginnings of Rijndael support.
+ [Ben Laurie]
+
+ *) Fix for bug in DirectoryString mask setting. Add support for
+ X509_NAME_print_ex() in 'req' and X509_print_ex() function
+ to allow certificate printing to more controllable, additional
+ 'certopt' option to 'x509' to allow new printing options to be
+ set.
+ [Steve Henson]
+
+ *) Clean old EAY MD5 hack from e_os.h.
+ [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
+
+ *) Fix additional bug revealed by the NISCC test suite:
+
+ Stop bug triggering large recursion when presented with
+ certain ASN.1 tags (CVE-2003-0851)
+ [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
+ *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ [Steve Henson]
+
+ *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+ extra data after the compression methods not only for TLS 1.0
+ but also for SSL 3.0 (as required by the specification).
+ [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+ *) Change X509_certificate_type() to mark the key as exported/exportable
+ when it's 512 *bits* long, not 512 bytes.
+ [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
+
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CVE-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
+
+ *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+ memory from it's contents. This is done with a counter that will
+ place alternating values in each byte. This can be used to solve
+ two issues: 1) the removal of calls to memset() by highly optimizing
+ compilers, and 2) cleansing with other values than 0, since those can
+ be read through on certain media, for example a swap space on disk.
+ [Geoff Thorpe]
+
+ *) Bugfix: client side session caching did not work with external caching,
+ because the session->cipher setting was not restored when reloading
+ from the external cache. This problem was masked, when
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+ (Found by Steve Haslam <steve at araqnid.ddts.net>.)
+ [Lutz Jaenicke]
+
+ *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+ length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+ [Zeev Lieber <zeev-l at yahoo.com>]
+
+ *) Undo an undocumented change introduced in 0.9.6e which caused
+ repeated calls to OpenSSL_add_all_ciphers() and
+ OpenSSL_add_all_digests() to be ignored, even after calling
+ EVP_cleanup().
+ [Richard Levitte]
+
+ *) Change the default configuration reader to deal with last line not
+ being properly terminated.
+ [Richard Levitte]
+
+ *) Change X509_NAME_cmp() so it applies the special rules on handling
+ DN values that are of type PrintableString, as well as RDNs of type
+ emailAddress where the value has the type ia5String.
+ [stefank at valicert.com via Richard Levitte]
+
+ *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+ the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+ doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+ the bitwise-OR of the two for use by the majority of applications
+ wanting this behaviour, and update the docs. The documented
+ behaviour and actual behaviour were inconsistent and had been
+ changing anyway, so this is more a bug-fix than a behavioural
+ change.
+ [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick at tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam at courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
+
+ *) [In 0.9.6g-engine release:]
+ Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+ [Lynn Gazis <lgazis at rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
+
+ *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ [Florian Weimer <Weimer at CERT.Uni-Stuttgart.DE>,
+ Alon Kantor <alonk at checkpoint.com> (and others),
+ Steve Henson]
+
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne at ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+ *) Fix cipher selection routines: ciphers without encryption had no flags
+ for the cipher strength set and where therefore not handled correctly
+ by the selection routines (PR #130).
+ [Lutz Jaenicke]
+
+ *) Fix EVP_dsa_sha macro.
+ [Nils Larsch]
+
+ *) New option
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+ that was added in OpenSSL 0.9.6d.
+
+ As the countermeasure turned out to be incompatible with some
+ broken SSL implementations, the new option is part of SSL_OP_ALL.
+ SSL_OP_ALL is usually employed when compatibility with weird SSL
+ implementations is desired (e.g. '-bugs' option to 's_client' and
+ 's_server'), so the new option is automatically set in many
+ applications.
+ [Bodo Moeller]
+
+ *) Changes in security patch:
+
+ Changes marked "(CHATS)" were sponsored by the Defense Advanced
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer. (CVE-2002-0659)
+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers were
+ too small for 64 bit platforms. (CVE-2002-0655)
+ [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CVE-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CVE-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d [9 May 2002]
+
+ *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+ encoded as NULL) with id-dsa-with-sha1.
+ [Nils Larsch <nla at trustcenter.de>; problem pointed out by Bodo Moeller]
+
+ *) Check various X509_...() return values in apps/req.c.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+ an end-of-file condition would erronously be flagged, when the CRLF
+ was just at the end of a processed block. The bug was discovered when
+ processing data through a buffering memory BIO handing the data to a
+ BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+ <ptsekov at syntrex.com> and Nedelcho Stanev.
+ [Lutz Jaenicke]
+
+ *) Implement a countermeasure against a vulnerability recently found
+ in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+ before application data chunks to avoid the use of known IVs
+ with data potentially chosen by the attacker.
+ [Bodo Moeller]
+
+ *) Fix length checks in ssl3_get_client_hello().
+ [Bodo Moeller]
+
+ *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+ to prevent ssl3_read_internal() from incorrectly assuming that
+ ssl3_read_bytes() found application data while handshake
+ processing was enabled when in fact s->s3->in_read_app_data was
+ merely automatically cleared during the initial handshake.
+ [Bodo Moeller; problem pointed out by Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Fix object definitions for Private and Enterprise: they were not
+ recognized in their shortname (=lowercase) representation. Extend
+ obj_dat.pl to issue an error when using undefined keywords instead
+ of silently ignoring the problem (Svenning Sorensen
+ <sss at sss.dnsalias.net>).
+ [Lutz Jaenicke]
+
+ *) Fix DH_generate_parameters() so that it works for 'non-standard'
+ generators, i.e. generators other than 2 and 5. (Previously, the
+ code did not properly initialise the 'add' and 'rem' values to
+ BN_generate_prime().)
+
+ In the new general case, we do not insist that 'generator' is
+ actually a primitive root: This requirement is rather pointless;
+ a generator of the order-q subgroup is just as good, if not
+ better.
+ [Bodo Moeller]
+
+ *) Map new X509 verification errors to alerts. Discovered and submitted by
+ Tom Wu <tom at arcot.com>.
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+ returning non-zero before the data has been completely received
+ when using non-blocking I/O.
+ [Bodo Moeller; problem pointed out by John Hughes]
+
+ *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+ [Ben Laurie, Lutz Jaenicke]
+
+ *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+ Yoram Zahavi <YoramZ at gilian.com>).
+ [Lutz Jaenicke]
+
+ *) Add information about CygWin 1.3 and on, and preserve proper
+ configuration for the versions before that.
+ [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+ *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+ check whether we deal with a copy of a session and do not delete from
+ the cache in this case. Problem reported by "Izhar Shoshani Levi"
+ <izhar at checkpoint.com>.
+ [Lutz Jaenicke]
+
+ *) Do not store session data into the internal session cache, if it
+ is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+ flag is set). Proposed by Aslam <aslam at funk.com>.
+ [Lutz Jaenicke]
+
+ *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+ value is 0.
+ [Richard Levitte]
+
+ *) [In 0.9.6d-engine release:]
+ Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Add the configuration target linux-s390x.
+ [Neale Ferguson <Neale.Ferguson at SoftwareAG-USA.com> via Richard Levitte]
+
+ *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+ ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+ variable as an indication that a ClientHello message has been
+ received. As the flag value will be lost between multiple
+ invocations of ssl3_accept when using non-blocking I/O, the
+ function may not be aware that a handshake has actually taken
+ place, thus preventing a new session from being added to the
+ session cache.
+
+ To avoid this problem, we now set s->new_session to 2 instead of
+ using a local variable.
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+ if the SSL_R_LENGTH_MISMATCH error is detected.
+ [Geoff Thorpe, Bodo Moeller]
+
+ *) New 'shared_ldflag' column in Configure platform table.
+ [Richard Levitte]
+
+ *) Fix EVP_CIPHER_mode macro.
+ ["Dan S. Camper" <dan at bti.net>]
+
+ *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+ type, we must throw them away by setting rr->length to 0.
+ [D P Chang <dpc at qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c [21 dec 2001]
+
+ *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+ <Dominikus.Scherkl at biodata.com>. (The previous implementation
+ worked incorrectly for those cases where range = 10..._2 and
+ 3*range is two bits longer than range.)
+ [Bodo Moeller]
+
+ *) Only add signing time to PKCS7 structures if it is not already
+ present.
+ [Steve Henson]
+
+ *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+ OBJ_ld_ce should be OBJ_id_ce.
+ Also some ip-pda OIDs in crypto/objects/objects.txt were
+ incorrect (cf. RFC 3039).
+ [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+ *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+ returns early because it has nothing to do.
+ [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) [In 0.9.6c-engine release:]
+ Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+ [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for Cryptographic Appliance's keyserver technology.
+ (Use engine 'keyclient')
+ [Cryptographic Appliances and Geoff Thorpe]
+
+ *) Add a configuration entry for OS/390 Unix. The C compiler 'c89'
+ is called via tools/c89.sh because arguments have to be
+ rearranged (all '-L' options must appear before the first object
+ modules).
+ [Richard Shapiro <rshapiro at abinitio.com>]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for Broadcom crypto accelerator cards, backported
+ from 0.9.7.
+ [Broadcom, Nalin Dahyabhai <nalin at redhat.com>, Mark Cox]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for SureWare crypto accelerator cards from
+ Baltimore Technologies. (Use engine 'sureware')
+ [Baltimore Technologies and Mark Cox]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for crypto accelerator cards from Accelerated
+ Encryption Processing, www.aep.ie. (Use engine 'aep')
+ [AEP Inc. and Mark Cox]
+
+ *) Add a configuration entry for gcc on UnixWare.
+ [Gary Benson <gbenson at redhat.com>]
+
+ *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+ messages are stored in a single piece (fixed-length part and
+ variable-length part combined) and fix various bugs found on the way.
+ [Bodo Moeller]
+
+ *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+ instead. BIO_gethostbyname() does not know what timeouts are
+ appropriate, so entries would stay in cache even when they have
+ become invalid.
+ [Bodo Moeller; problem pointed out by Rich Salz <rsalz at zolera.com>
+
+ *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+ faced with a pathologically small ClientHello fragment that does
+ not contain client_version: Instead of aborting with an error,
+ simply choose the highest available protocol version (i.e.,
+ TLS 1.0 unless it is disabled). In practice, ClientHello
+ messages are never sent like this, but this change gives us
+ strictly correct behaviour at least for TLS.
+ [Bodo Moeller]
+
+ *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+ never resets s->method to s->ctx->method when called from within
+ one of the SSL handshake functions.
+ [Bodo Moeller; problem pointed out by Niko Baric]
+
+ *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+ (sent using the client's version number) if client_version is
+ smaller than the protocol version in use. Also change
+ ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+ the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+ the client will at least see that alert.
+ [Bodo Moeller]
+
+ *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+ correctly.
+ [Bodo Moeller]
+
+ *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+ client receives HelloRequest while in a handshake.
+ [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+ should end in 'break', not 'goto end' which circuments various
+ cleanups done in state SSL_ST_OK. But session related stuff
+ must be disabled for SSL_ST_OK in the case that we just sent a
+ HelloRequest.
+
+ Also avoid some overhead by not calling ssl_init_wbio_buffer()
+ before just sending a HelloRequest.
+ [Bodo Moeller, Eric Rescorla <ekr at rtfm.com>]
+
+ *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+ reveal whether illegal block cipher padding was found or a MAC
+ verification error occured. (Neither SSLerr() codes nor alerts
+ are directly visible to potential attackers, but the information
+ may leak via logfiles.)
+
+ Similar changes are not required for the SSL 2.0 implementation
+ because the number of padding bytes is sent in clear for SSL 2.0,
+ and the extra bytes are just ignored. However ssl/s2_pkt.c
+ failed to verify that the purported number of padding bytes is in
+ the legal range.
+ [Bodo Moeller]
+
+ *) Add OpenUNIX-8 support including shared libraries
+ (Boyd Lynn Gerber <gerberb at zenez.com>).
+ [Lutz Jaenicke]
+
+ *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+ 'wristwatch attack' using huge encoding parameters (cf.
+ James H. Manger's CRYPTO 2001 paper). Note that the
+ RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+ encoding parameters and hence was not vulnerable.
+ [Bodo Moeller]
+
+ *) BN_sqr() bug fix.
+ [Ulf M\xF6ller, reported by Jim Ellis <jim.ellis at cavium.com>]
+
+ *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+ so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+ followed by modular reduction.
+ [Bodo Moeller; pointed out by Adam Young <AYoung1 at NCSUS.JNJ.COM>]
+
+ *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+ equivalent based on BN_pseudo_rand() instead of BN_rand().
+ [Bodo Moeller]
+
+ *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+ This function was broken, as the check for a new client hello message
+ to handle SGC did not allow these large messages.
+ (Tracked down by "Douglas E. Engert" <deengert at anl.gov>.)
+ [Lutz Jaenicke]
+
+ *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+ [Lutz Jaenicke]
+
+ *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+ for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton at netopia.com>).
+ [Lutz Jaenicke]
+
+ *) Rework the configuration and shared library support for Tru64 Unix.
+ The configuration part makes use of modern compiler features and
+ still retains old compiler behavior for those that run older versions
+ of the OS. The shared library support part includes a variant that
+ uses the RPATH feature, and is available through the special
+ configuration target "alpha-cc-rpath", which will never be selected
+ automatically.
+ [Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+ *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+ with the same message size as in ssl3_get_certificate_request().
+ Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+ messages might inadvertently be reject as too long.
+ [Petr Lampa <lampa at fee.vutbr.cz>]
+
+ *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+ [Andy Polyakov]
+
+ *) Modified SSL library such that the verify_callback that has been set
+ specificly for an SSL object with SSL_set_verify() is actually being
+ used. Before the change, a verify_callback set with this function was
+ ignored and the verify_callback() set in the SSL_CTX at the time of
+ the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+ to allow the necessary settings.
+ [Lutz Jaenicke]
+
+ *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+ explicitly to NULL, as at least on Solaris 8 this seems not always to be
+ done automatically (in contradiction to the requirements of the C
+ standard). This made problems when used from OpenSSH.
+ [Lutz Jaenicke]
+
+ *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+ dh->length and always used
+
+ BN_rand_range(priv_key, dh->p).
+
+ BN_rand_range() is not necessary for Diffie-Hellman, and this
+ specific range makes Diffie-Hellman unnecessarily inefficient if
+ dh->length (recommended exponent length) is much smaller than the
+ length of dh->p. We could use BN_rand_range() if the order of
+ the subgroup was stored in the DH structure, but we only have
+ dh->length.
+
+ So switch back to
+
+ BN_rand(priv_key, l, ...)
+
+ where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+ otherwise.
+ [Bodo Moeller]
+
+ *) In
+
+ RSA_eay_public_encrypt
+ RSA_eay_private_decrypt
+ RSA_eay_private_encrypt (signing)
+ RSA_eay_public_decrypt (signature verification)
+
+ (default implementations for RSA_public_encrypt,
+ RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+ always reject numbers >= n.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+ to synchronize access to 'locking_thread'. This is necessary on
+ systems where access to 'locking_thread' (an 'unsigned long'
+ variable) is not atomic.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+ *before* setting the 'crypto_lock_rand' flag. The previous code had
+ a race condition if 0 is a valid thread ID.
+ [Travis Vitek <vitek at roguewave.com>]
+
+ *) Add support for shared libraries under Irix.
+ [Albert Chin-A-Young <china at thewrittenword.com>]
+
+ *) Add configuration option to build on Linux on both big-endian and
+ little-endian MIPS.
+ [Ralf Baechle <ralf at uni-koblenz.de>]
+
+ *) Add the possibility to create shared libraries on HP-UX.
+ [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
+
+ *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+ to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+ Markku-Juhani O. Saarinen <markku-juhani.saarinen at nokia.com>:
+ PRNG state recovery was possible based on the output of
+ one PRNG request appropriately sized to gain knowledge on
+ 'md' followed by enough consecutive 1-byte PRNG requests
+ to traverse all of 'state'.
+
+ 1. When updating 'md_local' (the current thread's copy of 'md')
+ during PRNG output generation, hash all of the previous
+ 'md_local' value, not just the half used for PRNG output.
+
+ 2. Make the number of bytes from 'state' included into the hash
+ independent from the number of PRNG bytes requested.
+
+ The first measure alone would be sufficient to avoid
+ Markku-Juhani's attack. (Actually it had never occurred
+ to me that the half of 'md_local' used for chaining was the
+ half from which PRNG output bytes were taken -- I had always
+ assumed that the secret half would be used.) The second
+ measure makes sure that additional data from 'state' is never
+ mixed into 'md_local' in small portions; this heuristically
+ further strengthens the PRNG.
+ [Bodo Moeller]
+
+ *) Fix crypto/bn/asm/mips3.s.
+ [Andy Polyakov]
+
+ *) When only the key is given to "enc", the IV is undefined. Print out
+ an error message in this case.
+ [Lutz Jaenicke]
+
+ *) Handle special case when X509_NAME is empty in X509 printing routines.
+ [Steve Henson]
+
+ *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+ positive and less than q.
+ [Bodo Moeller]
+
+ *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+ used: it isn't thread safe and the add_lock_callback should handle
+ that itself.
+ [Paul Rose <Paul.Rose at bridge.com>]
+
+ *) Verify that incoming data obeys the block size in
+ ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+ [Bodo Moeller]
+
+ *) Fix OAEP check.
+ [Ulf M\xF6ller, Bodo M\xF6ller]
+
+ *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+ RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+ when fixing the server behaviour for backwards-compatible 'client
+ hello' messages. (Note that the attack is impractical against
+ SSL 3.0 and TLS 1.0 anyway because length and version checking
+ means that the probability of guessing a valid ciphertext is
+ around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+ paper.)
+
+ Before 0.9.5, the countermeasure (hide the error by generating a
+ random 'decryption result') did not work properly because
+ ERR_clear_error() was missing, meaning that SSL_get_error() would
+ detect the supposedly ignored error.
+
+ Both problems are now fixed.
+ [Bodo Moeller]
+
+ *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+ (previously it was 1024).
+ [Bodo Moeller]
+
+ *) Fix for compatibility mode trust settings: ignore trust settings
+ unless some valid trust or reject settings are present.
+ [Steve Henson]
+
+ *) Fix for blowfish EVP: its a variable length cipher.
+ [Steve Henson]
+
+ *) Fix various bugs related to DSA S/MIME verification. Handle missing
+ parameters in DSA public key structures and return an error in the
+ DSA routines if parameters are absent.
+ [Steve Henson]
+
+ *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+ in the current directory if neither $RANDFILE nor $HOME was set.
+ RAND_file_name() in 0.9.6a returned NULL in this case. This has
+ caused some confusion to Windows users who haven't defined $HOME.
+ Thus RAND_file_name() is changed again: e_os.h can define a
+ DEFAULT_HOME, which will be used if $HOME is not set.
+ For Windows, we use "C:"; on other platforms, we still require
+ environment variables.
+
+ *) Move 'if (!initialized) RAND_poll()' into regions protected by
+ CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
+ having multiple threads call RAND_poll() concurrently.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+ combination of a flag and a thread ID variable.
+ Otherwise while one thread is in ssleay_rand_bytes (which sets the
+ flag), *other* threads can enter ssleay_add_bytes without obeying
+ the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+ that they do not hold after the first thread unsets add_do_not_lock).
+ [Bodo Moeller]
+
+ *) Change bctest again: '-x' expressions are not available in all
+ versions of 'test'.
+ [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
+
+ *) Fix a couple of memory leaks in PKCS7_dataDecode()
+ [Steve Henson, reported by Heyun Zheng <hzheng at atdsprint.com>]
+
+ *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+ the default extension for executables, if any. Also, make the perl
+ scripts that use symlink() to test if it really exists and use "cp"
+ if it doesn't. All this made OpenSSL compilable and installable in
+ CygWin.
+ [Richard Levitte]
+
+ *) Fix for asn1_GetSequence() for indefinite length constructed data.
+ If SEQUENCE is length is indefinite just set c->slen to the total
+ amount of data available.
+ [Steve Henson, reported by shige at FreeBSD.org]
+ [This change does not apply to 0.9.7.]
+
+ *) Change bctest to avoid here-documents inside command substitution
+ (workaround for FreeBSD /bin/sh bug).
+ For compatibility with Ultrix, avoid shell functions (introduced
+ in the bctest version that searches along $PATH).
+ [Bodo Moeller]
+
+ *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
+ with des_encrypt() defined on some operating systems, like Solaris
+ and UnixWare.
+ [Richard Levitte]
+
+ *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+ On the Importance of Eliminating Errors in Cryptographic
+ Computations, J. Cryptology 14 (2001) 2, 101-119,
+ http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+ [Ulf Moeller]
+
+ *) MIPS assembler BIGNUM division bug fix.
+ [Andy Polyakov]
+
+ *) Disabled incorrect Alpha assembler code.
+ [Richard Levitte]
+
+ *) Fix PKCS#7 decode routines so they correctly update the length
+ after reading an EOC for the EXPLICIT tag.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Fix bug in PKCS#12 key generation routines. This was triggered
+ if a 3DES key was generated with a 0 initial byte. Include
+ PKCS12_BROKEN_KEYGEN compilation option to retain the old
+ (but broken) behaviour.
+ [Steve Henson]
+
+ *) Enhance bctest to search for a working bc along $PATH and print
+ it when found.
+ [Tim Rice <tim at multitalents.net> via Richard Levitte]
+
+ *) Fix memory leaks in err.c: free err_data string if necessary;
+ don't write to the wrong index in ERR_set_error_data.
+ [Bodo Moeller]
+
+ *) Implement ssl23_peek (analogous to ssl23_read), which previously
+ did not exist.
+ [Bodo Moeller]
+
+ *) Replace rdtsc with _emit statements for VC++ version 5.
+ [Jeremy Cooper <jeremy at baymoo.org>]
+
+ *) Make it possible to reuse SSLv2 sessions.
+ [Richard Levitte]
+
+ *) In copy_email() check for >= 0 as a return value for
+ X509_NAME_get_index_by_NID() since 0 is a valid index.
+ [Steve Henson reported by Massimiliano Pala <madwolf at opensca.org>]
+
+ *) Avoid coredump with unsupported or invalid public keys by checking if
+ X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+ PKCS7_verify() fails with non detached data.
+ [Steve Henson]
+
+ *) Don't use getenv in library functions when run as setuid/setgid.
+ New function OPENSSL_issetugid().
+ [Ulf Moeller]
+
+ *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+ due to incorrect handling of multi-threading:
+
+ 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+ 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+ 3. Count how many times MemCheck_off() has been called so that
+ nested use can be treated correctly. This also avoids
+ inband-signalling in the previous code (which relied on the
+ assumption that thread ID 0 is impossible).
+ [Bodo Moeller]
+
+ *) Add "-rand" option also to s_client and s_server.
+ [Lutz Jaenicke]
+
+ *) Fix CPU detection on Irix 6.x.
+ [Kurt Hockenbury <khockenb at stevens-tech.edu> and
+ "Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+ was empty.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Use the cached encoding of an X509_NAME structure rather than
+ copying it. This is apparently the reason for the libsafe "errors"
+ but the code is actually correct.
+ [Steve Henson]
+
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+ to be set and top=0 forces the highest bit to be set; top=-1 is new
+ and leaves the highest bit random.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) In the NCONF_...-based implementations for CONF_... queries
+ (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+ a temporary CONF structure with the data component set to NULL
+ (which gives segmentation faults in lh_retrieve).
+ Instead, use NULL for the CONF pointer in CONF_get_string and
+ CONF_get_number (which may use environment variables) and directly
+ return NULL from CONF_get_section.
+ [Bodo Moeller]
+
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
+ *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+ keyUsage if basicConstraints absent for a CA.
+ [Steve Henson]
+
+ *) Make SMIME_write_PKCS7() write mail header values with a format that
+ is more generally accepted (no spaces before the semicolon), since
+ some programs can't parse those values properly otherwise. Also make
+ sure BIO's that break lines after each write do not create invalid
+ headers.
+ [Richard Levitte]
+
+ *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+ macros previously used would not encode an empty SEQUENCE OF
+ and break the signature.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Zero the premaster secret after deriving the master secret in
+ DH ciphersuites.
+ [Steve Henson]
+
+ *) Add some EVP_add_digest_alias registrations (as found in
+ OpenSSL_add_all_digests()) to SSL_library_init()
+ aka OpenSSL_add_ssl_algorithms(). This provides improved
+ compatibility with peers using X.509 certificates
+ with unconventional AlgorithmIdentifier OIDs.
+ [Bodo Moeller]
+
+ *) Fix for Irix with NO_ASM.
+ ["Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+ *) ./config script fixes.
+ [Ulf Moeller, Richard Levitte]
+
+ *) Fix 'openssl passwd -1'.
+ [Bodo Moeller]
+
+ *) Change PKCS12_key_gen_asc() so it can cope with non null
+ terminated strings whose length is passed in the passlen
+ parameter, for example from PEM callbacks. This was done
+ by adding an extra length parameter to asc2uni().
+ [Steve Henson, reported by <oddissey at samsung.co.kr>]
+
+ *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+ call failed, free the DSA structure.
+ [Bodo Moeller]
+
+ *) Fix to uni2asc() to cope with zero length Unicode strings.
+ These are present in some PKCS#12 files.
+ [Steve Henson]
+
+ *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+ Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+ when writing a 32767 byte record.
+ [Bodo Moeller; problem reported by Eric Day <eday at concentric.net>]
+
+ *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+ obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+ (RSA objects have a reference count access to which is protected
+ by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+ so they are meant to be shared between threads.)
+ [Bodo Moeller, Geoff Thorpe; original patch submitted by
+ "Reddie, Steven" <Steven.Reddie at ca.com>]
+
+ *) Fix a deadlock in CRYPTO_mem_leaks().
+ [Bodo Moeller]
+
+ *) Use better test patterns in bntest.
+ [Ulf M\xF6ller]
+
+ *) rand_win.c fix for Borland C.
+ [Ulf M\xF6ller]
+
+ *) BN_rshift bugfix for n == 0.
+ [Bodo Moeller]
+
+ *) Add a 'bctest' script that checks for some known 'bc' bugs
+ so that 'make test' does not abort just because 'bc' is broken.
+ [Bodo Moeller]
+
+ *) Store verify_result within SSL_SESSION also for client side to
+ avoid potential security hole. (Re-used sessions on the client side
+ always resulted in verify_result==X509_V_OK, not using the original
+ result of the server certificate verification.)
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+ SSL3_RT_APPLICATION_DATA, return 0.
+ Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+ [Bodo Moeller]
+
+ *) Fix SSL_peek:
+ Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+ releases, have been re-implemented by renaming the previous
+ implementations of ssl2_read and ssl3_read to ssl2_read_internal
+ and ssl3_read_internal, respectively, and adding 'peek' parameters
+ to them. The new ssl[23]_{read,peek} functions are calls to
+ ssl[23]_read_internal with the 'peek' flag set appropriately.
+ A 'peek' parameter has also been added to ssl3_read_bytes, which
+ does the actual work for ssl3_read_internal.
+ [Bodo Moeller]
+
+ *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+ the method-specific "init()" handler. Also clean up ex_data after
+ calling the method-specific "finish()" handler. Previously, this was
+ happening the other way round.
+ [Geoff Thorpe]
+
+ *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+ The previous value, 12, was not always sufficient for BN_mod_exp().
+ [Bodo Moeller]
+
+ *) Make sure that shared libraries get the internal name engine with
+ the full version number and not just 0. This should mark the
+ shared libraries as not backward compatible. Of course, this should
+ be changed again when we can guarantee backward binary compatibility.
+ [Richard Levitte]
+
+ *) Fix typo in get_cert_by_subject() in by_dir.c
+ [Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>]
+
+ *) Rework the system to generate shared libraries:
+
+ - Make note of the expected extension for the shared libraries and
+ if there is a need for symbolic links from for example libcrypto.so.0
+ to libcrypto.so.0.9.7. There is extended info in Configure for
+ that.
+
+ - Make as few rebuilds of the shared libraries as possible.
+
+ - Still avoid linking the OpenSSL programs with the shared libraries.
+
+ - When installing, install the shared libraries separately from the
+ static ones.
+ [Richard Levitte]
+
+ *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+ Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+ and not in SSL_clear because the latter is also used by the
+ accept/connect functions; previously, the settings made by
+ SSL_set_read_ahead would be lost during the handshake.
+ [Bodo Moeller; problems reported by Anders Gertz <gertz at epact.se>]
+
+ *) Correct util/mkdef.pl to be selective about disabled algorithms.
+ Previously, it would create entries for disableed algorithms no
+ matter what.
+ [Richard Levitte]
+
+ *) Added several new manual pages for SSL_* function.
+ [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
+
+ *) In ssl23_get_client_hello, generate an error message when faced
+ with an initial SSL 3.0/TLS record that is too small to contain the
+ first two bytes of the ClientHello message, i.e. client_version.
+ (Note that this is a pathologic case that probably has never happened
+ in real life.) The previous approach was to use the version number
+ from the record header as a substitute; but our protocol choice
+ should not depend on that one because it is not authenticated
+ by the Finished messages.
+ [Bodo Moeller]
+
+ *) More robust randomness gathering functions for Windows.
+ [Jeffrey Altman <jaltman at columbia.edu>]
+
+ *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+ not set then we don't setup the error code for issuer check errors
+ to avoid possibly overwriting other errors which the callback does
+ handle. If an application does set the flag then we assume it knows
+ what it is doing and can handle the new informational codes
+ appropriately.
+ [Steve Henson]
+
+ *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+ a general "ANY" type, as such it should be able to decode anything
+ including tagged types. However it didn't check the class so it would
+ wrongly interpret tagged types in the same way as their universal
+ counterpart and unknown types were just rejected. Changed so that the
+ tagged and unknown types are handled in the same way as a SEQUENCE:
+ that is the encoding is stored intact. There is also a new type
+ "V_ASN1_OTHER" which is used when the class is not universal, in this
+ case we have no idea what the actual type is so we just lump them all
+ together.
+ [Steve Henson]
+
+ *) On VMS, stdout may very well lead to a file that is written to
+ in a record-oriented fashion. That means that every write() will
+ write a separate record, which will be read separately by the
+ programs trying to read from it. This can be very confusing.
+
+ The solution is to put a BIO filter in the way that will buffer
+ text until a linefeed is reached, and then write everything a
+ line at a time, so every record written will be an actual line,
+ not chunks of lines and not (usually doesn't happen, but I've
+ seen it once) several lines in one record. BIO_f_linebuffer() is
+ the answer.
+
+ Currently, it's a VMS-only method, because that's where it has
+ been tested well enough.
+ [Richard Levitte]
+
+ *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+ it can return incorrect results.
+ (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+ but it was in 0.9.6-beta[12].)
+ [Bodo Moeller]
+
+ *) Disable the check for content being present when verifying detached
+ signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+ include zero length content when signing messages.
+ [Steve Henson]
+
+ *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+ BIO_ctrl (for BIO pairs).
+ [Bodo M\xF6ller]
+
+ *) Add DSO method for VMS.
+ [Richard Levitte]
+
+ *) Bug fix: Montgomery multiplication could produce results with the
+ wrong sign.
+ [Ulf M\xF6ller]
+
+ *) Add RPM specification openssl.spec and modify it to build three
+ packages. The default package contains applications, application
+ documentation and run-time libraries. The devel package contains
+ include files, static libraries and function documentation. The
+ doc package contains the contents of the doc directory. The original
+ openssl.spec was provided by Damien Miller <djm at mindrot.org>.
+ [Richard Levitte]
+
+ *) Add a large number of documentation files for many SSL routines.
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+ *) Add a configuration entry for Sony News 4.
+ [NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>]
+
+ *) Don't set the two most significant bits to one when generating a
+ random number < q in the DSA library.
+ [Ulf M\xF6ller]
+
+ *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
+ behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+ the underlying transport is blocking) if a handshake took place.
+ (The default behaviour is needed by applications such as s_client
+ and s_server that use select() to determine when to use SSL_read;
+ but for applications that know in advance when to expect data, it
+ just makes things more complicated.)
+ [Bodo Moeller]
+
+ *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+ from EGD.
+ [Ben Laurie]
+
+ *) Add a few more EBCDIC conditionals that make `req' and `x509'
+ work better on such systems.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+ Update PKCS12_parse() so it copies the friendlyName and the
+ keyid to the certificates aux info.
+ [Steve Henson]
+
+ *) Fix bug in PKCS7_verify() which caused an infinite loop
+ if there was more than one signature.
+ [Sven Uszpelkat <su at celocom.de>]
+
+ *) Major change in util/mkdef.pl to include extra information
+ about each symbol, as well as presentig variables as well
+ as functions. This change means that there's n more need
+ to rebuild the .num files when some algorithms are excluded.
+ [Richard Levitte]
+
+ *) Allow the verify time to be set by an application,
+ rather than always using the current time.
+ [Steve Henson]
+
+ *) Phase 2 verify code reorganisation. The certificate
+ verify code now looks up an issuer certificate by a
+ number of criteria: subject name, authority key id
+ and key usage. It also verifies self signed certificates
+ by the same criteria. The main comparison function is
+ X509_check_issued() which performs these checks.
+
+ Lot of changes were necessary in order to support this
+ without completely rewriting the lookup code.
+
+ Authority and subject key identifier are now cached.
+
+ The LHASH 'certs' is X509_STORE has now been replaced
+ by a STACK_OF(X509_OBJECT). This is mainly because an
+ LHASH can't store or retrieve multiple objects with
+ the same hash value.
+
+ As a result various functions (which were all internal
+ use only) have changed to handle the new X509_STORE
+ structure. This will break anything that messed round
+ with X509_STORE internally.
+
+ The functions X509_STORE_add_cert() now checks for an
+ exact match, rather than just subject name.
+
+ The X509_STORE API doesn't directly support the retrieval
+ of multiple certificates matching a given criteria, however
+ this can be worked round by performing a lookup first
+ (which will fill the cache with candidate certificates)
+ and then examining the cache for matches. This is probably
+ the best we can do without throwing out X509_LOOKUP
+ entirely (maybe later...).
+
+ The X509_VERIFY_CTX structure has been enhanced considerably.
+
+ All certificate lookup operations now go via a get_issuer()
+ callback. Although this currently uses an X509_STORE it
+ can be replaced by custom lookups. This is a simple way
+ to bypass the X509_STORE hackery necessary to make this
+ work and makes it possible to use more efficient techniques
+ in future. A very simple version which uses a simple
+ STACK for its trusted certificate store is also provided
+ using X509_STORE_CTX_trusted_stack().
+
+ The verify_cb() and verify() callbacks now have equivalents
+ in the X509_STORE_CTX structure.
+
+ X509_STORE_CTX also has a 'flags' field which can be used
+ to customise the verify behaviour.
+ [Steve Henson]
+
+ *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
+ excludes S/MIME capabilities.
+ [Steve Henson]
+
+ *) When a certificate request is read in keep a copy of the
+ original encoding of the signed data and use it when outputing
+ again. Signatures then use the original encoding rather than
+ a decoded, encoded version which may cause problems if the
+ request is improperly encoded.
+ [Steve Henson]
+
+ *) For consistency with other BIO_puts implementations, call
+ buffer_write(b, ...) directly in buffer_puts instead of calling
+ BIO_write(b, ...).
+
+ In BIO_puts, increment b->num_write as in BIO_write.
+ [Peter.Sylvester at EdelWeb.fr]
+
+ *) Fix BN_mul_word for the case where the word is 0. (We have to use
+ BN_zero, we may not return a BIGNUM with an array consisting of
+ words set to zero.)
+ [Bodo Moeller]
+
+ *) Avoid calling abort() from within the library when problems are
+ detected, except if preprocessor symbols have been defined
+ (such as REF_CHECK, BN_DEBUG etc.).
+ [Bodo Moeller]
+
+ *) New openssl application 'rsautl'. This utility can be
+ used for low level RSA operations. DER public key
+ BIO/fp routines also added.
+ [Steve Henson]
+
+ *) New Configure entry and patches for compiling on QNX 4.
+ [Andreas Schneider <andreas at ds3.etech.fh-hamburg.de>]
+
+ *) A demo state-machine implementation was sponsored by
+ Nuron (http://www.nuron.com/) and is now available in
+ demos/state_machine.
+ [Ben Laurie]
+
+ *) New options added to the 'dgst' utility for signature
+ generation and verification.
+ [Steve Henson]
+
+ *) Unrecognized PKCS#7 content types are now handled via a
+ catch all ASN1_TYPE structure. This allows unsupported
+ types to be stored as a "blob" and an application can
+ encode and decode it manually.
+ [Steve Henson]
+
+ *) Fix various signed/unsigned issues to make a_strex.c
+ compile under VC++.
+ [Oscar Jacobsson <oscar.jacobsson at celocom.com>]
+
+ *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+ length if passed a buffer. ASN1_INTEGER_to_BN failed
+ if passed a NULL BN and its argument was negative.
+ [Steve Henson, pointed out by Sven Heiberg <sven at tartu.cyber.ee>]
+
+ *) Modification to PKCS#7 encoding routines to output definite
+ length encoding. Since currently the whole structures are in
+ memory there's not real point in using indefinite length
+ constructed encoding. However if OpenSSL is compiled with
+ the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+ [Steve Henson]
+
+ *) Added BIO_vprintf() and BIO_vsnprintf().
+ [Richard Levitte]
+
+ *) Added more prefixes to parse for in the the strings written
+ through a logging bio, to cover all the levels that are available
+ through syslog. The prefixes are now:
+
+ PANIC, EMERG, EMR => LOG_EMERG
+ ALERT, ALR => LOG_ALERT
+ CRIT, CRI => LOG_CRIT
+ ERROR, ERR => LOG_ERR
+ WARNING, WARN, WAR => LOG_WARNING
+ NOTICE, NOTE, NOT => LOG_NOTICE
+ INFO, INF => LOG_INFO
+ DEBUG, DBG => LOG_DEBUG
+
+ and as before, if none of those prefixes are present at the
+ beginning of the string, LOG_ERR is chosen.
+
+ On Win32, the LOG_* levels are mapped according to this:
+
+ LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
+ LOG_WARNING => EVENTLOG_WARNING_TYPE
+ LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
+
+ [Richard Levitte]
+
+ *) Made it possible to reconfigure with just the configuration
+ argument "reconf" or "reconfigure". The command line arguments
+ are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+ and are retrieved from there when reconfiguring.
+ [Richard Levitte]
+
+ *) MD4 implemented.
+ [Assar Westerlund <assar at sics.se>, Richard Levitte]
+
+ *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+ [Richard Levitte]
+
+ *) The obj_dat.pl script was messing up the sorting of object
+ names. The reason was that it compared the quoted version
+ of strings as a result "OCSP" > "OCSP Signing" because
+ " > SPACE. Changed script to store unquoted versions of
+ names and add quotes on output. It was also omitting some
+ names from the lookup table if they were given a default
+ value (that is if SN is missing it is given the same
+ value as LN and vice versa), these are now added on the
+ grounds that if an object has a name we should be able to
+ look it up. Finally added warning output when duplicate
+ short or long names are found.
+ [Steve Henson]
+
+ *) Changes needed for Tandem NSK.
+ [Scott Uroff <scott at xypro.com>]
+
+ *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+ RSA_padding_check_SSLv23(), special padding was never detected
+ and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+ version rollback attacks was not effective.
+
+ In s23_clnt.c, don't use special rollback-attack detection padding
+ (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+ client; similarly, in s23_srvr.c, don't do the rollback check if
+ SSL 2.0 is the only protocol enabled in the server.
+ [Bodo Moeller]
+
+ *) Make it possible to get hexdumps of unprintable data with 'openssl
+ asn1parse'. By implication, the functions ASN1_parse_dump() and
+ BIO_dump_indent() are added.
+ [Richard Levitte]
+
+ *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+ these print out strings and name structures based on various
+ flags including RFC2253 support and proper handling of
+ multibyte characters. Added options to the 'x509' utility
+ to allow the various flags to be set.
+ [Steve Henson]
+
+ *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+ Also change the functions X509_cmp_current_time() and
+ X509_gmtime_adj() work with an ASN1_TIME structure,
+ this will enable certificates using GeneralizedTime in validity
+ dates to be checked.
+ [Steve Henson]
+
+ *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+ negative public key encodings) on by default,
+ NO_NEG_PUBKEY_BUG can be set to disable it.
+ [Steve Henson]
+
+ *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+ content octets. An i2c_ASN1_OBJECT is unnecessary because
+ the encoding can be trivially obtained from the structure.
+ [Steve Henson]
+
+ *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+ not read locks (CRYPTO_r_[un]lock).
+ [Bodo Moeller]
+
+ *) A first attempt at creating official support for shared
+ libraries through configuration. I've kept it so the
+ default is static libraries only, and the OpenSSL programs
+ are always statically linked for now, but there are
+ preparations for dynamic linking in place.
+ This has been tested on Linux and Tru64.
+ [Richard Levitte]
+
+ *) Randomness polling function for Win9x, as described in:
+ Peter Gutmann, Software Generation of Practically Strong
+ Random Numbers.
+ [Ulf M\xF6ller]
+
+ *) Fix so PRNG is seeded in req if using an already existing
+ DSA key.
+ [Steve Henson]
+
+ *) New options to smime application. -inform and -outform
+ allow alternative formats for the S/MIME message including
+ PEM and DER. The -content option allows the content to be
+ specified separately. This should allow things like Netscape
+ form signing output easier to verify.
+ [Steve Henson]
+
+ *) Fix the ASN1 encoding of tags using the 'long form'.
+ [Steve Henson]
+
+ *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+ STRING types. These convert content octets to and from the
+ underlying type. The actual tag and length octets are
+ already assumed to have been read in and checked. These
+ are needed because all other string types have virtually
+ identical handling apart from the tag. By having versions
+ of the ASN1 functions that just operate on content octets
+ IMPLICIT tagging can be handled properly. It also allows
+ the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+ and ASN1_INTEGER are identical apart from the tag.
+ [Steve Henson]
+
+ *) Change the handling of OID objects as follows:
+
+ - New object identifiers are inserted in objects.txt, following
+ the syntax given in objects.README.
+ - objects.pl is used to process obj_mac.num and create a new
+ obj_mac.h.
+ - obj_dat.pl is used to create a new obj_dat.h, using the data in
+ obj_mac.h.
+
+ This is currently kind of a hack, and the perl code in objects.pl
+ isn't very elegant, but it works as I intended. The simplest way
+ to check that it worked correctly is to look in obj_dat.h and
+ check the array nid_objs and make sure the objects haven't moved
+ around (this is important!). Additions are OK, as well as
+ consistent name changes.
+ [Richard Levitte]
+
+ *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+ [Bodo Moeller]
+
+ *) Addition of the command line parameter '-rand file' to 'openssl req'.
+ The given file adds to whatever has already been seeded into the
+ random pool through the RANDFILE configuration file option or
+ environment variable, or the default random state file.
+ [Richard Levitte]
+
+ *) mkstack.pl now sorts each macro group into lexical order.
+ Previously the output order depended on the order the files
+ appeared in the directory, resulting in needless rewriting
+ of safestack.h .
+ [Steve Henson]
+
+ *) Patches to make OpenSSL compile under Win32 again. Mostly
+ work arounds for the VC++ problem that it treats func() as
+ func(void). Also stripped out the parts of mkdef.pl that
+ added extra typesafe functions: these no longer exist.
+ [Steve Henson]
+
+ *) Reorganisation of the stack code. The macros are now all
+ collected in safestack.h . Each macro is defined in terms of
+ a "stack macro" of the form SKM_<name>(type, a, b). The
+ DEBUG_SAFESTACK is now handled in terms of function casts,
+ this has the advantage of retaining type safety without the
+ use of additional functions. If DEBUG_SAFESTACK is not defined
+ then the non typesafe macros are used instead. Also modified the
+ mkstack.pl script to handle the new form. Needs testing to see
+ if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+ the default if no major problems. Similar behaviour for ASN1_SET_OF
+ and PKCS12_STACK_OF.
+ [Steve Henson]
+
+ *) When some versions of IIS use the 'NET' form of private key the
+ key derivation algorithm is different. Normally MD5(password) is
+ used as a 128 bit RC4 key. In the modified case
+ MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
+ new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+ as the old Netscape_RSA functions except they have an additional
+ 'sgckey' parameter which uses the modified algorithm. Also added
+ an -sgckey command line option to the rsa utility. Thanks to
+ Adrian Peck <bertie at ncipher.com> for posting details of the modified
+ algorithm to openssl-dev.
+ [Steve Henson]
+
+ *) The evp_local.h macros were using 'c.##kname' which resulted in
+ invalid expansion on some systems (SCO 5.0.5 for example).
+ Corrected to 'c.kname'.
+ [Phillip Porch <root at theporch.com>]
+
+ *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+ a STACK of email addresses from a certificate or request, these look
+ in the subject name and the subject alternative name extensions and
+ omit any duplicate addresses.
+ [Steve Henson]
+
+ *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+ This makes DSA verification about 2 % faster.
+ [Bodo Moeller]
+
+ *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+ (meaning that now 2^5 values will be precomputed, which is only 4 KB
+ plus overhead for 1024 bit moduli).
+ This makes exponentiations about 0.5 % faster for 1024 bit
+ exponents (as measured by "openssl speed rsa2048").
+ [Bodo Moeller]
+
+ *) Rename memory handling macros to avoid conflicts with other
+ software:
+ Malloc => OPENSSL_malloc
+ Malloc_locked => OPENSSL_malloc_locked
+ Realloc => OPENSSL_realloc
+ Free => OPENSSL_free
+ [Richard Levitte]
+
+ *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+ faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+ [Bodo Moeller]
+
+ *) CygWin32 support.
+ [John Jarvie <jjarvie at newsguy.com>]
+
+ *) The type-safe stack code has been rejigged. It is now only compiled
+ in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+ by default all type-specific stack functions are "#define"d back to
+ standard stack functions. This results in more streamlined output
+ but retains the type-safety checking possibilities of the original
+ approach.
+ [Geoff Thorpe]
+
+ *) The STACK code has been cleaned up, and certain type declarations
+ that didn't make a lot of sense have been brought in line. This has
+ also involved a cleanup of sorts in safestack.h to more correctly
+ map type-safe stack functions onto their plain stack counterparts.
+ This work has also resulted in a variety of "const"ifications of
+ lots of the code, especially "_cmp" operations which should normally
+ be prototyped with "const" parameters anyway.
+ [Geoff Thorpe]
+
+ *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+ by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+ (The PRNG state consists of two parts, the large pool 'state' and 'md',
+ where all of 'md' is used each time the PRNG is used, but 'state'
+ is used only indexed by a cyclic counter. As entropy may not be
+ well distributed from the beginning, 'md' is important as a
+ chaining variable. However, the output function chains only half
+ of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
+ all of 'md', and seeding with STATE_SIZE dummy bytes will result
+ in all of 'state' being rewritten, with the new values depending
+ on virtually all of 'md'. This overcomes the 80 bit limitation.)
+ [Bodo Moeller]
+
+ *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+ the handshake is continued after ssl_verify_cert_chain();
+ otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+ can lead to 'unexplainable' connection aborts later.
+ [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+ *) Major EVP API cipher revision.
+ Add hooks for extra EVP features. This allows various cipher
+ parameters to be set in the EVP interface. Support added for variable
+ key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+ setting of RC2 and RC5 parameters.
+
+ Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+ ciphers.
+
+ Remove lots of duplicated code from the EVP library. For example *every*
+ cipher init() function handles the 'iv' in the same way according to the
+ cipher mode. They also all do nothing if the 'key' parameter is NULL and
+ for CFB and OFB modes they zero ctx->num.
+
+ New functionality allows removal of S/MIME code RC2 hack.
+
+ Most of the routines have the same form and so can be declared in terms
+ of macros.
+
+ By shifting this to the top level EVP_CipherInit() it can be removed from
+ all individual ciphers. If the cipher wants to handle IVs or keys
+ differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+ flags.
+
+ Change lots of functions like EVP_EncryptUpdate() to now return a
+ value: although software versions of the algorithms cannot fail
+ any installed hardware versions can.
+ [Steve Henson]
+
+ *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+ this option is set, tolerate broken clients that send the negotiated
+ protocol version number instead of the requested protocol version
+ number.
+ [Bodo Moeller]
+
+ *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+ i.e. non-zero for export ciphersuites, zero otherwise.
+ Previous versions had this flag inverted, inconsistent with
+ rsa_tmp_cb (..._TMP_RSA_CB).
+ [Bodo Moeller; problem reported by Amit Chopra]
+
+ *) Add missing DSA library text string. Work around for some IIS
+ key files with invalid SEQUENCE encoding.
+ [Steve Henson]
+
+ *) Add a document (doc/standards.txt) that list all kinds of standards
+ and so on that are implemented in OpenSSL.
+ [Richard Levitte]
+
+ *) Enhance c_rehash script. Old version would mishandle certificates
+ with the same subject name hash and wouldn't handle CRLs at all.
+ Added -fingerprint option to crl utility, to support new c_rehash
+ features.
+ [Steve Henson]
+
+ *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+ [Ulf M\xF6ller]
+
+ *) Fix for SSL server purpose checking. Server checking was
+ rejecting certificates which had extended key usage present
+ but no ssl client purpose.
+ [Steve Henson, reported by Rene Grosser <grosser at hisolutions.com>]
+
+ *) Make PKCS#12 code work with no password. The PKCS#12 spec
+ is a little unclear about how a blank password is handled.
+ Since the password in encoded as a BMPString with terminating
+ double NULL a zero length password would end up as just the
+ double NULL. However no password at all is different and is
+ handled differently in the PKCS#12 key generation code. NS
+ treats a blank password as zero length. MSIE treats it as no
+ password on export: but it will try both on import. We now do
+ the same: PKCS12_parse() tries zero length and no password if
+ the password is set to "" or NULL (NULL is now a valid password:
+ it wasn't before) as does the pkcs12 application.
+ [Steve Henson]
+
+ *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+ perror when PEM_read_bio_X509_REQ fails, the error message must
+ be obtained from the error queue.
+ [Bodo Moeller]
+
+ *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+ it in ERR_remove_state if appropriate, and change ERR_get_state
+ accordingly to avoid race conditions (this is necessary because
+ thread_hash is no longer constant once set).
+ [Bodo Moeller]
+
+ *) Bugfix for linux-elf makefile.one.
+ [Ulf M\xF6ller]
+
+ *) RSA_get_default_method() will now cause a default
+ RSA_METHOD to be chosen if one doesn't exist already.
+ Previously this was only set during a call to RSA_new()
+ or RSA_new_method(NULL) meaning it was possible for
+ RSA_get_default_method() to return NULL.
+ [Geoff Thorpe]
+
+ *) Added native name translation to the existing DSO code
+ that will convert (if the flag to do so is set) filenames
+ that are sufficiently small and have no path information
+ into a canonical native form. Eg. "blah" converted to
+ "libblah.so" or "blah.dll" etc.
+ [Geoff Thorpe]
+
+ *) New function ERR_error_string_n(e, buf, len) which is like
+ ERR_error_string(e, buf), but writes at most 'len' bytes
+ including the 0 terminator. For ERR_error_string_n, 'buf'
+ may not be NULL.
+ [Damien Miller <djm at mindrot.org>, Bodo Moeller]
+
+ *) CONF library reworked to become more general. A new CONF
+ configuration file reader "class" is implemented as well as a
+ new functions (NCONF_*, for "New CONF") to handle it. The now
+ old CONF_* functions are still there, but are reimplemented to
+ work in terms of the new functions. Also, a set of functions
+ to handle the internal storage of the configuration data is
+ provided to make it easier to write new configuration file
+ reader "classes" (I can definitely see something reading a
+ configuration file in XML format, for example), called _CONF_*,
+ or "the configuration storage API"...
+
+ The new configuration file reading functions are:
+
+ NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+ NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+ NCONF_default, NCONF_WIN32
+
+ NCONF_dump_fp, NCONF_dump_bio
+
+ NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+ NCONF_new creates a new CONF object. This works in the same way
+ as other interfaces in OpenSSL, like the BIO interface.
+ NCONF_dump_* dump the internal storage of the configuration file,
+ which is useful for debugging. All other functions take the same
+ arguments as the old CONF_* functions wth the exception of the
+ first that must be a `CONF *' instead of a `LHASH *'.
+
+ To make it easer to use the new classes with the old CONF_* functions,
+ the function CONF_set_default_method is provided.
+ [Richard Levitte]
+
+ *) Add '-tls1' option to 'openssl ciphers', which was already
+ mentioned in the documentation but had not been implemented.
+ (This option is not yet really useful because even the additional
+ experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+ [Bodo Moeller]
+
+ *) Initial DSO code added into libcrypto for letting OpenSSL (and
+ OpenSSL-based applications) load shared libraries and bind to
+ them in a portable way.
+ [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
+
+ *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+ *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+ (the default implementation of RAND_status).
+
+ *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+ to '-clrext' (= clear extensions), as intended and documented.
+ [Bodo Moeller; inconsistency pointed out by Michael Attili
+ <attili at amaxo.com>]
+
+ *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+ was larger than the MD block size.
+ [Steve Henson, pointed out by Yost William <YostW at tce.com>]
+
+ *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+ fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+ using the passed key: if the passed key was a private key the result
+ of X509_print(), for example, would be to print out all the private key
+ components.
+ [Steve Henson]
+
+ *) des_quad_cksum() byte order bug fix.
+ [Ulf M\xF6ller, using the problem description in krb4-0.9.7, where
+ the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
+
+ *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+ discouraged.
+ [Steve Henson, pointed out by Brian Korver <briank at cs.stanford.edu>]
+
+ *) For easily testing in shell scripts whether some command
+ 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+ returns with exit code 0 iff no command of the given name is available.
+ 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases,
+ the output goes to stdout and nothing is printed to stderr.
+ Additional arguments are always ignored.
+
+ Since for each cipher there is a command of the same name,
+ the 'no-cipher' compilation switches can be tested this way.
+
+ ('openssl no-XXX' is not able to detect pseudo-commands such
+ as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+ [Bodo Moeller]
+
+ *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+ [Bodo Moeller]
+
+ *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+ is set; it will be thrown away anyway because each handshake creates
+ its own key.
+ ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+ to parameters -- in previous versions (since OpenSSL 0.9.3) the
+ 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+ you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+ [Bodo Moeller]
+
+ *) New s_client option -ign_eof: EOF at stdin is ignored, and
+ 'Q' and 'R' lose their special meanings (quit/renegotiate).
+ This is part of what -quiet does; unlike -quiet, -ign_eof
+ does not suppress any output.
+ [Richard Levitte]
+
+ *) Add compatibility options to the purpose and trust code. The
+ purpose X509_PURPOSE_ANY is "any purpose" which automatically
+ accepts a certificate or CA, this was the previous behaviour,
+ with all the associated security issues.
+
+ X509_TRUST_COMPAT is the old trust behaviour: only and
+ automatically trust self signed roots in certificate store. A
+ new trust setting X509_TRUST_DEFAULT is used to specify that
+ a purpose has no associated trust setting and it should instead
+ use the value in the default purpose.
+ [Steve Henson]
+
+ *) Fix the PKCS#8 DSA private key code so it decodes keys again
+ and fix a memory leak.
+ [Steve Henson]
+
+ *) In util/mkerr.pl (which implements 'make errors'), preserve
+ reason strings from the previous version of the .c file, as
+ the default to have only downcase letters (and digits) in
+ automatically generated reasons codes is not always appropriate.
+ [Bodo Moeller]
+
+ *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+ using strerror. Previously, ERR_reason_error_string() returned
+ library names as reason strings for SYSerr; but SYSerr is a special
+ case where small numbers are errno values, not library numbers.
+ [Bodo Moeller]
+
+ *) Add '-dsaparam' option to 'openssl dhparam' application. This
+ converts DSA parameters into DH parameters. (When creating parameters,
+ DSA_generate_parameters is used.)
+ [Bodo Moeller]
+
+ *) Include 'length' (recommended exponent length) in C code generated
+ by 'openssl dhparam -C'.
+ [Bodo Moeller]
+
+ *) The second argument to set_label in perlasm was already being used
+ so couldn't be used as a "file scope" flag. Moved to third argument
+ which was free.
+ [Steve Henson]
+
+ *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+ instead of RAND_bytes for encryption IVs and salts.
+ [Bodo Moeller]
+
+ *) Include RAND_status() into RAND_METHOD instead of implementing
+ it only for md_rand.c Otherwise replacing the PRNG by calling
+ RAND_set_rand_method would be impossible.
+ [Bodo Moeller]
+
+ *) Don't let DSA_generate_key() enter an infinite loop if the random
+ number generation fails.
+ [Bodo Moeller]
+
+ *) New 'rand' application for creating pseudo-random output.
+ [Bodo Moeller]
+
+ *) Added configuration support for Linux/IA64
+ [Rolf Haberrecker <rolf at suse.de>]
+
+ *) Assembler module support for Mingw32.
+ [Ulf M\xF6ller]
+
+ *) Shared library support for HPUX (in shlib/).
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
+
+ *) Shared library support for Solaris gcc.
+ [Lutz Behnke <behnke at trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5 [28 Feb 2000]
+
+ *) PKCS7_encrypt() was adding text MIME headers twice because they
+ were added manually and by SMIME_crlf_copy().
+ [Steve Henson]
+
+ *) In bntest.c don't call BN_rand with zero bits argument.
+ [Steve Henson, pointed out by Andrew W. Gray <agray at iconsinc.com>]
+
+ *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+ case was implemented. This caused BN_div_recp() to fail occasionally.
+ [Ulf M\xF6ller]
+
+ *) Add an optional second argument to the set_label() in the perl
+ assembly language builder. If this argument exists and is set
+ to 1 it signals that the assembler should use a symbol whose
+ scope is the entire file, not just the current function. This
+ is needed with MASM which uses the format label:: for this scope.
+ [Steve Henson, pointed out by Peter Runestig <peter at runestig.com>]
+
+ *) Change the ASN1 types so they are typedefs by default. Before
+ almost all types were #define'd to ASN1_STRING which was causing
+ STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+ for example.
+ [Steve Henson]
+
+ *) Change names of new functions to the new get1/get0 naming
+ convention: After 'get1', the caller owns a reference count
+ and has to call ..._free; 'get0' returns a pointer to some
+ data structure without incrementing reference counters.
+ (Some of the existing 'get' functions increment a reference
+ counter, some don't.)
+ Similarly, 'set1' and 'add1' functions increase reference
+ counters or duplicate objects.
+ [Steve Henson]
+
+ *) Allow for the possibility of temp RSA key generation failure:
+ the code used to assume it always worked and crashed on failure.
+ [Steve Henson]
+
+ *) Fix potential buffer overrun problem in BIO_printf().
+ [Ulf M\xF6ller, using public domain code by Patrick Powell; problem
+ pointed out by David Sacerdote <das33 at cornell.edu>]
+
+ *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
+ RAND_egd() and RAND_status(). In the command line application,
+ the EGD socket can be specified like a seed file using RANDFILE
+ or -rand.
+ [Ulf M\xF6ller]
+
+ *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+ Some CAs (e.g. Verisign) distribute certificates in this form.
+ [Steve Henson]
+
+ *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+ list to exclude them. This means that no special compilation option
+ is needed to use anonymous DH: it just needs to be included in the
+ cipher list.
+ [Steve Henson]
+
+ *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+ EVP_MD_type. The old functionality is available in a new macro called
+ EVP_MD_md(). Change code that uses it and update docs.
+ [Steve Henson]
+
+ *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+ where the 'void *' argument is replaced by a function pointer argument.
+ Previously 'void *' was abused to point to functions, which works on
+ many platforms, but is not correct. As these functions are usually
+ called by macros defined in OpenSSL header files, most source code
+ should work without changes.
+ [Richard Levitte]
+
+ *) <openssl/opensslconf.h> (which is created by Configure) now contains
+ sections with information on -D... compiler switches used for
+ compiling the library so that applications can see them. To enable
+ one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+ must be defined. E.g.,
+ #define OPENSSL_ALGORITHM_DEFINES
+ #include <openssl/opensslconf.h>
+ defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+ [Richard Levitte, Ulf and Bodo M\xF6ller]
+
+ *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+ record layer.
+ [Bodo Moeller]
+
+ *) Change the 'other' type in certificate aux info to a STACK_OF
+ X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+ the required ASN1 format: arbitrary types determined by an OID.
+ [Steve Henson]
+
+ *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+ argument to 'req'. This is not because the function is newer or
+ better than others it just uses the work 'NEW' in the certificate
+ request header lines. Some software needs this.
+ [Steve Henson]
+
+ *) Reorganise password command line arguments: now passwords can be
+ obtained from various sources. Delete the PEM_cb function and make
+ it the default behaviour: i.e. if the callback is NULL and the
+ usrdata argument is not NULL interpret it as a null terminated pass
+ phrase. If usrdata and the callback are NULL then the pass phrase
+ is prompted for as usual.
+ [Steve Henson]
+
+ *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+ the support is automatically enabled. The resulting binaries will
+ autodetect the card and use it if present.
+ [Ben Laurie and Compaq Inc.]
+
+ *) Work around for Netscape hang bug. This sends certificate request
+ and server done in one record. Since this is perfectly legal in the
+ SSL/TLS protocol it isn't a "bug" option and is on by default. See
+ the bugs/SSLv3 entry for more info.
+ [Steve Henson]
+
+ *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+ [Andy Polyakov]
+
+ *) Add -rand argument to smime and pkcs12 applications and read/write
+ of seed file.
+ [Steve Henson]
+
+ *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+ [Bodo Moeller]
+
+ *) Add command line password options to the remaining applications.
+ [Steve Henson]
+
+ *) Bug fix for BN_div_recp() for numerators with an even number of
+ bits.
+ [Ulf M\xF6ller]
+
+ *) More tests in bntest.c, and changed test_bn output.
+ [Ulf M\xF6ller]
+
+ *) ./config recognizes MacOS X now.
+ [Andy Polyakov]
+
+ *) Bug fix for BN_div() when the first words of num and divsor are
+ equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+ [Ulf M\xF6ller]
+
+ *) Add support for various broken PKCS#8 formats, and command line
+ options to produce them.
+ [Steve Henson]
+
+ *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+ get temporary BIGNUMs from a BN_CTX.
+ [Ulf M\xF6ller]
+
+ *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+ for p == 0.
+ [Ulf M\xF6ller]
+
+ *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+ include a #define from the old name to the new. The original intent
+ was that statically linked binaries could for example just call
+ SSLeay_add_all_ciphers() to just add ciphers to the table and not
+ link with digests. This never worked becayse SSLeay_add_all_digests()
+ and SSLeay_add_all_ciphers() were in the same source file so calling
+ one would link with the other. They are now in separate source files.
+ [Steve Henson]
+
+ *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+ [Steve Henson]
+
+ *) Use a less unusual form of the Miller-Rabin primality test (it used
+ a binary algorithm for exponentiation integrated into the Miller-Rabin
+ loop, our standard modexp algorithms are faster).
+ [Bodo Moeller]
+
+ *) Support for the EBCDIC character set completed.
+ [Martin Kraemer <Martin.Kraemer at Mch.SNI.De>]
+
+ *) Source code cleanups: use const where appropriate, eliminate casts,
+ use void * instead of char * in lhash.
+ [Ulf M\xF6ller]
+
+ *) Bugfix: ssl3_send_server_key_exchange was not restartable
+ (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+ this the server could overwrite ephemeral keys that the client
+ has already seen).
+ [Bodo Moeller]
+
+ *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+ using 50 iterations of the Rabin-Miller test.
+
+ DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+ iterations of the Rabin-Miller test as required by the appendix
+ to FIPS PUB 186[-1]) instead of DSA_is_prime.
+ As BN_is_prime_fasttest includes trial division, DSA parameter
+ generation becomes much faster.
+
+ This implies a change for the callback functions in DSA_is_prime
+ and DSA_generate_parameters: The callback function is called once
+ for each positive witness in the Rabin-Miller test, not just
+ occasionally in the inner loop; and the parameters to the
+ callback function now provide an iteration count for the outer
+ loop rather than for the current invocation of the inner loop.
+ DSA_generate_parameters additionally can call the callback
+ function with an 'iteration count' of -1, meaning that a
+ candidate has passed the trial division test (when q is generated
+ from an application-provided seed, trial division is skipped).
+ [Bodo Moeller]
+
+ *) New function BN_is_prime_fasttest that optionally does trial
+ division before starting the Rabin-Miller test and has
+ an additional BN_CTX * argument (whereas BN_is_prime always
+ has to allocate at least one BN_CTX).
+ 'callback(1, -1, cb_arg)' is called when a number has passed the
+ trial division stage.
+ [Bodo Moeller]
+
+ *) Fix for bug in CRL encoding. The validity dates weren't being handled
+ as ASN1_TIME.
+ [Steve Henson]
+
+ *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+ [Steve Henson]
+
+ *) New function BN_pseudo_rand().
+ [Ulf M\xF6ller]
+
+ *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+ bignum version of BN_from_montgomery() with the working code from
+ SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+ the comments.
+ [Ulf M\xF6ller]
+
+ *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+ made it impossible to use the same SSL_SESSION data structure in
+ SSL2 clients in multiple threads.
+ [Bodo Moeller]
+
+ *) The return value of RAND_load_file() no longer counts bytes obtained
+ by stat(). RAND_load_file(..., -1) is new and uses the complete file
+ to seed the PRNG (previously an explicit byte count was required).
+ [Ulf M\xF6ller, Bodo M\xF6ller]
+
+ *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+ used (char *) instead of (void *) and had casts all over the place.
+ [Steve Henson]
+
+ *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+ [Ulf M\xF6ller]
+
+ *) Retain source code compatibility for BN_prime_checks macro:
+ BN_is_prime(..., BN_prime_checks, ...) now uses
+ BN_prime_checks_for_size to determine the appropriate number of
+ Rabin-Miller iterations.
+ [Ulf M\xF6ller]
+
+ *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+ DH_CHECK_P_NOT_SAFE_PRIME.
+ (Check if this is true? OpenPGP calls them "strong".)
+ [Ulf M\xF6ller]
+
+ *) Merge the functionality of "dh" and "gendh" programs into a new program
+ "dhparam". The old programs are retained for now but will handle DH keys
+ (instead of parameters) in future.
+ [Steve Henson]
+
+ *) Make the ciphers, s_server and s_client programs check the return values
+ when a new cipher list is set.
+ [Steve Henson]
+
+ *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+ ciphers. Before when the 56bit ciphers were enabled the sorting was
+ wrong.
+
+ The syntax for the cipher sorting has been extended to support sorting by
+ cipher-strength (using the strength_bits hard coded in the tables).
+ The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+ Fix a bug in the cipher-command parser: when supplying a cipher command
+ string with an "undefined" symbol (neither command nor alphanumeric
+ [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+ an error is flagged.
+
+ Due to the strength-sorting extension, the code of the
+ ssl_create_cipher_list() function was completely rearranged. I hope that
+ the readability was also increased :-)
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+ *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+ for the first serial number and places 2 in the serial number file. This
+ avoids problems when the root CA is created with serial number zero and
+ the first user certificate has the same issuer name and serial number
+ as the root CA.
+ [Steve Henson]
+
+ *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+ the new code. Add documentation for this stuff.
+ [Steve Henson]
+
+ *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+ X509_*() to X509at_*() on the grounds that they don't handle X509
+ structures and behave in an analagous way to the X509v3 functions:
+ they shouldn't be called directly but wrapper functions should be used
+ instead.
+
+ So we also now have some wrapper functions that call the X509at functions
+ when passed certificate requests. (TO DO: similar things can be done with
+ PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+ things. Some of these need some d2i or i2d and print functionality
+ because they handle more complex structures.)
+ [Steve Henson]
+
+ *) Add missing #ifndefs that caused missing symbols when building libssl
+ as a shared library without RSA. Use #ifndef NO_SSL2 instead of
+ NO_RSA in ssl/s2*.c.
+ [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf M\xF6ller]
+
+ *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+ has a return value which indicates the quality of the random data
+ (1 = ok, 0 = not seeded). Also an error is recorded on the thread's
+ error queue. New function RAND_pseudo_bytes() generates output that is
+ guaranteed to be unique but not unpredictable. RAND_add is like
+ RAND_seed, but takes an extra argument for an entropy estimate
+ (RAND_seed always assumes full entropy).
+ [Ulf M\xF6ller]
+
+ *) Do more iterations of Rabin-Miller probable prime test (specifically,
+ 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+ instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+ in crypto/bn/bn_prime.c for the complete table). This guarantees a
+ false-positive rate of at most 2^-80 for random input.
+ [Bodo Moeller]
+
+ *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+ [Bodo Moeller]
+
+ *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+ in the 0.9.5 release), this returns the chain
+ from an X509_CTX structure with a dup of the stack and all
+ the X509 reference counts upped: so the stack will exist
+ after X509_CTX_cleanup() has been called. Modify pkcs12.c
+ to use this.
+
+ Also make SSL_SESSION_print() print out the verify return
+ code.
+ [Steve Henson]
+
+ *) Add manpage for the pkcs12 command. Also change the default
+ behaviour so MAC iteration counts are used unless the new
+ -nomaciter option is used. This improves file security and
+ only older versions of MSIE (4.0 for example) need it.
+ [Steve Henson]
+
+ *) Honor the no-xxx Configure options when creating .DEF files.
+ [Ulf M\xF6ller]
+
+ *) Add PKCS#10 attributes to field table: challengePassword,
+ unstructuredName and unstructuredAddress. These are taken from
+ draft PKCS#9 v2.0 but are compatible with v1.2 provided no
+ international characters are used.
+
+ More changes to X509_ATTRIBUTE code: allow the setting of types
+ based on strings. Remove the 'loc' parameter when adding
+ attributes because these will be a SET OF encoding which is sorted
+ in ASN1 order.
+ [Steve Henson]
+
+ *) Initial changes to the 'req' utility to allow request generation
+ automation. This will allow an application to just generate a template
+ file containing all the field values and have req construct the
+ request.
+
+ Initial support for X509_ATTRIBUTE handling. Stacks of these are
+ used all over the place including certificate requests and PKCS#7
+ structures. They are currently handled manually where necessary with
+ some primitive wrappers for PKCS#7. The new functions behave in a
+ manner analogous to the X509 extension functions: they allow
+ attributes to be looked up by NID and added.
+
+ Later something similar to the X509V3 code would be desirable to
+ automatically handle the encoding, decoding and printing of the
+ more complex types. The string types like challengePassword can
+ be handled by the string table functions.
+
+ Also modified the multi byte string table handling. Now there is
+ a 'global mask' which masks out certain types. The table itself
+ can use the flag STABLE_NO_MASK to ignore the mask setting: this
+ is useful when for example there is only one permissible type
+ (as in countryName) and using the mask might result in no valid
+ types at all.
+ [Steve Henson]
+
+ *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+ SSL_get_peer_finished to allow applications to obtain the latest
+ Finished messages sent to the peer or expected from the peer,
+ respectively. (SSL_get_peer_finished is usually the Finished message
+ actually received from the peer, otherwise the protocol will be aborted.)
+
+ As the Finished message are message digests of the complete handshake
+ (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+ be used for external authentication procedures when the authentication
+ provided by SSL/TLS is not desired or is not enough.
+ [Bodo Moeller]
+
+ *) Enhanced support for Alpha Linux is added. Now ./config checks if
+ the host supports BWX extension and if Compaq C is present on the
+ $PATH. Just exploiting of the BWX extension results in 20-30%
+ performance kick for some algorithms, e.g. DES and RC4 to mention
+ a couple. Compaq C in turn generates ~20% faster code for MD5 and
+ SHA1.
+ [Andy Polyakov]
+
+ *) Add support for MS "fast SGC". This is arguably a violation of the
+ SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+ weak crypto and after checking the certificate is SGC a second one
+ with strong crypto. MS SGC stops the first handshake after receiving
+ the server certificate message and sends a second client hello. Since
+ a server will typically do all the time consuming operations before
+ expecting any further messages from the client (server key exchange
+ is the most expensive) there is little difference between the two.
+
+ To get OpenSSL to support MS SGC we have to permit a second client
+ hello message after we have sent server done. In addition we have to
+ reset the MAC if we do get this second client hello.
+ [Steve Henson]
+
+ *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+ if a DER encoded private key is RSA or DSA traditional format. Changed
+ d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+ format DER encoded private key. Newer code should use PKCS#8 format which
+ has the key type encoded in the ASN1 structure. Added DER private key
+ support to pkcs8 application.
+ [Steve Henson]
+
+ *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+ ciphersuites has been selected (as required by the SSL 3/TLS 1
+ specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ is set, we interpret this as a request to violate the specification
+ (the worst that can happen is a handshake failure, and 'correct'
+ behaviour would result in a handshake failure anyway).
+ [Bodo Moeller]
+
+ *) In SSL_CTX_add_session, take into account that there might be multiple
+ SSL_SESSION structures with the same session ID (e.g. when two threads
+ concurrently obtain them from an external cache).
+ The internal cache can handle only one SSL_SESSION with a given ID,
+ so if there's a conflict, we now throw out the old one to achieve
+ consistency.
+ [Bodo Moeller]
+
+ *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+ to be used in PKCS#5 v2.0 and S/MIME. Also add checking to
+ some routines that use cipher OIDs: some ciphers do not have OIDs
+ defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+ example.
+ [Steve Henson]
+
+ *) Simplify the trust setting structure and code. Now we just have
+ two sequences of OIDs for trusted and rejected settings. These will
+ typically have values the same as the extended key usage extension
+ and any application specific purposes.
+
+ The trust checking code now has a default behaviour: it will just
+ check for an object with the same NID as the passed id. Functions can
+ be provided to override either the default behaviour or the behaviour
+ for a given id. SSL client, server and email already have functions
+ in place for compatibility: they check the NID and also return "trusted"
+ if the certificate is self signed.
+ [Steve Henson]
+
+ *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+ traditional format into an EVP_PKEY structure.
+ [Steve Henson]
+
+ *) Add a password callback function PEM_cb() which either prompts for
+ a password if usr_data is NULL or otherwise assumes it is a null
+ terminated password. Allow passwords to be passed on command line
+ environment or config files in a few more utilities.
+ [Steve Henson]
+
+ *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+ keys. Add some short names for PKCS#8 PBE algorithms and allow them
+ to be specified on the command line for the pkcs8 and pkcs12 utilities.
+ Update documentation.
+ [Steve Henson]
+
+ *) Support for ASN1 "NULL" type. This could be handled before by using
+ ASN1_TYPE but there wasn't any function that would try to read a NULL
+ and produce an error if it couldn't. For compatibility we also have
+ ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+ don't allocate anything because they don't need to.
+ [Steve Henson]
+
+ *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+ for details.
+ [Andy Polyakov, Roy Woods <roy at centicsystems.ca>]
+
+ *) Rebuild of the memory allocation routines used by OpenSSL code and
+ possibly others as well. The purpose is to make an interface that
+ provide hooks so anyone can build a separate set of allocation and
+ deallocation routines to be used by OpenSSL, for example memory
+ pool implementations, or something else, which was previously hard
+ since Malloc(), Realloc() and Free() were defined as macros having
+ the values malloc, realloc and free, respectively (except for Win32
+ compilations). The same is provided for memory debugging code.
+ OpenSSL already comes with functionality to find memory leaks, but
+ this gives people a chance to debug other memory problems.
+
+ With these changes, a new set of functions and macros have appeared:
+
+ CRYPTO_set_mem_debug_functions() [F]
+ CRYPTO_get_mem_debug_functions() [F]
+ CRYPTO_dbg_set_options() [F]
+ CRYPTO_dbg_get_options() [F]
+ CRYPTO_malloc_debug_init() [M]
+
+ The memory debug functions are NULL by default, unless the library
+ is compiled with CRYPTO_MDEBUG or friends is defined. If someone
+ wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+ gives the standard debugging functions that come with OpenSSL) or
+ CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+ provided by the library user) must be used. When the standard
+ debugging functions are used, CRYPTO_dbg_set_options can be used to
+ request additional information:
+ CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+ the CRYPTO_MDEBUG_xxx macro when compiling the library.
+
+ Also, things like CRYPTO_set_mem_functions will always give the
+ expected result (the new set of functions is used for allocation
+ and deallocation) at all times, regardless of platform and compiler
+ options.
+
+ To finish it up, some functions that were never use in any other
+ way than through macros have a new API and new semantic:
+
+ CRYPTO_dbg_malloc()
+ CRYPTO_dbg_realloc()
+ CRYPTO_dbg_free()
+
+ All macros of value have retained their old syntax.
+ [Richard Levitte and Bodo Moeller]
+
+ *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+ ordering of SMIMECapabilities wasn't in "strength order" and there
+ was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+ algorithm.
+ [Steve Henson]
+
+ *) Some ASN1 types with illegal zero length encoding (INTEGER,
+ ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+ [Frans Heymans <fheymans at isaserver.be>, modified by Steve Henson]
+
+ *) Merge in my S/MIME library for OpenSSL. This provides a simple
+ S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+ functionality to handle multipart/signed properly) and a utility
+ called 'smime' to call all this stuff. This is based on code I
+ originally wrote for Celo who have kindly allowed it to be
+ included in OpenSSL.
+ [Steve Henson]
+
+ *) Add variants des_set_key_checked and des_set_key_unchecked of
+ des_set_key (aka des_key_sched). Global variable des_check_key
+ decides which of these is called by des_set_key; this way
+ des_check_key behaves as it always did, but applications and
+ the library itself, which was buggy for des_check_key == 1,
+ have a cleaner way to pick the version they need.
+ [Bodo Moeller]
+
+ *) New function PKCS12_newpass() which changes the password of a
+ PKCS12 structure.
+ [Steve Henson]
+
+ *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+ dynamic mix. In both cases the ids can be used as an index into the
+ table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+ functions so they accept a list of the field values and the
+ application doesn't need to directly manipulate the X509_TRUST
+ structure.
+ [Steve Henson]
+
+ *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+ need initialising.
+ [Steve Henson]
+
+ *) Modify the way the V3 extension code looks up extensions. This now
+ works in a similar way to the object code: we have some "standard"
+ extensions in a static table which is searched with OBJ_bsearch()
+ and the application can add dynamic ones if needed. The file
+ crypto/x509v3/ext_dat.h now has the info: this file needs to be
+ updated whenever a new extension is added to the core code and kept
+ in ext_nid order. There is a simple program 'tabtest.c' which checks
+ this. New extensions are not added too often so this file can readily
+ be maintained manually.
+
+ There are two big advantages in doing things this way. The extensions
+ can be looked up immediately and no longer need to be "added" using
+ X509V3_add_standard_extensions(): this function now does nothing.
+ [Side note: I get *lots* of email saying the extension code doesn't
+ work because people forget to call this function]
+ Also no dynamic allocation is done unless new extensions are added:
+ so if we don't add custom extensions there is no need to call
+ X509V3_EXT_cleanup().
+ [Steve Henson]
+
+ *) Modify enc utility's salting as follows: make salting the default. Add a
+ magic header, so unsalted files fail gracefully instead of just decrypting
+ to garbage. This is because not salting is a big security hole, so people
+ should be discouraged from doing it.
+ [Ben Laurie]
+
+ *) Fixes and enhancements to the 'x509' utility. It allowed a message
+ digest to be passed on the command line but it only used this
+ parameter when signing a certificate. Modified so all relevant
+ operations are affected by the digest parameter including the
+ -fingerprint and -x509toreq options. Also -x509toreq choked if a
+ DSA key was used because it didn't fix the digest.
+ [Steve Henson]
+
+ *) Initial certificate chain verify code. Currently tests the untrusted
+ certificates for consistency with the verify purpose (which is set
+ when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+ There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+ this is because it will reject chains with invalid extensions whereas
+ every previous version of OpenSSL and SSLeay made no checks at all.
+
+ Trust code: checks the root CA for the relevant trust settings. Trust
+ settings have an initial value consistent with the verify purpose: e.g.
+ if the verify purpose is for SSL client use it expects the CA to be
+ trusted for SSL client use. However the default value can be changed to
+ permit custom trust settings: one example of this would be to only trust
+ certificates from a specific "secure" set of CAs.
+
+ Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+ which should be used for version portability: especially since the
+ verify structure is likely to change more often now.
+
+ SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+ to set them. If not set then assume SSL clients will verify SSL servers
+ and vice versa.
+
+ Two new options to the verify program: -untrusted allows a set of
+ untrusted certificates to be passed in and -purpose which sets the
+ intended purpose of the certificate. If a purpose is set then the
+ new chain verify code is used to check extension consistency.
+ [Steve Henson]
+
+ *) Support for the authority information access extension.
+ [Steve Henson]
+
+ *) Modify RSA and DSA PEM read routines to transparently handle
+ PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+ public keys in a format compatible with certificate
+ SubjectPublicKeyInfo structures. Unfortunately there were already
+ functions called *_PublicKey_* which used various odd formats so
+ these are retained for compatibility: however the DSA variants were
+ never in a public release so they have been deleted. Changed dsa/rsa
+ utilities to handle the new format: note no releases ever handled public
+ keys so we should be OK.
+
+ The primary motivation for this change is to avoid the same fiasco
+ that dogs private keys: there are several incompatible private key
+ formats some of which are standard and some OpenSSL specific and
+ require various evil hacks to allow partial transparent handling and
+ even then it doesn't work with DER formats. Given the option anything
+ other than PKCS#8 should be dumped: but the other formats have to
+ stay in the name of compatibility.
+
+ With public keys and the benefit of hindsight one standard format
+ is used which works with EVP_PKEY, RSA or DSA structures: though
+ it clearly returns an error if you try to read the wrong kind of key.
+
+ Added a -pubkey option to the 'x509' utility to output the public key.
+ Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+ (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+ EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+ that do the same as the EVP_PKEY_assign_*() except they up the
+ reference count of the added key (they don't "swallow" the
+ supplied key).
+ [Steve Henson]
+
+ *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+ CRLs would fail if the file contained no certificates or no CRLs:
+ added a new function to read in both types and return the number
+ read: this means that if none are read it will be an error. The
+ DER versions of the certificate and CRL reader would always fail
+ because it isn't possible to mix certificates and CRLs in DER format
+ without choking one or the other routine. Changed this to just read
+ a certificate: this is the best we can do. Also modified the code
+ in apps/verify.c to take notice of return codes: it was previously
+ attempting to read in certificates from NULL pointers and ignoring
+ any errors: this is one reason why the cert and CRL reader seemed
+ to work. It doesn't check return codes from the default certificate
+ routines: these may well fail if the certificates aren't installed.
+ [Steve Henson]
+
+ *) Code to support otherName option in GeneralName.
+ [Steve Henson]
+
+ *) First update to verify code. Change the verify utility
+ so it warns if it is passed a self signed certificate:
+ for consistency with the normal behaviour. X509_verify
+ has been modified to it will now verify a self signed
+ certificate if *exactly* the same certificate appears
+ in the store: it was previously impossible to trust a
+ single self signed certificate. This means that:
+ openssl verify ss.pem
+ now gives a warning about a self signed certificate but
+ openssl verify -CAfile ss.pem ss.pem
+ is OK.
+ [Steve Henson]
+
+ *) For servers, store verify_result in SSL_SESSION data structure
+ (and add it to external session representation).
+ This is needed when client certificate verifications fails,
+ but an application-provided verification callback (set by
+ SSL_CTX_set_cert_verify_callback) allows accepting the session
+ anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+ but returns 1): When the session is reused, we have to set
+ ssl->verify_result to the appropriate error code to avoid
+ security holes.
+ [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+ *) Fix a bug in the new PKCS#7 code: it didn't consider the
+ case in PKCS7_dataInit() where the signed PKCS7 structure
+ didn't contain any existing data because it was being created.
+ [Po-Cheng Chen <pocheng at nst.com.tw>, slightly modified by Steve Henson]
+
+ *) Add a salt to the key derivation routines in enc.c. This
+ forms the first 8 bytes of the encrypted file. Also add a
+ -S option to allow a salt to be input on the command line.
+ [Steve Henson]
+
+ *) New function X509_cmp(). Oddly enough there wasn't a function
+ to compare two certificates. We do this by working out the SHA1
+ hash and comparing that. X509_cmp() will be needed by the trust
+ code.
+ [Steve Henson]
+
+ *) SSL_get1_session() is like SSL_get_session(), but increments
+ the reference count in the SSL_SESSION returned.
+ [Geoff Thorpe <geoff at eu.c2.net>]
+
+ *) Fix for 'req': it was adding a null to request attributes.
+ Also change the X509_LOOKUP and X509_INFO code to handle
+ certificate auxiliary information.
+ [Steve Henson]
+
+ *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+ the 'enc' command.
+ [Steve Henson]
+
+ *) Add the possibility to add extra information to the memory leak
+ detecting output, to form tracebacks, showing from where each
+ allocation was originated: CRYPTO_push_info("constant string") adds
+ the string plus current file name and line number to a per-thread
+ stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+ is like calling CYRPTO_pop_info() until the stack is empty.
+ Also updated memory leak detection code to be multi-thread-safe.
+ [Richard Levitte]
+
+ *) Add options -text and -noout to pkcs7 utility and delete the
+ encryption options which never did anything. Update docs.
+ [Steve Henson]
+
+ *) Add options to some of the utilities to allow the pass phrase
+ to be included on either the command line (not recommended on
+ OSes like Unix) or read from the environment. Update the
+ manpages and fix a few bugs.
+ [Steve Henson]
+
+ *) Add a few manpages for some of the openssl commands.
+ [Steve Henson]
+
+ *) Fix the -revoke option in ca. It was freeing up memory twice,
+ leaking and not finding already revoked certificates.
+ [Steve Henson]
+
+ *) Extensive changes to support certificate auxiliary information.
+ This involves the use of X509_CERT_AUX structure and X509_AUX
+ functions. An X509_AUX function such as PEM_read_X509_AUX()
+ can still read in a certificate file in the usual way but it
+ will also read in any additional "auxiliary information". By
+ doing things this way a fair degree of compatibility can be
+ retained: existing certificates can have this information added
+ using the new 'x509' options.
+
+ Current auxiliary information includes an "alias" and some trust
+ settings. The trust settings will ultimately be used in enhanced
+ certificate chain verification routines: currently a certificate
+ can only be trusted if it is self signed and then it is trusted
+ for all purposes.
+ [Steve Henson]
+
+ *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+ The problem was that one of the replacement routines had not been working
+ since SSLeay releases. For now the offending routine has been replaced
+ with non-optimised assembler. Even so, this now gives around 95%
+ performance improvement for 1024 bit RSA signs.
+ [Mark Cox]
+
+ *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
+ handling. Most clients have the effective key size in bits equal to
+ the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+ A few however don't do this and instead use the size of the decrypted key
+ to determine the RC2 key length and the AlgorithmIdentifier to determine
+ the effective key length. In this case the effective key length can still
+ be 40 bits but the key length can be 168 bits for example. This is fixed
+ by manually forcing an RC2 key into the EVP_PKEY structure because the
+ EVP code can't currently handle unusual RC2 key sizes: it always assumes
+ the key length and effective key length are equal.
+ [Steve Henson]
+
+ *) Add a bunch of functions that should simplify the creation of
+ X509_NAME structures. Now you should be able to do:
+ X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+ and have it automatically work out the correct field type and fill in
+ the structures. The more adventurous can try:
+ X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+ and it will (hopefully) work out the correct multibyte encoding.
+ [Steve Henson]
+
+ *) Change the 'req' utility to use the new field handling and multibyte
+ copy routines. Before the DN field creation was handled in an ad hoc
+ way in req, ca, and x509 which was rather broken and didn't support
+ BMPStrings or UTF8Strings. Since some software doesn't implement
+ BMPStrings or UTF8Strings yet, they can be enabled using the config file
+ using the dirstring_type option. See the new comment in the default
+ openssl.cnf for more info.
+ [Steve Henson]
+
+ *) Make crypto/rand/md_rand.c more robust:
+ - Assure unique random numbers after fork().
+ - Make sure that concurrent threads access the global counter and
+ md serializably so that we never lose entropy in them
+ or use exactly the same state in multiple threads.
+ Access to the large state is not always serializable because
+ the additional locking could be a performance killer, and
+ md should be large enough anyway.
+ [Bodo Moeller]
+
+ *) New file apps/app_rand.c with commonly needed functionality
+ for handling the random seed file.
+
+ Use the random seed file in some applications that previously did not:
+ ca,
+ dsaparam -genkey (which also ignored its '-rand' option),
+ s_client,
+ s_server,
+ x509 (when signing).
+ Except on systems with /dev/urandom, it is crucial to have a random
+ seed file at least for key creation, DSA signing, and for DH exchanges;
+ for RSA signatures we could do without one.
+
+ gendh and gendsa (unlike genrsa) used to read only the first byte
+ of each file listed in the '-rand' option. The function as previously
+ found in genrsa is now in app_rand.c and is used by all programs
+ that support '-rand'.
+ [Bodo Moeller]
+
+ *) In RAND_write_file, use mode 0600 for creating files;
+ don't just chmod when it may be too late.
+ [Bodo Moeller]
+
+ *) Report an error from X509_STORE_load_locations
+ when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+ [Bill Perry]
+
+ *) New function ASN1_mbstring_copy() this copies a string in either
+ ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+ into an ASN1_STRING type. A mask of permissible types is passed
+ and it chooses the "minimal" type to use or an error if not type
+ is suitable.
+ [Steve Henson]
+
+ *) Add function equivalents to the various macros in asn1.h. The old
+ macros are retained with an M_ prefix. Code inside the library can
+ use the M_ macros. External code (including the openssl utility)
+ should *NOT* in order to be "shared library friendly".
+ [Steve Henson]
+
+ *) Add various functions that can check a certificate's extensions
+ to see if it usable for various purposes such as SSL client,
+ server or S/MIME and CAs of these types. This is currently
+ VERY EXPERIMENTAL but will ultimately be used for certificate chain
+ verification. Also added a -purpose flag to x509 utility to
+ print out all the purposes.
+ [Steve Henson]
+
+ *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+ functions.
+ [Steve Henson]
+
+ *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+ for, obtain and decode and extension and obtain its critical flag.
+ This allows all the necessary extension code to be handled in a
+ single function call.
+ [Steve Henson]
+
+ *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+ platforms. See crypto/rc4/rc4_enc.c for further details.
+ [Andy Polyakov]
+
+ *) New -noout option to asn1parse. This causes no output to be produced
+ its main use is when combined with -strparse and -out to extract data
+ from a file (which may not be in ASN.1 format).
+ [Steve Henson]
+
+ *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+ when producing the local key id.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) New option -dhparam in s_server. This allows a DH parameter file to be
+ stated explicitly. If it is not stated then it tries the first server
+ certificate file. The previous behaviour hard coded the filename
+ "server.pem".
+ [Steve Henson]
+
+ *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+ a public key to be input or output. For example:
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+ Also added necessary DSA public key functions to handle this.
+ [Steve Henson]
+
+ *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+ in the message. This was handled by allowing
+ X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+ [Steve Henson, reported by Sampo Kellomaki <sampo at mail.neuronio.pt>]
+
+ *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+ to the end of the strings whereas this didn't. This would cause problems
+ if strings read with d2i_ASN1_bytes() were later modified.
+ [Steve Henson, reported by Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Fix for base64 decode bug. When a base64 bio reads only one line of
+ data and it contains EOF it will end up returning an error. This is
+ caused by input 46 bytes long. The cause is due to the way base64
+ BIOs find the start of base64 encoded data. They do this by trying a
+ trial decode on each line until they find one that works. When they
+ do a flag is set and it starts again knowing it can pass all the
+ data directly through the decoder. Unfortunately it doesn't reset
+ the context it uses. This means that if EOF is reached an attempt
+ is made to pass two EOFs through the context and this causes the
+ resulting error. This can also cause other problems as well. As is
+ usual with these problems it takes *ages* to find and the fix is
+ trivial: move one line.
+ [Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+ *) Ugly workaround to get s_client and s_server working under Windows. The
+ old code wouldn't work because it needed to select() on sockets and the
+ tty (for keypresses and to see if data could be written). Win32 only
+ supports select() on sockets so we select() with a 1s timeout on the
+ sockets and then see if any characters are waiting to be read, if none
+ are present then we retry, we also assume we can always write data to
+ the tty. This isn't nice because the code then blocks until we've
+ received a complete line of data and it is effectively polling the
+ keyboard at 1s intervals: however it's quite a bit better than not
+ working at all :-) A dedicated Windows application might handle this
+ with an event loop for example.
+ [Steve Henson]
+
+ *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+ and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+ will be called when RSA_sign() and RSA_verify() are used. This is useful
+ if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+ For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+ should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+ This necessitated the support of an extra signature type NID_md5_sha1
+ for SSL signatures and modifications to the SSL library to use it instead
+ of calling RSA_public_decrypt() and RSA_private_encrypt().
+ [Steve Henson]
+
+ *) Add new -verify -CAfile and -CApath options to the crl program, these
+ will lookup a CRL issuers certificate and verify the signature in a
+ similar way to the verify program. Tidy up the crl program so it
+ no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+ less strict. It will now permit CRL extensions even if it is not
+ a V2 CRL: this will allow it to tolerate some broken CRLs.
+ [Steve Henson]
+
+ *) Initialize all non-automatic variables each time one of the openssl
+ sub-programs is started (this is necessary as they may be started
+ multiple times from the "OpenSSL>" prompt).
+ [Lennart Bang, Bodo Moeller]
+
+ *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+ removing all other RSA functionality (this is what NO_RSA does). This
+ is so (for example) those in the US can disable those operations covered
+ by the RSA patent while allowing storage and parsing of RSA keys and RSA
+ key generation.
+ [Steve Henson]
+
+ *) Non-copying interface to BIO pairs.
+ (still largely untested)
+ [Bodo Moeller]
+
+ *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+ ASCII string. This was handled independently in various places before.
+ [Steve Henson]
+
+ *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+ UTF8 strings a character at a time.
+ [Steve Henson]
+
+ *) Use client_version from client hello to select the protocol
+ (s23_srvr.c) and for RSA client key exchange verification
+ (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+ [Bodo Moeller]
+
+ *) Add various utility functions to handle SPKACs, these were previously
+ handled by poking round in the structure internals. Added new function
+ NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+ print, verify and generate SPKACs. Based on an original idea from
+ Massimiliano Pala <madwolf at comune.modena.it> but extensively modified.
+ [Steve Henson]
+
+ *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+ [Andy Polyakov]
+
+ *) Allow the config file extension section to be overwritten on the
+ command line. Based on an original idea from Massimiliano Pala
+ <madwolf at comune.modena.it>. The new option is called -extensions
+ and can be applied to ca, req and x509. Also -reqexts to override
+ the request extensions in req and -crlexts to override the crl extensions
+ in ca.
+ [Steve Henson]
+
+ *) Add new feature to the SPKAC handling in ca. Now you can include
+ the same field multiple times by preceding it by "XXXX." for example:
+ 1.OU="Unit name 1"
+ 2.OU="Unit name 2"
+ this is the same syntax as used in the req config file.
+ [Steve Henson]
+
+ *) Allow certificate extensions to be added to certificate requests. These
+ are specified in a 'req_extensions' option of the req section of the
+ config file. They can be printed out with the -text option to req but
+ are otherwise ignored at present.
+ [Steve Henson]
+
+ *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+ data read consists of only the final block it would not decrypted because
+ EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+ A misplaced 'break' also meant the decrypted final block might not be
+ copied until the next read.
+ [Steve Henson]
+
+ *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+ a few extra parameters to the DH structure: these will be useful if
+ for example we want the value of 'q' or implement X9.42 DH.
+ [Steve Henson]
+
+ *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+ provides hooks that allow the default DSA functions or functions on a
+ "per key" basis to be replaced. This allows hardware acceleration and
+ hardware key storage to be handled without major modification to the
+ library. Also added low level modexp hooks and CRYPTO_EX structure and
+ associated functions.
+ [Steve Henson]
+
+ *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+ as "read only": it can't be written to and the buffer it points to will
+ not be freed. Reading from a read only BIO is much more efficient than
+ a normal memory BIO. This was added because there are several times when
+ an area of memory needs to be read from a BIO. The previous method was
+ to create a memory BIO and write the data to it, this results in two
+ copies of the data and an O(n^2) reading algorithm. There is a new
+ function BIO_new_mem_buf() which creates a read only memory BIO from
+ an area of memory. Also modified the PKCS#7 routines to use read only
+ memory BIOs.
+ [Steve Henson]
+
+ *) Bugfix: ssl23_get_client_hello did not work properly when called in
+ state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+ a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+ but a retry condition occured while trying to read the rest.
+ [Bodo Moeller]
+
+ *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+ NID_pkcs7_encrypted by default: this was wrong since this should almost
+ always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+ the encrypted data type: this is a more sensible place to put it and it
+ allows the PKCS#12 code to be tidied up that duplicated this
+ functionality.
+ [Steve Henson]
+
+ *) Changed obj_dat.pl script so it takes its input and output files on
+ the command line. This should avoid shell escape redirection problems
+ under Win32.
+ [Steve Henson]
+
+ *) Initial support for certificate extension requests, these are included
+ in things like Xenroll certificate requests. Included functions to allow
+ extensions to be obtained and added.
+ [Steve Henson]
+
+ *) -crlf option to s_client and s_server for sending newlines as
+ CRLF (as required by many protocols).
+ [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
+
+ *) Install libRSAglue.a when OpenSSL is built with RSAref.
+ [Ralf S. Engelschall]
+
+ *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+ [Andrija Antonijevic <TheAntony2 at bigfoot.com>]
+
+ *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+ program.
+ [Steve Henson]
+
+ *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+ DH parameters/keys (q is lost during that conversion, but the resulting
+ DH parameters contain its length).
+
+ For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+ much faster than DH_generate_parameters (which creates parameters
+ where p = 2*q + 1), and also the smaller q makes DH computations
+ much more efficient (160-bit exponentiation instead of 1024-bit
+ exponentiation); so this provides a convenient way to support DHE
+ ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
+ utter importance to use
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ or
+ SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ when such DH parameters are used, because otherwise small subgroup
+ attacks may become possible!
+ [Bodo Moeller]
+
+ *) Avoid memory leak in i2d_DHparams.
+ [Bodo Moeller]
+
+ *) Allow the -k option to be used more than once in the enc program:
+ this allows the same encrypted message to be read by multiple recipients.
+ [Steve Henson]
+
+ *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+ an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+ it will always use the numerical form of the OID, even if it has a short
+ or long name.
+ [Steve Henson]
+
+ *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+ method only got called if p,q,dmp1,dmq1,iqmp components were present,
+ otherwise bn_mod_exp was called. In the case of hardware keys for example
+ no private key components need be present and it might store extra data
+ in the RSA structure, which cannot be accessed from bn_mod_exp.
+ By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+ private key operations.
+ [Steve Henson]
+
+ *) Added support for SPARC Linux.
+ [Andy Polyakov]
+
+ *) pem_password_cb function type incompatibly changed from
+ typedef int pem_password_cb(char *buf, int size, int rwflag);
+ to
+ ....(char *buf, int size, int rwflag, void *userdata);
+ so that applications can pass data to their callbacks:
+ The PEM[_ASN1]_{read,write}... functions and macros now take an
+ additional void * argument, which is just handed through whenever
+ the password callback is called.
+ [Damien Miller <dmiller at ilogic.com.au>; tiny changes by Bodo Moeller]
+
+ New function SSL_CTX_set_default_passwd_cb_userdata.
+
+ Compatibility note: As many C implementations push function arguments
+ onto the stack in reverse order, the new library version is likely to
+ interoperate with programs that have been compiled with the old
+ pem_password_cb definition (PEM_whatever takes some data that
+ happens to be on the stack as its last argument, and the callback
+ just ignores this garbage); but there is no guarantee whatsoever that
+ this will work.
+
+ *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+ (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+ problems not only on Windows, but also on some Unix platforms.
+ To avoid problematic command lines, these definitions are now in an
+ auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+ for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+ [Bodo Moeller]
+
+ *) MIPS III/IV assembler module is reimplemented.
+ [Andy Polyakov]
+
+ *) More DES library cleanups: remove references to srand/rand and
+ delete an unused file.
+ [Ulf M\xF6ller]
+
+ *) Add support for the the free Netwide assembler (NASM) under Win32,
+ since not many people have MASM (ml) and it can be hard to obtain.
+ This is currently experimental but it seems to work OK and pass all
+ the tests. Check out INSTALL.W32 for info.
+ [Steve Henson]
+
+ *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+ without temporary keys kept an extra copy of the server key,
+ and connections with temporary keys did not free everything in case
+ of an error.
+ [Bodo Moeller]
+
+ *) New function RSA_check_key and new openssl rsa option -check
+ for verifying the consistency of RSA keys.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) Various changes to make Win32 compile work:
+ 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+ 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+ comparison" warnings.
+ 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+ [Steve Henson]
+
+ *) Add a debugging option to PKCS#5 v2 key generation function: when
+ you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+ derived keys are printed to stderr.
+ [Steve Henson]
+
+ *) Copy the flags in ASN1_STRING_dup().
+ [Roman E. Pavlov <pre at mo.msk.ru>]
+
+ *) The x509 application mishandled signing requests containing DSA
+ keys when the signing key was also DSA and the parameters didn't match.
+
+ It was supposed to omit the parameters when they matched the signing key:
+ the verifying software was then supposed to automatically use the CA's
+ parameters if they were absent from the end user certificate.
+
+ Omitting parameters is no longer recommended. The test was also
+ the wrong way round! This was probably due to unusual behaviour in
+ EVP_cmp_parameters() which returns 1 if the parameters match.
+ This meant that parameters were omitted when they *didn't* match and
+ the certificate was useless. Certificates signed with 'ca' didn't have
+ this bug.
+ [Steve Henson, reported by Doug Erickson <Doug.Erickson at Part.NET>]
+
+ *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+ The interface is as follows:
+ Applications can use
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+ "off" is now the default.
+ The library internally uses
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+ to disable memory-checking temporarily.
+
+ Some inconsistent states that previously were possible (and were
+ even the default) are now avoided.
+
+ -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+ with each memory chunk allocated; this is occasionally more helpful
+ than just having a counter.
+
+ -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+ -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+ extensions.
+ [Bodo Moeller]
+
+ *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+ which largely parallels "options", but is for changing API behaviour,
+ whereas "options" are about protocol behaviour.
+ Initial "mode" flags are:
+
+ SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when
+ a single record has been written.
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write
+ retries use the same buffer location.
+ (But all of the contents must be
+ copied!)
+ [Bodo Moeller]
+
+ *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+ worked.
+
+ *) Fix problems with no-hmac etc.
+ [Ulf M\xF6ller, pointed out by Brian Wellington <bwelling at tislabs.com>]
+
+ *) New functions RSA_get_default_method(), RSA_set_method() and
+ RSA_get_method(). These allows replacement of RSA_METHODs without having
+ to mess around with the internals of an RSA structure.
+ [Steve Henson]
+
+ *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+ Also really enable memory leak checks in openssl.c and in some
+ test programs.
+ [Chad C. Mulligan, Bodo Moeller]
+
+ *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+ up the length of negative integers. This has now been simplified to just
+ store the length when it is first determined and use it later, rather
+ than trying to keep track of where data is copied and updating it to
+ point to the end.
+ [Steve Henson, reported by Brien Wheeler
+ <bwheeler at authentica-security.com>]
+
+ *) Add a new function PKCS7_signatureVerify. This allows the verification
+ of a PKCS#7 signature but with the signing certificate passed to the
+ function itself. This contrasts with PKCS7_dataVerify which assumes the
+ certificate is present in the PKCS#7 structure. This isn't always the
+ case: certificates can be omitted from a PKCS#7 structure and be
+ distributed by "out of band" means (such as a certificate database).
+ [Steve Henson]
+
+ *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+ function prototypes in pem.h, also change util/mkdef.pl to add the
+ necessary function names.
+ [Steve Henson]
+
+ *) mk1mf.pl (used by Windows builds) did not properly read the
+ options set by Configure in the top level Makefile, and Configure
+ was not even able to write more than one option correctly.
+ Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+ [Bodo Moeller]
+
+ *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+ file to be loaded from a BIO or FILE pointer. The BIO version will
+ for example allow memory BIOs to contain config info.
+ [Steve Henson]
+
+ *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+ Whoever hopes to achieve shared-library compatibility across versions
+ must use this, not the compile-time macro.
+ (Exercise 0.9.4: Which is the minimum library version required by
+ such programs?)
+ Note: All this applies only to multi-threaded programs, others don't
+ need locks.
+ [Bodo Moeller]
+
+ *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+ through a BIO pair triggered the default case, i.e.
+ SSLerr(...,SSL_R_UNKNOWN_STATE).
+ [Bodo Moeller]
+
+ *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+ can use the SSL library even if none of the specific BIOs is
+ appropriate.
+ [Bodo Moeller]
+
+ *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+ for the encoded length.
+ [Jeon KyoungHo <khjeon at sds.samsung.co.kr>]
+
+ *) Add initial documentation of the X509V3 functions.
+ [Steve Henson]
+
+ *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
+ PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+ PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+ secure PKCS#8 private key format with a high iteration count.
+ [Steve Henson]
+
+ *) Fix determination of Perl interpreter: A perl or perl5
+ _directory_ in $PATH was also accepted as the interpreter.
+ [Ralf S. Engelschall]
+
+ *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+ wrong with it but it was very old and did things like calling
+ PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+ unusual formatting.
+ [Steve Henson]
+
+ *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+ to use the new extension code.
+ [Steve Henson]
+
+ *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+ with macros. This should make it easier to change their form, add extra
+ arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+ constant.
+ [Steve Henson]
+
+ *) Add to configuration table a new entry that can specify an alternative
+ name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+ according to Mark Crispin <MRC at Panda.COM>.
+ [Bodo Moeller]
+
+#if 0
+ *) DES CBC did not update the IV. Weird.
+ [Ben Laurie]
+#else
+ des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+ Changing the behaviour of the former might break existing programs --
+ where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+ *) When bntest is run from "make test" it drives bc to check its
+ calculations, as well as internally checking them. If an internal check
+ fails, it needs to cause bc to give a non-zero result or make test carries
+ on without noticing the failure. Fixed.
+ [Ben Laurie]
+
+ *) DES library cleanups.
+ [Ulf M\xF6ller]
+
+ *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+ used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+ ciphers. NOTE: although the key derivation function has been verified
+ against some published test vectors it has not been extensively tested
+ yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+ of v2.0.
+ [Steve Henson]
+
+ *) Instead of "mkdir -p", which is not fully portable, use new
+ Perl script "util/mkdir-p.pl".
+ [Bodo Moeller]
+
+ *) Rewrite the way password based encryption (PBE) is handled. It used to
+ assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+ structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+ but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+ the 'parameter' field of the AlgorithmIdentifier is passed to the
+ underlying key generation function so it must do its own ASN1 parsing.
+ This has also changed the EVP_PBE_CipherInit() function which now has a
+ 'parameter' argument instead of literal salt and iteration count values
+ and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+ [Steve Henson]
+
+ *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+ and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+ Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+ KEY" because this clashed with PKCS#8 unencrypted string. Since this
+ value was just used as a "magic string" and not used directly its
+ value doesn't matter.
+ [Steve Henson]
+
+ *) Introduce some semblance of const correctness to BN. Shame C doesn't
+ support mutable.
+ [Ben Laurie]
+
+ *) "linux-sparc64" configuration (ultrapenguin).
+ [Ray Miller <ray.miller at oucs.ox.ac.uk>]
+ "linux-sparc" configuration.
+ [Christian Forster <fo at hawo.stw.uni-erlangen.de>]
+
+ *) config now generates no-xxx options for missing ciphers.
+ [Ulf M\xF6ller]
+
+ *) Support the EBCDIC character set (work in progress).
+ File ebcdic.c not yet included because it has a different license.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Support BS2000/OSD-POSIX.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Make callbacks for key generation use void * instead of char *.
+ [Ben Laurie]
+
+ *) Make S/MIME samples compile (not yet tested).
+ [Ben Laurie]
+
+ *) Additional typesafe stacks.
+ [Ben Laurie]
+
+ *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+ [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a [29 May 1999]
+
+ *) New configuration variant "sco5-gcc".
+
+ *) Updated some demos.
+ [Sean O Riordain, Wade Scholine]
+
+ *) Add missing BIO_free at exit of pkcs12 application.
+ [Wu Zhigang]
+
+ *) Fix memory leak in conf.c.
+ [Steve Henson]
+
+ *) Updates for Win32 to assembler version of MD5.
+ [Steve Henson]
+
+ *) Set #! path to perl in apps/der_chop to where we found it
+ instead of using a fixed path.
+ [Bodo Moeller]
+
+ *) SHA library changes for irix64-mips4-cc.
+ [Andy Polyakov]
+
+ *) Improvements for VMS support.
+ [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3 [24 May 1999]
+
+ *) Bignum library bug fix. IRIX 6 passes "make test" now!
+ This also avoids the problems with SC4.2 and unpatched SC5.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+ These are required because of the typesafe stack would otherwise break
+ existing code. If old code used a structure member which used to be STACK
+ and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+ sk_num or sk_value it would produce an error because the num, data members
+ are not present in STACK_OF. Now it just produces a warning. sk_set
+ replaces the old method of assigning a value to sk_value
+ (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+ that does this will no longer work (and should use sk_set instead) but
+ this could be regarded as a "questionable" behaviour anyway.
+ [Steve Henson]
+
+ *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+ correctly handle encrypted S/MIME data.
+ [Steve Henson]
+
+ *) Change type of various DES function arguments from des_cblock
+ (which means, in function argument declarations, pointer to char)
+ to des_cblock * (meaning pointer to array with 8 char elements),
+ which allows the compiler to do more typechecking; it was like
+ that back in SSLeay, but with lots of ugly casts.
+
+ Introduce new type const_des_cblock.
+ [Bodo Moeller]
+
+ *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+ problems: find RecipientInfo structure that matches recipient certificate
+ and initialise the ASN1 structures properly based on passed cipher.
+ [Steve Henson]
+
+ *) Belatedly make the BN tests actually check the results.
+ [Ben Laurie]
+
+ *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+ to and from BNs: it was completely broken. New compilation option
+ NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+ key elements as negative integers.
+ [Steve Henson]
+
+ *) Reorganize and speed up MD5.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) VMS support.
+ [Richard Levitte <richard at levitte.org>]
+
+ *) New option -out to asn1parse to allow the parsed structure to be
+ output to a file. This is most useful when combined with the -strparse
+ option to examine the output of things like OCTET STRINGS.
+ [Steve Henson]
+
+ *) Make SSL library a little more fool-proof by not requiring any longer
+ that SSL_set_{accept,connect}_state be called before
+ SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+ in many applications because usually everything *appeared* to work as
+ intended anyway -- now it really works as intended).
+ [Bodo Moeller]
+
+ *) Move openssl.cnf out of lib/.
+ [Ulf M\xF6ller]
+
+ *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+ -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+ -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
+ [Ralf S. Engelschall]
+
+ *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+ handle PKCS#7 enveloped data properly.
+ [Sebastian Akerman <sak at parallelconsulting.com>, modified by Steve]
+
+ *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+ copying pointers. The cert_st handling is changed by this in
+ various ways (and thus what used to be known as ctx->default_cert
+ is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+ any longer when s->cert does not give us what we need).
+ ssl_cert_instantiate becomes obsolete by this change.
+ As soon as we've got the new code right (possibly it already is?),
+ we have solved a couple of bugs of the earlier code where s->cert
+ was used as if it could not have been shared with other SSL structures.
+
+ Note that using the SSL API in certain dirty ways now will result
+ in different behaviour than observed with earlier library versions:
+ Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+ does not influence s as it used to.
+
+ In order to clean up things more thoroughly, inside SSL_SESSION
+ we don't use CERT any longer, but a new structure SESS_CERT
+ that holds per-session data (if available); currently, this is
+ the peer's certificate chain and, for clients, the server's certificate
+ and temporary key. CERT holds only those values that can have
+ meaningful defaults in an SSL_CTX.
+ [Bodo Moeller]
+
+ *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+ from the internal representation. Various PKCS#7 fixes: remove some
+ evil casts and set the enc_dig_alg field properly based on the signing
+ key type.
+ [Steve Henson]
+
+ *) Allow PKCS#12 password to be set from the command line or the
+ environment. Let 'ca' get its config file name from the environment
+ variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+ and 'x509').
+ [Steve Henson]
+
+ *) Allow certificate policies extension to use an IA5STRING for the
+ organization field. This is contrary to the PKIX definition but
+ VeriSign uses it and IE5 only recognises this form. Document 'x509'
+ extension option.
+ [Steve Henson]
+
+ *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+ without disallowing inline assembler and the like for non-pedantic builds.
+ [Ben Laurie]
+
+ *) Support Borland C++ builder.
+ [Janez Jere <jj at void.si>, modified by Ulf M\xF6ller]
+
+ *) Support Mingw32.
+ [Ulf M\xF6ller]
+
+ *) SHA-1 cleanups and performance enhancements.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Sparc v8plus assembler for the bignum library.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Accept any -xxx and +xxx compiler options in Configure.
+ [Ulf M\xF6ller]
+
+ *) Update HPUX configuration.
+ [Anonymous]
+
+ *) Add missing sk_<type>_unshift() function to safestack.h
+ [Ralf S. Engelschall]
+
+ *) New function SSL_CTX_use_certificate_chain_file that sets the
+ "extra_cert"s in addition to the certificate. (This makes sense
+ only for "PEM" format files, as chains as a whole are not
+ DER-encoded.)
+ [Bodo Moeller]
+
+ *) Support verify_depth from the SSL API.
+ x509_vfy.c had what can be considered an off-by-one-error:
+ Its depth (which was not part of the external interface)
+ was actually counting the number of certificates in a chain;
+ now it really counts the depth.
+ [Bodo Moeller]
+
+ *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+ instead of X509err, which often resulted in confusing error
+ messages since the error codes are not globally unique
+ (e.g. an alleged error in ssl3_accept when a certificate
+ didn't match the private key).
+
+ *) New function SSL_CTX_set_session_id_context that allows to set a default
+ value (so that you don't need SSL_set_session_id_context for each
+ connection using the SSL_CTX).
+ [Bodo Moeller]
+
+ *) OAEP decoding bug fix.
+ [Ulf M\xF6ller]
+
+ *) Support INSTALL_PREFIX for package builders, as proposed by
+ David Harris.
+ [Bodo Moeller]
+
+ *) New Configure options "threads" and "no-threads". For systems
+ where the proper compiler options are known (currently Solaris
+ and Linux), "threads" is the default.
+ [Bodo Moeller]
+
+ *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+ [Bodo Moeller]
+
+ *) Install various scripts to $(OPENSSLDIR)/misc, not to
+ $(INSTALLTOP)/bin -- they shouldn't clutter directories
+ such as /usr/local/bin.
+ [Bodo Moeller]
+
+ *) "make linux-shared" to build shared libraries.
+ [Niels Poppe <niels at netbox.org>]
+
+ *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+ [Ulf M\xF6ller]
+
+ *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+ extension adding in x509 utility.
+ [Steve Henson]
+
+ *) Remove NOPROTO sections and error code comments.
+ [Ulf M\xF6ller]
+
+ *) Partial rewrite of the DEF file generator to now parse the ANSI
+ prototypes.
+ [Steve Henson]
+
+ *) New Configure options --prefix=DIR and --openssldir=DIR.
+ [Ulf M\xF6ller]
+
+ *) Complete rewrite of the error code script(s). It is all now handled
+ by one script at the top level which handles error code gathering,
+ header rewriting and C source file generation. It should be much better
+ than the old method: it now uses a modified version of Ulf's parser to
+ read the ANSI prototypes in all header files (thus the old K&R definitions
+ aren't needed for error creation any more) and do a better job of
+ translating function codes into names. The old 'ASN1 error code imbedded
+ in a comment' is no longer necessary and it doesn't use .err files which
+ have now been deleted. Also the error code call doesn't have to appear all
+ on one line (which resulted in some large lines...).
+ [Steve Henson]
+
+ *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+ [Bodo Moeller]
+
+ *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+ 0 (which usually indicates a closed connection), but continue reading.
+ [Bodo Moeller]
+
+ *) Fix some race conditions.
+ [Bodo Moeller]
+
+ *) Add support for CRL distribution points extension. Add Certificate
+ Policies and CRL distribution points documentation.
+ [Steve Henson]
+
+ *) Move the autogenerated header file parts to crypto/opensslconf.h.
+ [Ulf M\xF6ller]
+
+ *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+ 8 of keying material. Merlin has also confirmed interop with this fix
+ between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+ [Merlin Hughes <merlin at baltimore.ie>]
+
+ *) Fix lots of warnings.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+ the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Fix problems with sizeof(long) == 8.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Change functions to ANSI C.
+ [Ulf M\xF6ller]
+
+ *) Fix typos in error codes.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf M\xF6ller]
+
+ *) Remove defunct assembler files from Configure.
+ [Ulf M\xF6ller]
+
+ *) SPARC v8 assembler BIGNUM implementation.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Support for Certificate Policies extension: both print and set.
+ Various additions to support the r2i method this uses.
+ [Steve Henson]
+
+ *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+ return a const string when you are expecting an allocated buffer.
+ [Ben Laurie]
+
+ *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+ types DirectoryString and DisplayText.
+ [Steve Henson]
+
+ *) Add code to allow r2i extensions to access the configuration database,
+ add an LHASH database driver and add several ctx helper functions.
+ [Steve Henson]
+
+ *) Fix an evil bug in bn_expand2() which caused various BN functions to
+ fail when they extended the size of a BIGNUM.
+ [Steve Henson]
+
+ *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+ support typesafe stack.
+ [Steve Henson]
+
+ *) Fix typo in SSL_[gs]et_options().
+ [Nils Frostberg <nils at medcom.se>]
+
+ *) Delete various functions and files that belonged to the (now obsolete)
+ old X509V3 handling code.
+ [Steve Henson]
+
+ *) New Configure option "rsaref".
+ [Ulf M\xF6ller]
+
+ *) Don't auto-generate pem.h.
+ [Bodo Moeller]
+
+ *) Introduce type-safe ASN.1 SETs.
+ [Ben Laurie]
+
+ *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+ [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+ *) Introduce type-safe STACKs. This will almost certainly break lots of code
+ that links with OpenSSL (well at least cause lots of warnings), but fear
+ not: the conversion is trivial, and it eliminates loads of evil casts. A
+ few STACKed things have been converted already. Feel free to convert more.
+ In the fullness of time, I'll do away with the STACK type altogether.
+ [Ben Laurie]
+
+ *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+ specified in <certfile> by updating the entry in the index.txt file.
+ This way one no longer has to edit the index.txt file manually for
+ revoking a certificate. The -revoke option does the gory details now.
+ [Massimiliano Pala <madwolf at openca.org>, Ralf S. Engelschall]
+
+ *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+ `-text' option at all and this way the `-noout -text' combination was
+ inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+ [Ralf S. Engelschall]
+
+ *) Make sure a corresponding plain text error message exists for the
+ X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+ verify callback function determined that a certificate was revoked.
+ [Ralf S. Engelschall]
+
+ *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+ ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
+ all available cipers including rc5, which was forgotten until now.
+ In order to let the testing shell script know which algorithms
+ are available, a new (up to now undocumented) command
+ "openssl list-cipher-commands" is used.
+ [Bodo Moeller]
+
+ *) Bugfix: s_client occasionally would sleep in select() when
+ it should have checked SSL_pending() first.
+ [Bodo Moeller]
+
+ *) New functions DSA_do_sign and DSA_do_verify to provide access to
+ the raw DSA values prior to ASN.1 encoding.
+ [Ulf M\xF6ller]
+
+ *) Tweaks to Configure
+ [Niels Poppe <niels at netbox.org>]
+
+ *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+ yet...
+ [Steve Henson]
+
+ *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+ [Ulf M\xF6ller]
+
+ *) New config option to avoid instructions that are illegal on the 80386.
+ The default code is faster, but requires at least a 486.
+ [Ulf M\xF6ller]
+
+ *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+ SSL2_SERVER_VERSION (not used at all) macros, which are now the
+ same as SSL2_VERSION anyway.
+ [Bodo Moeller]
+
+ *) New "-showcerts" option for s_client.
+ [Bodo Moeller]
+
+ *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+ application. Various cleanups and fixes.
+ [Steve Henson]
+
+ *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+ modify error routines to work internally. Add error codes and PBE init
+ to library startup routines.
+ [Steve Henson]
+
+ *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+ packing functions to asn1 and evp. Changed function names and error
+ codes along the way.
+ [Steve Henson]
+
+ *) PKCS12 integration: and so it begins... First of several patches to
+ slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+ objects to objects.h
+ [Steve Henson]
+
+ *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+ and display support for Thawte strong extranet extension.
+ [Steve Henson]
+
+ *) Add LinuxPPC support.
+ [Jeff Dubrule <igor at pobox.org>]
+
+ *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+ bn_div_words in alpha.s.
+ [Hannes Reinecke <H.Reinecke at hw.ac.uk> and Ben Laurie]
+
+ *) Make sure the RSA OAEP test is skipped under -DRSAref because
+ OAEP isn't supported when OpenSSL is built with RSAref.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
+ so they no longer are missing under -DNOPROTO.
+ [Soren S. Jorvang <soren at t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b [22 Mar 1999]
+
+ *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+ doesn't work when the session is reused. Coming soon!
+ [Ben Laurie]
+
+ *) Fix a security hole, that allows sessions to be reused in the wrong
+ context thus bypassing client cert protection! All software that uses
+ client certs and session caches in multiple contexts NEEDS PATCHING to
+ allow session reuse! A fuller solution is in the works.
+ [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+ *) Some more source tree cleanups (removed obsolete files
+ crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+ permission on "config" script to be executable) and a fix for the INSTALL
+ document.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Remove some legacy and erroneous uses of malloc, free instead of
+ Malloc, Free.
+ [Lennart Bang <lob at netstream.se>, with minor changes by Steve]
+
+ *) Make rsa_oaep_test return non-zero on error.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Add support for native Solaris shared libraries. Configure
+ solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+ if someone would make that last step automatic.
+ [Matthias Loepfe <Matthias.Loepfe at AdNovum.CH>]
+
+ *) ctx_size was not built with the right compiler during "make links". Fixed.
+ [Ben Laurie]
+
+ *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+ except NULL ciphers". This means the default cipher list will no longer
+ enable NULL ciphers. They need to be specifically enabled e.g. with
+ the string "DEFAULT:eNULL".
+ [Steve Henson]
+
+ *) Fix to RSA private encryption routines: if p < q then it would
+ occasionally produce an invalid result. This will only happen with
+ externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+ [Steve Henson]
+
+ *) Be less restrictive and allow also `perl util/perlpath.pl
+ /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+ because this way one can also use an interpreter named `perl5' (which is
+ usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+ installed as `perl').
+ [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+ [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+ advapi32.lib to Win32 build and change the pem test comparision
+ to fc.exe (thanks to Ulrich Kroener <kroneru at yahoo.com> for the
+ suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+ and crypto/des/ede_cbcm_enc.c.
+ [Steve Henson]
+
+ *) DES quad checksum was broken on big-endian architectures. Fixed.
+ [Ben Laurie]
+
+ *) Comment out two functions in bio.h that aren't implemented. Fix up the
+ Win32 test batch file so it (might) work again. The Win32 test batch file
+ is horrible: I feel ill....
+ [Steve Henson]
+
+ *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+ in e_os.h. Audit of header files to check ANSI and non ANSI
+ sections: 10 functions were absent from non ANSI section and not exported
+ from Windows DLLs. Fixed up libeay.num for new functions.
+ [Steve Henson]
+
+ *) Make `openssl version' output lines consistent.
+ [Ralf S. Engelschall]
+
+ *) Fix Win32 symbol export lists for BIO functions: Added
+ BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+ to ms/libeay{16,32}.def.
+ [Ralf S. Engelschall]
+
+ *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+ fine under Unix and passes some trivial tests I've now added. But the
+ whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+ added to make sure no one expects that this stuff really works in the
+ OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources
+ up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+ openssl_bio.xs.
+ [Ralf S. Engelschall]
+
+ *) Fix the generation of two part addresses in perl.
+ [Kenji Miyake <kenji at miyake.org>, integrated by Ben Laurie]
+
+ *) Add config entry for Linux on MIPS.
+ [John Tobey <jtobey at channel1.com>]
+
+ *) Make links whenever Configure is run, unless we are on Windoze.
+ [Ben Laurie]
+
+ *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+ Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+ in CRLs.
+ [Steve Henson]
+
+ *) Add a useful kludge to allow package maintainers to specify compiler and
+ other platforms details on the command line without having to patch the
+ Configure script everytime: One now can use ``perl Configure
+ <id>:<details>'', i.e. platform ids are allowed to have details appended
+ to them (seperated by colons). This is treated as there would be a static
+ pre-configured entry in Configure's %table under key <id> with value
+ <details> and ``perl Configure <id>'' is called. So, when you want to
+ perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+ assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+ now, which overrides the FreeBSD-elf entry on-the-fly.
+ [Ralf S. Engelschall]
+
+ *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+ [Ben Laurie]
+
+ *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+ on the `perl Configure ...' command line. This way one can compile
+ OpenSSL libraries with Position Independent Code (PIC) which is needed
+ for linking it into DSOs.
+ [Ralf S. Engelschall]
+
+ *) Remarkably, export ciphers were totally broken and no-one had noticed!
+ Fixed.
+ [Ben Laurie]
+
+ *) Cleaned up the LICENSE document: The official contact for any license
+ questions now is the OpenSSL core team under openssl-core at openssl.org.
+ And add a paragraph about the dual-license situation to make sure people
+ recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+ to the OpenSSL toolkit.
+ [Ralf S. Engelschall]
+
+ *) General source tree makefile cleanups: Made `making xxx in yyy...'
+ display consistent in the source tree and replaced `/bin/rm' by `rm'.
+ Additonally cleaned up the `make links' target: Remove unnecessary
+ semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+ to speed processing and no longer clutter the display with confusing
+ stuff. Instead only the actually done links are displayed.
+ [Ralf S. Engelschall]
+
+ *) Permit null encryption ciphersuites, used for authentication only. It used
+ to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+ It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+ encryption.
+ [Ben Laurie]
+
+ *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+ signed attributes when verifying signatures (this would break them),
+ the detached data encoding was wrong and public keys obtained using
+ X509_get_pubkey() weren't freed.
+ [Steve Henson]
+
+ *) Add text documentation for the BUFFER functions. Also added a work around
+ to a Win95 console bug. This was triggered by the password read stuff: the
+ last character typed gets carried over to the next fread(). If you were
+ generating a new cert request using 'req' for example then the last
+ character of the passphrase would be CR which would then enter the first
+ field as blank.
+ [Steve Henson]
+
+ *) Added the new `Includes OpenSSL Cryptography Software' button as
+ doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+ button and can be used by applications based on OpenSSL to show the
+ relationship to the OpenSSL project.
+ [Ralf S. Engelschall]
+
+ *) Remove confusing variables in function signatures in files
+ ssl/ssl_lib.c and ssl/ssl.h.
+ [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+ *) Don't install bss_file.c under PREFIX/include/
+ [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+ *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+ functions that return function pointers and has support for NT specific
+ stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+ #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+ unsigned to signed types: this was killing the Win32 compile.
+ [Steve Henson]
+
+ *) Add new certificate file to stack functions,
+ SSL_add_dir_cert_subjects_to_stack() and
+ SSL_add_file_cert_subjects_to_stack(). These largely supplant
+ SSL_load_client_CA_file(), and can be used to add multiple certs easily
+ to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+ This means that Apache-SSL and similar packages don't have to mess around
+ to add as many CAs as they want to the preferred list.
+ [Ben Laurie]
+
+ *) Experiment with doxygen documentation. Currently only partially applied to
+ ssl/ssl_lib.c.
+ See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+ openssl.doxy as the configuration file.
+ [Ben Laurie]
+
+ *) Get rid of remaining C++-style comments which strict C compilers hate.
+ [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+ *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+ compiled in by default: it has problems with large keys.
+ [Steve Henson]
+
+ *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+ DH private keys and/or callback functions which directly correspond to
+ their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+ is needed for applications which have to configure certificates on a
+ per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+ (e.g. s_server).
+ For the RSA certificate situation is makes no difference, but
+ for the DSA certificate situation this fixes the "no shared cipher"
+ problem where the OpenSSL cipher selection procedure failed because the
+ temporary keys were not overtaken from the context and the API provided
+ no way to reconfigure them.
+ The new functions now let applications reconfigure the stuff and they
+ are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+ SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
+ non-public-API function ssl_cert_instantiate() is used as a helper
+ function and also to reduce code redundancy inside ssl_rsa.c.
+ [Ralf S. Engelschall]
+
+ *) Move s_server -dcert and -dkey options out of the undocumented feature
+ area because they are useful for the DSA situation and should be
+ recognized by the users.
+ [Ralf S. Engelschall]
+
+ *) Fix the cipher decision scheme for export ciphers: the export bits are
+ *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+ SSL_EXP_MASK. So, the original variable has to be used instead of the
+ already masked variable.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+ from `int' to `unsigned int' because it's a length and initialized by
+ EVP_DigestFinal() which expects an `unsigned int *'.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Don't hard-code path to Perl interpreter on shebang line of Configure
+ script. Instead use the usual Shell->Perl transition trick.
+ [Ralf S. Engelschall]
+
+ *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+ (in addition to RSA certificates) to match the behaviour of `openssl dsa
+ -noout -modulus' as it's already the case for `openssl rsa -noout
+ -modulus'. For RSA the -modulus is the real "modulus" while for DSA
+ currently the public key is printed (a decision which was already done by
+ `openssl dsa -modulus' in the past) which serves a similar purpose.
+ Additionally the NO_RSA no longer completely removes the whole -modulus
+ option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+ now, too.
+ [Ralf S. Engelschall]
+
+ *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+ BIO. See the source (crypto/evp/bio_ok.c) for more info.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+ to be added. Now both 'req' and 'ca' can use new objects defined in the
+ config file.
+ [Steve Henson]
+
+ *) Add cool BIO that does syslog (or event log on NT).
+ [Arne Ansper <arne at ats.cyber.ee>, integrated by Ben Laurie]
+
+ *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+ TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+ TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+ Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+ [Ben Laurie]
+
+ *) Add preliminary config info for new extension code.
+ [Steve Henson]
+
+ *) Make RSA_NO_PADDING really use no padding.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Generate errors when private/public key check is done.
+ [Ben Laurie]
+
+ *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+ for some CRL extensions and new objects added.
+ [Steve Henson]
+
+ *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+ key usage extension and fuller support for authority key id.
+ [Steve Henson]
+
+ *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+ padding method for RSA, which is recommended for new applications in PKCS
+ #1 v2.0 (RFC 2437, October 1998).
+ OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+ foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+ against Bleichbacher's attack on RSA.
+ [Ulf Moeller <ulf at fitug.de>, reformatted, corrected and integrated by
+ Ben Laurie]
+
+ *) Updates to the new SSL compression code
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Fix so that the version number in the master secret, when passed
+ via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+ (because the server will not accept higher), that the version number
+ is 0x03,0x01, not 0x03,0x00
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+ leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+ in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+ [Steve Henson]
+
+ *) Support for RAW extensions where an arbitrary extension can be
+ created by including its DER encoding. See apps/openssl.cnf for
+ an example.
+ [Steve Henson]
+
+ *) Make sure latest Perl versions don't interpret some generated C array
+ code as Perl array code in the crypto/err/err_genc.pl script.
+ [Lars Weber <3weber at informatik.uni-hamburg.de>]
+
+ *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+ not many people have the assembler. Various Win32 compilation fixes and
+ update to the INSTALL.W32 file with (hopefully) more accurate Win32
+ build instructions.
+ [Steve Henson]
+
+ *) Modify configure script 'Configure' to automatically create crypto/date.h
+ file under Win32 and also build pem.h from pem.org. New script
+ util/mkfiles.pl to create the MINFO file on environments that can't do a
+ 'make files': perl util/mkfiles.pl >MINFO should work.
+ [Steve Henson]
+
+ *) Major rework of DES function declarations, in the pursuit of correctness
+ and purity. As a result, many evil casts evaporated, and some weirdness,
+ too. You may find this causes warnings in your code. Zapping your evil
+ casts will probably fix them. Mostly.
+ [Ben Laurie]
+
+ *) Fix for a typo in asn1.h. Bug fix to object creation script
+ obj_dat.pl. It considered a zero in an object definition to mean
+ "end of object": none of the objects in objects.h have any zeros
+ so it wasn't spotted.
+ [Steve Henson, reported by Erwann ABALEA <eabalea at certplus.com>]
+
+ *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+ Masking (CBCM). In the absence of test vectors, the best I have been able
+ to do is check that the decrypt undoes the encrypt, so far. Send me test
+ vectors if you have them.
+ [Ben Laurie]
+
+ *) Correct calculation of key length for export ciphers (too much space was
+ allocated for null ciphers). This has not been tested!
+ [Ben Laurie]
+
+ *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+ message is now correct (it understands "crypto" and "ssl" on its
+ command line). There is also now an "update" option. This will update
+ the util/ssleay.num and util/libeay.num files with any new functions.
+ If you do a:
+ perl util/mkdef.pl crypto ssl update
+ it will update them.
+ [Steve Henson]
+
+ *) Overhauled the Perl interface (perl/*):
+ - ported BN stuff to OpenSSL's different BN library
+ - made the perl/ source tree CVS-aware
+ - renamed the package from SSLeay to OpenSSL (the files still contain
+ their history because I've copied them in the repository)
+ - removed obsolete files (the test scripts will be replaced
+ by better Test::Harness variants in the future)
+ [Ralf S. Engelschall]
+
+ *) First cut for a very conservative source tree cleanup:
+ 1. merge various obsolete readme texts into doc/ssleay.txt
+ where we collect the old documents and readme texts.
+ 2. remove the first part of files where I'm already sure that we no
+ longer need them because of three reasons: either they are just temporary
+ files which were left by Eric or they are preserved original files where
+ I've verified that the diff is also available in the CVS via "cvs diff
+ -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+ the crypto/md/ stuff).
+ [Ralf S. Engelschall]
+
+ *) More extension code. Incomplete support for subject and issuer alt
+ name, issuer and authority key id. Change the i2v function parameters
+ and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+ what that's for :-) Fix to ASN1 macro which messed up
+ IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+ [Steve Henson]
+
+ *) Preliminary support for ENUMERATED type. This is largely copied from the
+ INTEGER code.
+ [Steve Henson]
+
+ *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Make sure `make rehash' target really finds the `openssl' program.
+ [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+ like to hear about it if this slows down other processors.
+ [Ben Laurie]
+
+ *) Add CygWin32 platform information to Configure script.
+ [Alan Batie <batie at aahz.jf.intel.com>]
+
+ *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+ [Rainer W. Gerling <gerling at mpg-gv.mpg.de>]
+
+ *) New program nseq to manipulate netscape certificate sequences
+ [Steve Henson]
+
+ *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+ few typos.
+ [Steve Henson]
+
+ *) Fixes to BN code. Previously the default was to define BN_RECURSION
+ but the BN code had some problems that would cause failures when
+ doing certificate verification and some other functions.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add several PKIX and private extended key usage OIDs.
+ [Steve Henson]
+
+ *) Modify the 'ca' program to handle the new extension code. Modify
+ openssl.cnf for new extension format, add comments.
+ [Steve Henson]
+
+ *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+ and add a sample to openssl.cnf so req -x509 now adds appropriate
+ CA extensions.
+ [Steve Henson]
+
+ *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+ error code, add initial support to X509_print() and x509 application.
+ [Steve Henson]
+
+ *) Takes a deep breath and start addding X509 V3 extension support code. Add
+ files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+ stuff is currently isolated and isn't even compiled yet.
+ [Steve Henson]
+
+ *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+ ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+ Removed the versions check from X509 routines when loading extensions:
+ this allows certain broken certificates that don't set the version
+ properly to be processed.
+ [Steve Henson]
+
+ *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+ Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+ can still be regenerated with "make depend".
+ [Ben Laurie]
+
+ *) Spelling mistake in C version of CAST-128.
+ [Ben Laurie, reported by Jeremy Hylton <jeremy at cnri.reston.va.us>]
+
+ *) Changes to the error generation code. The perl script err-code.pl
+ now reads in the old error codes and retains the old numbers, only
+ adding new ones if necessary. It also only changes the .err files if new
+ codes are added. The makefiles have been modified to only insert errors
+ when needed (to avoid needlessly modifying header files). This is done
+ by only inserting errors if the .err file is newer than the auto generated
+ C file. To rebuild all the error codes from scratch (the old behaviour)
+ either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+ or delete all the .err files.
+ [Steve Henson]
+
+ *) CAST-128 was incorrectly implemented for short keys. The C version has
+ been fixed, but is untested. The assembler versions are also fixed, but
+ new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+ to regenerate it if needed.
+ [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+ Hagino <itojun at kame.net>]
+
+ *) File was opened incorrectly in randfile.c.
+ [Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+ functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+ GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+ al: it's just almost always a UTCTime. Note this patch adds new error
+ codes so do a "make errors" if there are problems.
+ [Steve Henson]
+
+ *) Correct Linux 1 recognition in config.
+ [Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Remove pointless MD5 hash when using DSA keys in ca.
+ [Anonymous <nobody at replay.com>]
+
+ *) Generate an error if given an empty string as a cert directory. Also
+ generate an error if handed NULL (previously returned 0 to indicate an
+ error, but didn't set one).
+ [Ben Laurie, reported by Anonymous <nobody at replay.com>]
+
+ *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+ [Ben Laurie]
+
+ *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+ parameters. This was causing a warning which killed off the Win32 compile.
+ [Steve Henson]
+
+ *) Remove C++ style comments from crypto/bn/bn_local.h.
+ [Neil Costigan <neil.costigan at celocom.com>]
+
+ *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+ based on a text string, looking up short and long names and finally
+ "dot" format. The "dot" format stuff didn't work. Added new function
+ OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
+ OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+ OID is not part of the table.
+ [Steve Henson]
+
+ *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+ X509_LOOKUP_by_alias().
+ [Ben Laurie]
+
+ *) Sort openssl functions by name.
+ [Ben Laurie]
+
+ *) Get the gendsa program working (hopefully) and add it to app list. Remove
+ encryption from sample DSA keys (in case anyone is interested the password
+ was "1234").
+ [Steve Henson]
+
+ *) Make _all_ *_free functions accept a NULL pointer.
+ [Frans Heymans <fheymans at isaserver.be>]
+
+ *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+ NULL pointers.
+ [Anonymous <nobody at replay.com>]
+
+ *) s_server should send the CAfile as acceptable CAs, not its own cert.
+ [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+ *) Don't blow it for numeric -newkey arguments to apps/req.
+ [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+ *) Temp key "for export" tests were wrong in s3_srvr.c.
+ [Anonymous <nobody at replay.com>]
+
+ *) Add prototype for temp key callback functions
+ SSL_CTX_set_tmp_{rsa,dh}_callback().
+ [Ben Laurie]
+
+ *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+ DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+ [Steve Henson]
+
+ *) X509_name_add_entry() freed the wrong thing after an error.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) rsa_eay.c would attempt to free a NULL context.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) BIO_s_socket() had a broken should_retry() on Windoze.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Make sure the already existing X509_STORE->depth variable is initialized
+ in X509_STORE_new(), but document the fact that this variable is still
+ unused in the certificate verification process.
+ [Ralf S. Engelschall]
+
+ *) Fix the various library and apps files to free up pkeys obtained from
+ X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+ [Steve Henson]
+
+ *) Fix reference counting in X509_PUBKEY_get(). This makes
+ demos/maurice/example2.c work, amongst others, probably.
+ [Steve Henson and Ben Laurie]
+
+ *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+ `openssl' and second, the shortcut symlinks for the `openssl <command>'
+ are no longer created. This way we have a single and consistent command
+ line interface `openssl <command>', similar to `cvs <command>'.
+ [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+ *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+ BIT STRING wrapper always have zero unused bits.
+ [Steve Henson]
+
+ *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+ [Steve Henson]
+
+ *) Make the top-level INSTALL documentation easier to understand.
+ [Paul Sutton]
+
+ *) Makefiles updated to exit if an error occurs in a sub-directory
+ make (including if user presses ^C) [Paul Sutton]
+
+ *) Make Montgomery context stuff explicit in RSA data structure.
+ [Ben Laurie]
+
+ *) Fix build order of pem and err to allow for generated pem.h.
+ [Ben Laurie]
+
+ *) Fix renumbering bug in X509_NAME_delete_entry().
+ [Ben Laurie]
+
+ *) Enhanced the err-ins.pl script so it makes the error library number
+ global and can add a library name. This is needed for external ASN1 and
+ other error libraries.
+ [Steve Henson]
+
+ *) Fixed sk_insert which never worked properly.
+ [Steve Henson]
+
+ *) Fix ASN1 macros so they can handle indefinite length construted
+ EXPLICIT tags. Some non standard certificates use these: they can now
+ be read in.
+ [Steve Henson]
+
+ *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+ into a single doc/ssleay.txt bundle. This way the information is still
+ preserved but no longer messes up this directory. Now it's new room for
+ the new set of documenation files.
+ [Ralf S. Engelschall]
+
+ *) SETs were incorrectly DER encoded. This was a major pain, because they
+ shared code with SEQUENCEs, which aren't coded the same. This means that
+ almost everything to do with SETs or SEQUENCEs has either changed name or
+ number of arguments.
+ [Ben Laurie, based on a partial fix by GP Jayan <gp at nsj.co.jp>]
+
+ *) Fix test data to work with the above.
+ [Ben Laurie]
+
+ *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+ was already fixed by Eric for 0.9.1 it seems.
+ [Ben Laurie - pointed out by Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Autodetect FreeBSD3.
+ [Ben Laurie]
+
+ *) Fix various bugs in Configure. This affects the following platforms:
+ nextstep
+ ncr-scde
+ unixware-2.0
+ unixware-2.0-pentium
+ sco5-cc.
+ [Ben Laurie]
+
+ *) Eliminate generated files from CVS. Reorder tests to regenerate files
+ before they are needed.
+ [Ben Laurie]
+
+ *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+ [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c [23-Dec-1998]
+
+ *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
+ changed SSLeay to OpenSSL in version strings.
+ [Ralf S. Engelschall]
+
+ *) Some fixups to the top-level documents.
+ [Paul Sutton]
+
+ *) Fixed the nasty bug where rsaref.h was not found under compile-time
+ because the symlink to include/ was missing.
+ [Ralf S. Engelschall]
+
+ *) Incorporated the popular no-RSA/DSA-only patches
+ which allow to compile a RSA-free SSLeay.
+ [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+ *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+ when "ssleay" is still not found.
+ [Ralf S. Engelschall]
+
+ *) Added more platforms to Configure: Cray T3E, HPUX 11,
+ [Ralf S. Engelschall, Beckmann <beckman at acl.lanl.gov>]
+
+ *) Updated the README file.
+ [Ralf S. Engelschall]
+
+ *) Added various .cvsignore files in the CVS repository subdirs
+ to make a "cvs update" really silent.
+ [Ralf S. Engelschall]
+
+ *) Recompiled the error-definition header files and added
+ missing symbols to the Win32 linker tables.
+ [Ralf S. Engelschall]
+
+ *) Cleaned up the top-level documents;
+ o new files: CHANGES and LICENSE
+ o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
+ o merged COPYRIGHT into LICENSE
+ o removed obsolete TODO file
+ o renamed MICROSOFT to INSTALL.W32
+ [Ralf S. Engelschall]
+
+ *) Removed dummy files from the 0.9.1b source tree:
+ crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+ crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+ crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+ crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+ util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+ [Ralf S. Engelschall]
+
+ *) Added various platform portability fixes.
+ [Mark J. Cox]
+
+ *) The Genesis of the OpenSSL rpject:
+ We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+ Young and Tim J. Hudson created while they were working for C2Net until
+ summer 1998.
+ [The OpenSSL Project]
+
+
+ Changes between 0.9.0b and 0.9.1b [not released]
+
+ *) Updated a few CA certificates under certs/
+ [Eric A. Young]
+
+ *) Changed some BIGNUM api stuff.
+ [Eric A. Young]
+
+ *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
+ DGUX x86, Linux Alpha, etc.
+ [Eric A. Young]
+
+ *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
+ RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+ available).
+ [Eric A. Young]
+
+ *) Add -strparse option to asn1pars program which parses nested
+ binary structures
+ [Dr Stephen Henson <shenson at bigfoot.com>]
+
+ *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+ [Eric A. Young]
+
+ *) DSA fix for "ca" program.
+ [Eric A. Young]
+
+ *) Added "-genkey" option to "dsaparam" program.
+ [Eric A. Young]
+
+ *) Added RIPE MD160 (rmd160) message digest.
+ [Eric A. Young]
+
+ *) Added -a (all) option to "ssleay version" command.
+ [Eric A. Young]
+
+ *) Added PLATFORM define which is the id given to Configure.
+ [Eric A. Young]
+
+ *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+ [Eric A. Young]
+
+ *) Extended the ASN.1 parser routines.
+ [Eric A. Young]
+
+ *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+ [Eric A. Young]
+
+ *) Added a BN_CTX to the BN library.
+ [Eric A. Young]
+
+ *) Fixed the weak key values in DES library
+ [Eric A. Young]
+
+ *) Changed API in EVP library for cipher aliases.
+ [Eric A. Young]
+
+ *) Added support for RC2/64bit cipher.
+ [Eric A. Young]
+
+ *) Converted the lhash library to the crypto/mem.c functions.
+ [Eric A. Young]
+
+ *) Added more recognized ASN.1 object ids.
+ [Eric A. Young]
+
+ *) Added more RSA padding checks for SSL/TLS.
+ [Eric A. Young]
+
+ *) Added BIO proxy/filter functionality.
+ [Eric A. Young]
+
+ *) Added extra_certs to SSL_CTX which can be used
+ send extra CA certificates to the client in the CA cert chain sending
+ process. It can be configured with SSL_CTX_add_extra_chain_cert().
+ [Eric A. Young]
+
+ *) Now Fortezza is denied in the authentication phase because
+ this is key exchange mechanism is not supported by SSLeay at all.
+ [Eric A. Young]
+
+ *) Additional PKCS1 checks.
+ [Eric A. Young]
+
+ *) Support the string "TLSv1" for all TLS v1 ciphers.
+ [Eric A. Young]
+
+ *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+ ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+ [Eric A. Young]
+
+ *) Fixed a few memory leaks.
+ [Eric A. Young]
+
+ *) Fixed various code and comment typos.
+ [Eric A. Young]
+
+ *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
+ bytes sent in the client random.
+ [Edward Bishop <ebishop at spyglass.com>]
+
Added: vendor-crypto/openssl/dist/CHANGES.SSLeay
===================================================================
--- vendor-crypto/openssl/dist/CHANGES.SSLeay (rev 0)
+++ vendor-crypto/openssl/dist/CHANGES.SSLeay 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,968 @@
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+ SSLeay CHANGES
+ ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline. Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+ - Patch for Cray T90 from Wayne Schroeder <schroede at SDSC.EDU>
+ - Lots and lots of changes
+
+29-Jan-98
+ - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+ Goetz Babin-Ebell <babinebell at trustcenter.de>.
+ - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+ TLS1_VERSION.
+
+7-Jan-98
+ - Finally reworked the cipher string to ciphers again, so it
+ works correctly
+ - All the app_data stuff is now ex_data with funcion calls to access.
+ The index is supplied by a function and 'methods' can be setup
+ for the types that are called on XXX_new/XXX_free. This lets
+ applications get notified on creation and destruction. Some of
+ the RSA methods could be implemented this way and I may do so.
+ - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+ - Warning - the gethostbyname cache is not fully thread safe,
+ but it should work well enough.
+ - Major internal reworking of the app_data stuff. More functions
+ but if you were accessing ->app_data directly, things will
+ stop working.
+ - The perlv5 stuff is working. Currently on message digests,
+ ciphers and the bignum library.
+
+9-Dec-97
+ - Modified re-negotiation so that server initated re-neg
+ will cause a SSL_read() to return -1 should retry.
+ The danger otherwise was that the server and the
+ client could end up both trying to read when using non-blocking
+ sockets.
+
+4-Dec-97
+ - Lots of small changes
+ - Fix for binaray mode in Windows for the FILE BIO, thanks to
+ Bob Denny <rdenny at dc3.com>
+
+17-Nov-97
+ - Quite a few internal cleanups, (removal of errno, and using macros
+ defined in e_os.h).
+ - A bug in ca.c, pointed out by yasuyuki-ito at d-cruise.co.jp, where
+ the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+ - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
+ for x86.
+
+21-Oct-97
+ - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+ - cbc mode for blowfish/des/3des is now in assember. Blowfish asm
+ has also been improved. At this point in time, on the pentium,
+ md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+ des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+ is %62 faster.
+
+12-Oct-97
+ - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+ to the value we are 'growing' to. Think of MEM_BUF_grow() as the
+ way to set the length value correctly.
+
+10-Oct-97
+ - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+ This breaks things again :-(. This is efficent since I cache
+ the DER encoding of the RDN.
+ - The text DN now puts in the numeric OID instead of UNKNOWN.
+ - req can now process arbitary OIDs in the config file.
+ - I've been implementing md5 in x86 asm, much faster :-).
+ - Started sha1 in x86 asm, needs more work.
+ - Quite a few speedups in the BN stuff. RSA public operation
+ has been made faster by caching the BN_MONT_CTX structure.
+ The calulating of the Ai where A*Ai === 1 mod m was rather
+ expensive. Basically a 40-50% speedup on public operations.
+ The RSA speedup is now 15% on pentiums and %20 on pentium
+ pro.
+
+30-Sep-97
+ - After doing some profiling, I added x86 adm for bn_add_words(),
+ which just adds 2 arrays of longs together. A %10 speedup
+ for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+ - Converted the x86 bignum assembler to us the perl scripts
+ for generation.
+
+23-Sep-97
+ - If SSL_set_session() is passed a NULL session, it now clears the
+ current session-id.
+
+22-Sep-97
+ - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
+ certificates.
+ - Bug in crypto/evp/encode.c where by decoding of 65 base64
+ encoded lines, one line at a time (via a memory BIO) would report
+ EOF after the first line was decoded.
+ - Fix in X509_find_by_issuer_and_serial() from
+ Dr Stephen Henson <shenson at bigfoot.com>
+
+19-Sep-97
+ - NO_FP_API and NO_STDIO added.
+ - Put in sh config command. It auto runs Configure with the correct
+ parameters.
+
+18-Sep-97
+ - Fix x509.c so if a DSA cert has different parameters to its parent,
+ they are left in place. Not tested yet.
+
+16-Sep-97
+ - ssl_create_cipher_list() had some bugs, fixes from
+ Patrick Eisenacher <eisenach at stud.uni-frankfurt.de>
+ - Fixed a bug in the Base64 BIO, where it would return 1 instead
+ of -1 when end of input was encountered but should retry.
+ Basically a Base64/Memory BIO interaction problem.
+ - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+ - Top level makefile tweak - Cameron Simpson <cs at zip.com.au>
+ - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+ by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+ - Ugly bug in ssl3_write_bytes(). Basically if application land
+ does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+ did not check the size and tried to copy the entire buffer.
+ This would tend to cause memory overwrites since SSLv3 has
+ a maximum packet size of 16k. If your program uses
+ buffers <= 16k, you would probably never see this problem.
+ - Fixed a new errors that were cause by malloc() not returning
+ 0 initialised memory..
+ - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+ since this flags stops SSLeay being able to handle client
+ cert requests correctly.
+
+08-Sep-97
+ - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
+ on, the SSL server routines will not use a SSL_SESSION that is
+ held in it's cache. This in intended to be used with the session-id
+ callbacks so that while the session-ids are still stored in the
+ cache, the decision to use them and how to look them up can be
+ done by the callbacks. The are the 'new', 'get' and 'remove'
+ callbacks. This can be used to determine the session-id
+ to use depending on information like which port/host the connection
+ is coming from. Since the are also SSL_SESSION_set_app_data() and
+ SSL_SESSION_get_app_data() functions, the application can hold
+ information against the session-id as well.
+
+03-Sep-97
+ - Added lookup of CRLs to the by_dir method,
+ X509_load_crl_file() also added. Basically it means you can
+ lookup CRLs via the same system used to lookup certificates.
+ - Changed things so that the X509_NAME structure can contain
+ ASN.1 BIT_STRINGS which is required for the unique
+ identifier OID.
+ - Fixed some problems with the auto flushing of the session-id
+ cache. It was not occuring on the server side.
+
+02-Sep-97
+ - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+ which is the maximum number of entries allowed in the
+ session-id cache. This is enforced with a simple FIFO list.
+ The default size is 20*1024 entries which is rather large :-).
+ The Timeout code is still always operating.
+
+01-Sep-97
+ - Added an argument to all the 'generate private key/prime`
+ callbacks. It is the last parameter so this should not
+ break existing code but it is needed for C++.
+ - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+ BIO. This lets the BIO read and write base64 encoded data
+ without inserting or looking for '\n' characters. The '-A'
+ flag turns this on when using apps/enc.c.
+ - RSA_NO_PADDING added to help BSAFE functionality. This is a
+ very dangerous thing to use, since RSA private key
+ operations without random padding bytes (as PKCS#1 adds) can
+ be attacked such that the private key can be revealed.
+ - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+ Dr Stephen Henson <shenson at bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)
+ - Linux pthreads by Tim Hudson (tjh at cryptsoft.com).
+ - RSA_flags() added allowing bypass of pub/priv match check
+ in ssl/ssl_rsa.c - Tim Hudson.
+ - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+ - Server side initated dynamic renegotiation is broken. I will fix
+ it when I get back from holidays.
+
+15-Jul-97
+ - Quite a few small changes.
+ - INVALID_SOCKET usage cleanups from Alex Kiernan <alex at hisoft.co.uk>
+
+09-Jul-97
+ - Added 2 new values to the SSL info callback.
+ SSL_CB_START which is passed when the SSL protocol is started
+ and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+ - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+ that related to DSA public/private keys.
+ - Added all the relevent PEM and normal IO functions to support
+ reading and writing RSAPublic keys.
+ - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+ - Error in ERR_remove_state() that would leave a dangling reference
+ to a free()ed location - thanks to Alex Kiernan <alex at hisoft.co.uk>
+ - s_client now prints the X509_NAMEs passed from the server
+ when requesting a client cert.
+ - Added a ssl->type, which is one of SSL_ST_CONNECT or
+ SSL_ST_ACCEPT. I had to add it so I could tell if I was
+ a connect or an accept after the handshake had finished.
+ - SSL_get_client_CA_list(SSL *s) now returns the CA names
+ passed by the server if called by a client side SSL.
+
+05-Jul-97
+ - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+ 0, not -1 :-( Fix from Tim Hudson (tjh at cryptsoft.com).
+
+04-Jul-97
+ - Fixed some things in X509_NAME_add_entry(), thanks to
+ Matthew Donald <matthew at world.net>.
+ - I had a look at the cipher section and though that it was a
+ bit confused, so I've changed it.
+ - I was not setting up the RC4-64-MD5 cipher correctly. It is
+ a MS special that appears in exported MS Money.
+ - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
+ spec. I was missing the two byte length header for the
+ ClientDiffieHellmanPublic value. This is a packet sent from
+ the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+ option will enable SSLeay server side SSLv3 accept either
+ the correct or my 080 packet format.
+ - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+ - Alias mapping for EVP_get_(digest|cipher)byname is now
+ performed before a lookup for actual cipher. This means
+ that an alias can be used to 're-direct' a cipher or a
+ digest.
+ - ASN1_read_bio() had a bug that only showed up when using a
+ memory BIO. When EOF is reached in the memory BIO, it is
+ reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+ - Fixed an error in X509_verify_cert() caused by my
+ miss-understanding how 'do { contine } while(0);' works.
+ Thanks to Emil Sit <sit at mit.edu> for educating me :-)
+
+30-Jun-97
+ - Base64 decoding error. If the last data line did not end with
+ a '=', sometimes extra data would be returned.
+ - Another 'cut and paste' bug in x509.c related to setting up the
+ STDout BIO.
+
+27-Jun-97
+ - apps/ciphers.c was not printing due to an editing error.
+ - Alex Kiernan <alex at hisoft.co.uk> send in a nice fix for
+ a library build error in util/mk1mf.pl
+
+26-Jun-97
+ - Still did not have the auto 'experimental' code removal
+ script correct.
+ - A few header tweaks for Watcom 11.0 under Win32 from
+ Rolf Lindemann <Lindemann at maz-hh.de>
+ - 0 length OCTET_STRING bug in asn1_parse
+ - A minor fix with an non-existent function in the MS .def files.
+ - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+ SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+ Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+ use a temporary RSA key. This is experimental and needs some more work.
+ Fixed a few Win16 build problems.
+
+23-Jun-97
+ SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+ correctly. I was taking the SSL->ctx->default_cert when I should
+ have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+ X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+ rest of the library. Even though I had the code required to do
+ it correctly, apps/req.c was doing the wrong thing. I have fixed
+ and tested everything.
+
+ Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+ Fixed a bug in the SSLv2 server side first packet handling. When
+ using the non-blocking test BIO, the ssl->s2->first_packet flag
+ was being reset when a would-block failure occurred when reading
+ the first 5 bytes of the first packet. This caused the checking
+ logic to run at the wrong time and cause an error.
+
+ Fixed a problem with specifying cipher. If RC4-MD5 were used,
+ only the SSLv3 version would be picked up. Now this will pick
+ up both SSLv2 and SSLv3 versions. This required changing the
+ SSL_CIPHER->mask values so that they only mask the ciphers,
+ digests, authentication, export type and key-exchange algorithms.
+
+ I found that when a SSLv23 session is established, a reused
+ session, of type SSLv3 was attempting to write the SSLv2
+ ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
+ method has been modified so it will only write out cipher which
+ that method knows about.
+
+
+ Changes between 0.8.0 and 0.8.1
+
+ *) Mostly bug fixes.
+ There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future. Currently I'm just getting 080 out
+the door. Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh at cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh at cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+ too if you are working with BIO internal stuff (as distinct
+ from simply using the interface in an opaque manner)
+
+#include "bio.h" - required along with "buffer.h" if you write
+ your own BIO routines as the buffer and bio
+ stuff that was intermixed has been separated
+ out
+
+envelope.h -> evp.h (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new() - requires an extra method parameter
+ SSL_CTX_new(SSLv23_method())
+ SSL_CTX_new(SSLv2_method())
+ SSL_CTX_new(SSLv3_method())
+
+ OR to only have the server or the client code
+ SSL_CTX_new(SSLv23_server_method())
+ SSL_CTX_new(SSLv2_server_method())
+ SSL_CTX_new(SSLv3_server_method())
+ or
+ SSL_CTX_new(SSLv23_client_method())
+ SSL_CTX_new(SSLv2_client_method())
+ SSL_CTX_new(SSLv3_client_method())
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
+ or provide a buffer and size to copy the
+ result into
+
+X509_add_cert -> X509_STORE_add_cert (and you might want to read the
+ notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using
+ b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_clear_retry_flags(b)
+
+ b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+ and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+
+ *) There have been lots of changes, mostly the addition of SSLv3.
+ There have been many additions from people and amongst
+ others, C2Net has assisted greatly.
+
+ Changes between 0.7.x and 0.7.x
+
+ *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+ From 191,000 per second on a pentium 100, I now get 281,000. The inner
+ loop and the IP/FP modifications are from
+ Svend Olaf Mikkelsen <svolaf at inet.uni-c.dk>. Many thanks for his
+ contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+ DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
+ is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish. It is not used by SSL but all the other stuff that
+ deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+ There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
+ BF_PTR2 is pentium/x86 specific. The correct option is setup in
+ the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+ 'non-blocking'. If more details are required, let me know. It will
+ documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
+ now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
+
+After quite some time (3 months), the new release. I have been very busy
+for the last few months and so this is mostly bug fixes and improvments.
+
+The main additions are
+
+- assember for x86 DES. For all those gcc based systems, this is a big
+ improvement. From 117,000 DES operation a second on a pentium 100,
+ I now get 191,000. I have also reworked the C version so it
+ now gives 148,000 DESs per second.
+- As mentioned above, the inner DES macros now have some more variant that
+ sometimes help, sometimes hinder performance. There are now 3 options
+ DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
+ and DES_RISC (a more register intensive version of the inner macro).
+ The crypto/des/des_opts.c program, when compiled and run, will give
+ an indication of the correct options to use.
+- The BIO stuff has been improved. Read doc/bio.doc. There are now
+ modules for encryption and base64 encoding and a BIO_printf() function.
+- The CA program will accept simple one line X509v3 extensions in the
+ ssleay.cnf file. Have a look at the example. Currently this just
+ puts the text into the certificate as an OCTET_STRING so currently
+ the more advanced X509v3 data types are not handled but this is enough
+ for the netscape extensions.
+- There is the start of a nicer higher level interface to the X509
+ strucutre.
+- Quite a lot of bug fixes.
+- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
+ to define the malloc(), free() and realloc() routines to use
+ (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
+ using DLLs and mixing CRT libraries.
+
+In general, read the 'VERSION' file for changes and be aware that some of
+the new stuff may not have been tested quite enough yet, so don't just plonk
+in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
+
+SSLeay 0.6.4 30/08/96 eay
+
+I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
+Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
+
+The main changes in this release
+
+- Thread safe. have a read of doc/threads.doc and play in the mt directory.
+ For anyone using 0.6.3 with threads, I found 2 major errors so consider
+ moving to 0.6.4. I have a test program that builds under NT and
+ solaris.
+- The get session-id callback has changed. Have a read of doc/callback.doc.
+- The X509_cert_verify callback (the SSL_verify callback) now
+ has another argument. Have a read of doc/callback.doc
+- 'ca -preserve', sign without re-ordering the DN. Not tested much.
+- VMS support.
+- Compile time memory leak detection can now be built into SSLeay.
+ Read doc/memory.doc
+- CONF routines now understand '\', '\n', '\r' etc. What this means is that
+ the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
+- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
+- RC2 key setup is now compatable with Netscape.
+- Modifed server side of SSL implementation, big performance difference when
+ using session-id reuse.
+
+0.6.3
+
+Bug fixes and the addition of some nice stuff to the 'ca' program.
+Have a read of doc/ns-ca.doc for how hit has been modified so
+it can be driven from a CGI script. The CGI script is not provided,
+but that is just being left as an excersize for the reader :-).
+
+0.6.2
+
+This is most bug fixes and functionality improvements.
+
+Additions are
+- More thread debugging patches, the thread stuff is still being
+ tested, but for those keep to play with stuff, have a look in
+ crypto/cryptlib.c. The application needs to define 1 (or optionaly
+ a second) callback that is used to implement locking. Compiling
+ with LOCK_DEBUG spits out lots of locking crud :-).
+ This is what I'm currently working on.
+- SSL_CTX_set_default_passwd_cb() can be used to define the callback
+ function used in the SSL*_file() functions used to load keys. I was
+ always of the opinion that people should call
+ PEM_read_RSAPrivateKey() and pass the callback they want to use, but
+ it appears they just want to use the SSL_*_file() function() :-(.
+- 'enc' now has a -kfile so a key can be read from a file. This is
+ mostly used so that the passwd does not appear when using 'ps',
+ which appears imposible to stop under solaris.
+- X509v3 certificates now work correctly. I even have more examples
+ in my tests :-). There is now a X509_EXTENSION type that is used in
+ X509v3 certificates and CRLv2.
+- Fixed that signature type error :-(
+- Fixed quite a few potential memory leaks and problems when reusing
+ X509, CRL and REQ structures.
+- EVP_set_pw_prompt() now sets the library wide default password
+ prompt.
+- The 'pkcs7' command will now, given the -print_certs flag, output in
+ pem format, all certificates and CRL contained within. This is more
+ of a pre-emtive thing for the new verisign distribution method. I
+ should also note, that this also gives and example in code, of how
+ to do this :-), or for that matter, what is involved in going the
+ other way (list of certs and crl -> pkcs7).
+- Added RSA's DESX to the DES library. It is also available via the
+ EVP_desx_cbc() method and via 'enc desx'.
+
+SSLeay 0.6.1
+
+The main functional changes since 0.6.0 are as follows
+- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
+ that from now on, I'll keep the .def numbers the same so they will be.
+- RSA private key operations are about 2 times faster that 0.6.0
+- The SSL_CTX now has more fields so default values can be put against
+ it. When an SSL structure is created, these default values are used
+ but can be overwritten. There are defaults for cipher, certificate,
+ private key, verify mode and callback. This means SSL session
+ creation can now be
+ ssl=SSL_new()
+ SSL_set_fd(ssl,sock);
+ SSL_accept(ssl)
+ ....
+ All the other uglyness with having to keep a global copy of the
+ private key and certificate/verify mode in the server is now gone.
+- ssl/ssltest.c - one process talking SSL to its self for testing.
+- Storage of Session-id's can be controled via a session_cache_mode
+ flag. There is also now an automatic default flushing of
+ old session-id's.
+- The X509_cert_verify() function now has another parameter, this
+ should not effect most people but it now means that the reason for
+ the failure to verify is now available via SSL_get_verify_result(ssl).
+ You don't have to use a global variable.
+- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
+ application data against the SSL structure. It is upto the application
+ to free the data. I don't use it, but it is available.
+- SSL_CTX_set_cert_verify_callback() can be used to specify a
+ verify callback function that completly replaces my certificate
+ verification code. Xcert should be able to use this :-).
+ The callback is of the form int app_verify_callback(arg,ssl,cert).
+ This needs to be documented more.
+- I have started playing with shared library builds, have a look in
+ the shlib directory. It is very simple. If you need a numbered
+ list of functions, have a look at misc/crypto.num and misc/ssl.num.
+- There is some stuff to do locking to make the library thread safe.
+ I have only started this stuff and have not finished. If anyone is
+ keen to do so, please send me the patches when finished.
+
+So I have finally made most of the additions to the SSL interface that
+I thought were needed.
+
+There will probably be a pause before I make any non-bug/documentation
+related changes to SSLeay since I'm feeling like a bit of a break.
+
+eric - 12 Jul 1996
+I saw recently a comment by some-one that we now seem to be entering
+the age of perpetual Beta software.
+Pioneered by packages like linux but refined to an art form by
+netscape.
+
+I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
+
+There are quite a large number of sections that are 'works in
+progress' in this package. I will also list the major changes and
+what files you should read.
+
+BIO - this is the new IO structure being used everywhere in SSLeay. I
+started out developing this because of microsoft, I wanted a mechanism
+to callback to the application for all IO, so Windows 3.1 DLL
+perversion could be hidden from me and the 15 different ways to write
+to a file under NT would also not be dictated by me at library build
+time. What the 'package' is is an API for a data structure containing
+functions. IO interfaces can be written to conform to the
+specification. This in not intended to hide the underlying data type
+from the application, but to hide it from SSLeay :-).
+I have only really finished testing the FILE * and socket/fd modules.
+There are also 'filter' BIO's. Currently I have only implemented
+message digests, and it is in use in the dgst application. This
+functionality will allow base64/encrypto/buffering modules to be
+'push' into a BIO without it affecting the semantics. I'm also
+working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
+from an event loop which uses the interface.
+It is also possible to 'attach' callbacks to a BIO so they get called
+before and after each operation, alowing extensive debug output
+to be generated (try running dgst with -d).
+
+Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
+functions that used to take FILE *, now take BIO *.
+The wrappers are easy to write
+
+function_fp(fp,x)
+FILE *fp;
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=function_bio(b,x);
+ BIO_free(b);
+ return(ret);
+ }
+Remember, there are no functions that take FILE * in SSLeay when
+compiled for Windows 3.1 DLL's.
+
+--
+I have added a general EVP_PKEY type that can hold a public/private
+key. This is now what is used by the EVP_ functions and is passed
+around internally. I still have not done the PKCS#8 stuff, but
+X509_PKEY is defined and waiting :-)
+
+--
+For a full function name listings, have a look at ms/crypt32.def and
+ms/ssl32.def. These are auto-generated but are complete.
+Things like ASN1_INTEGER_get() have been added and are in here if you
+look. I have renamed a few things, again, have a look through the
+function list and you will probably find what you are after. I intend
+to at least put a one line descrition for each one.....
+
+--
+Microsoft - thats what this release is about, read the MICROSOFT file.
+
+--
+Multi-threading support. I have started hunting through the code and
+flaging where things need to be done. In a state of work but high on
+the list.
+
+--
+For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
+be be you random data device, otherwise 'RFILE' in e_os.h
+will be used, in your home directory. It will be updated
+periodically. The environment variable RANDFILE will override this
+choice and read/write to that file instead. DEVRANDOM is used in
+conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
+number generator, pick on one of these files.
+
+--
+
+The list of things to read and do
+
+dgst -d
+s_client -state (this uses a callback placed in the SSL state loop and
+ will be used else-where to help debug/monitor what
+ is happening.)
+
+doc/why.doc
+doc/bio.doc <- hmmm, needs lots of work.
+doc/bss_file.doc <- one that is working :-)
+doc/session.doc <- it has changed
+doc/speed.doc
+ also play with ssleay version -a. I have now added a SSLeay()
+ function that returns a version number, eg 0600 for this release
+ which is primarily to be used to check DLL version against the
+ application.
+util/* Quite a few will not interest people, but some may, like
+ mk1mf.pl, mkdef.pl,
+util/do_ms.sh
+
+try
+cc -Iinclude -Icrypto -c crypto/crypto.c
+cc -Iinclude -Issl -c ssl/ssl.c
+You have just built the SSLeay libraries as 2 object files :-)
+
+Have a general rummage around in the bin stall directory and look at
+what is in there, like CA.sh and c_rehash
+
+There are lots more things but it is 12:30am on a Friday night and I'm
+heading home :-).
+
+eric 22-Jun-1996
+This version has quite a few major bug fixes and improvements. It DOES NOT
+do SSLv3 yet.
+
+The main things changed
+- A Few days ago I added the s_mult application to ssleay which is
+ a demo of an SSL server running in an event loop type thing.
+ It supports non-blocking IO, I have finally gotten it right, SSL_accept()
+ can operate in non-blocking IO mode, look at the code to see how :-).
+ Have a read of doc/s_mult as well. This program leaks memory and
+ file descriptors everywhere but I have not cleaned it up yet.
+ This is a demo of how to do non-blocking IO.
+- The SSL session management has been 'worked over' and there is now
+ quite an expansive set of functions to manipulate them. Have a read of
+ doc/session.doc for some-things I quickly whipped up about how it now works.
+ This assume you know the SSLv2 protocol :-)
+- I can now read/write the netscape certificate format, use the
+ -inform/-outform 'net' options to the x509 command. I have not put support
+ for this type in the other demo programs, but it would be easy to add.
+- asn1parse and 'enc' have been modified so that when reading base64
+ encoded files (pem format), they do not require '-----BEGIN' header lines.
+ The 'enc' program had a buffering bug fixed, it can be used as a general
+ base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
+ respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
+ into a form of 'cat'.
+- The 'x509' and 'req' programs have been fixed and modified a little so
+ that they generate self-signed certificates correctly. The test
+ script actually generates a 'CA' certificate and then 'signs' a
+ 'user' certificate. Have a look at this shell script (test/sstest)
+ to see how things work, it tests most possible combinations of what can
+ be done.
+- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
+ of SSL_set_cipher_list() is now the correct API (stops confusion :-).
+ If this function is used in the client, only the specified ciphers can
+ be used, with preference given to the order the ciphers were listed.
+ For the server, if this is used, only the specified ciphers will be used
+ to accept connections. If this 'option' is not used, a default set of
+ ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
+ list for all ciphers started against the SSL_CTX. So the order is
+ SSL cipher_list, if not present, SSL_CTX cipher list, if not
+ present, then the library default.
+ What this means is that normally ciphers like
+ NULL-MD5 will never be used. The only way this cipher can be used
+ for both ends to specify to use it.
+ To enable or disable ciphers in the library at build time, modify the
+ first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
+ This file also contains the 'pref_cipher' list which is the default
+ cipher preference order.
+- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
+ options work. They should, and they enable loading and writing the
+ netscape rsa private key format. I will be re-working this section of
+ SSLeay for the next version. What is currently in place is a quick and
+ dirty hack.
+- I've re-written parts of the bignum library. This gives speedups
+ for all platforms. I now provide assembler for use under Windows NT.
+ I have not tested the Windows 3.1 assembler but it is quite simple code.
+ This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
+ and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
+ Basically the times available under linux/solaris x86 can be achieve under
+ Windows NT. I still don't know how these times compare to RSA's BSAFE
+ library but I have been emailing with people and with their help, I should
+ be able to get my library's quite a bit faster still (more algorithm changes).
+ The object file crypto/bn/asm/x86-32.obj should be used when linking
+ under NT.
+- 'make makefile.one' in the top directory will generate a single makefile
+ called 'makefile.one' This makefile contains no perl references and
+ will build the SSLeay library into the 'tmp' and 'out' directories.
+ util/mk1mf.pl >makefile.one is how this makefile is
+ generated. The mk1mf.pl command take several option to generate the
+ makefile for use with cc, gcc, Visual C++ and Borland C++. This is
+ still under development. I have only build .lib's for NT and MSDOS
+ I will be working on this more. I still need to play with the
+ correct compiler setups for these compilers and add some more stuff but
+ basically if you just want to compile the library
+ on a 'non-unix' platform, this is a very very good file to start with :-).
+ Have a look in the 'microsoft' directory for my current makefiles.
+ I have not yet modified things to link with sockets under Windows NT.
+ You guys should be able to do this since this is actually outside of the
+ SSLeay scope :-). I will be doing it for myself soon.
+ util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
+ to build without RC2/RC4, to require RSAref for linking, and to
+ build with no socket code.
+
+- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
+ that was posted to sci.crypt has been added to the library and SSL.
+ I take the view that if RC2 is going to be included in a standard,
+ I'll include the cipher to make my package complete.
+ There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
+ at compile time. I have not tested this recently but it should all work
+ and if you are in the USA and don't want RSA threatening to sue you,
+ you could probably remove the RC4/RC2 code inside these sections.
+ I may in the future include a perl script that does this code
+ removal automatically for those in the USA :-).
+- I have removed all references to sed in the makefiles. So basically,
+ the development environment requires perl and sh. The build environment
+ does not (use the makefile.one makefile).
+ The Configure script still requires perl, this will probably stay that way
+ since I have perl for Windows NT :-).
+
+eric (03-May-1996)
+
+PS Have a look in the VERSION file for more details on the changes and
+ bug fixes.
+I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
+things up. This version will be quite stable, mostly because I'm on
+holidays until 10-March-1996. For any problems in the interum, send email
+to Tim Hudson <tjh at mincom.oz.au>.
+
+SSLeay 0.5.0
+
+12-12-95
+This is going out before it should really be released.
+
+I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
+this for 11 weeks or get things out. It is still going to change a
+lot in the next week so if you do grab this version, please test and
+give me feed back ASAP, inculuding questions on how to do things with
+the library. This will prompt me to write documentation so I don't
+have to answer the same question again :-).
+
+This 'pre' release version is for people who are interested in the
+library. The applications will have to be changed to use
+the new version of the SSL interface. I intend to finish more
+documentation before I leave but until then, look at the programs in
+the apps directory. As far as code goes, it is much much nicer than
+the old version.
+
+The current library works, has no memory leaks (as far as I can tell)
+and is far more bug free that 0.4.5d. There are no global variable of
+consequence (I believe) and I will produce some documentation that
+tell where to look for those people that do want to do multi-threaded
+stuff.
+
+There should be more documentation. Have a look in the
+doc directory. I'll be adding more before I leave, it is a start
+by mostly documents the crypto library. Tim Hudson will update
+the web page ASAP. The spelling and grammar are crap but
+it is better than nothing :-)
+
+Reasons to start playing with version 0.5.0
+- All the programs in the apps directory build into one ssleay binary.
+- There is a new version of the 'req' program that generates certificate
+ requests, there is even documentation for this one :-)
+- There is a demo certification authorithy program. Currently it will
+ look at the simple database and update it. It will generate CRL from
+ the data base. You need to edit the database by hand to revoke a
+ certificate, it is my aim to use perl5/Tk but I don't have time to do
+ this right now. It will generate the certificates but the management
+ scripts still need to be written. This is not a hard task.
+- Things have been cleaned up alot.
+- Have a look at the enc and dgst programs in the apps directory.
+- It supports v3 of x509 certiticates.
+
+
+Major things missing.
+- I have been working on (and thinging about) the distributed x509
+ hierachy problem. I have not had time to put my solution in place.
+ It will have to wait until I come back.
+- I have not put in CRL checking in the certificate verification but
+ it would not be hard to do. I was waiting until I could generate my
+ own CRL (which has only been in the last week) and I don't have time
+ to put it in correctly.
+- Montgomery multiplication need to be implemented. I know the
+ algorithm, just ran out of time.
+- PKCS#7. I can load and write the DER version. I need to re-work
+ things to support BER (if that means nothing, read the ASN1 spec :-).
+- Testing of the higher level digital envelope routines. I have not
+ played with the *_seal() and *_open() type functions. They are
+ written but need testing. The *_sign() and *_verify() functions are
+ rock solid.
+- PEM. Doing this and PKCS#7 have been dependant on the distributed
+ x509 heirachy problem. I started implementing my ideas, got
+ distracted writing a CA program and then ran out of time. I provide
+ the functionality of RSAref at least.
+- Re work the asm. code for the x86. I've changed by low level bignum
+ interface again, so I really need to tweak the x86 stuff. gcc is
+ good enough for the other boxes.
+
Added: vendor-crypto/openssl/dist/Configure
===================================================================
--- vendor-crypto/openssl/dist/Configure (rev 0)
+++ vendor-crypto/openssl/dist/Configure 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2098 @@
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+##
+## Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+eval 'use strict;';
+
+print STDERR "Warning: perl module strict not found.\n" if ($@);
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+# Options:
+#
+# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+# --prefix option is given; /usr/local/ssl otherwise)
+# --prefix prefix for the OpenSSL include, lib and bin directories
+# (Default: the OPENSSLDIR directory)
+#
+# --install_prefix Additional prefix for package builders (empty by
+# default). This needn't be set in advance, you can
+# just as well use "make INSTALL_PREFIX=/whatever install".
+#
+# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+# to live in the subdirectory lib/ and the header files in
+# include/. A value is required.
+# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
+# required.
+# (Default: KRB5_DIR/lib)
+# --with-krb5-include Declare where the Kerberos 5 header files live. A
+# value is required.
+# (Default: KRB5_DIR/include)
+# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
+# supported values are "MIT" and "Heimdal". A value is required.
+#
+# --test-sanity Make a number of sanity checks on the data in this file.
+# This is a debugging tool for OpenSSL developers.
+#
+# no-hw-xxx do not compile support for specific crypto hardware.
+# Generic OpenSSL-style methods relating to this support
+# are always compiled but return NULL if the hardware
+# support isn't compiled.
+# no-hw do not compile support for any crypto hardware.
+# [no-]threads [don't] try to create a library that is suitable for
+# multithreaded applications (default is "threads" if we
+# know how to do it)
+# [no-]shared [don't] try to create shared libraries when supported.
+# no-asm do not use assembler
+# no-dso do not compile in any native shared-library methods. This
+# will ensure that all methods just return NULL.
+# no-krb5 do not compile in any KRB5 library or code.
+# [no-]zlib [don't] compile support for zlib compression.
+# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
+# library and will be loaded in run-time by the OpenSSL library.
+# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
+# from 0.9.9
+# 386 generate 80386 code
+# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+# provided to stack calls. Generates unique stack functions for
+# each possible stack type.
+# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
+# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
+# dependancies but needs to more registers, good for RISC CPU's
+# DES_RISC2 A different RISC variant.
+# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
+# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
+# This is used on the DEC Alpha where long is 8 bytes
+# and int is 4
+# BN_LLONG use the type 'long long' in crypto/bn/bn.h
+# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
+# array lookups instead of pointer use.
+# RC4_CHUNK enables code that handles data aligned at long (natural CPU
+# word) boundary.
+# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
+# (intended for 64-bit CPUs running 32-bit OS).
+# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
+# BF_PTR2 intel specific version (generic version is more efficient).
+#
+# Following are set automatically by this script
+#
+# MD5_ASM use some extra md5 assember,
+# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM use some extra ripemd160 assember,
+# SHA256_ASM sha256_block is implemented in assembler
+# SHA512_ASM sha512_block is implemented in assembler
+# AES_ASM ASE_[en|de]crypt is implemented in assembler
+
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these.
+
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+
+my $strict_warnings = 0;
+
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+
+# MD2_CHAR slags pentium pros
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
+
+# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
+# Don't worry about these normally
+
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
+#$bits1="SIXTEEN_BIT ";
+#$bits2="THIRTY_TWO_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
+
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
+
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
+
+my $no_asm="::::::::::";
+
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all,
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+
+my %table=(
+# File 'TABLE' (created by 'make TABLE') contains the data from this list,
+# formatted for better readability.
+
+
+#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
+
+# Our development configs
+"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"dist", "cc:-O::(unknown)::::::",
+
+# Basic configs that should work on any (32 and less bit) box
+"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
+"cc", "cc:-O::(unknown)::::::",
+
+####VOS Configurations
+"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
+# here because whenever GNU C instantiates an assembler template it
+# surrounds it with #APP #NO_APP comment pair which (at least Solaris
+# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+# error message.
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -shared -static-libgcc might appear controversial, but modules taken
+# from static libgcc do not have relocations and linking them into our
+# shared objects doesn't have any negative side-effects. On the contrary,
+# doing so makes it possible to use gcc shared build with Sun C. Given
+# that gcc generates faster code [thanks to inline assembler], I would
+# actually recommend to consider using gcc shared build even with vendor
+# compiler:-)
+# <appro at fy.chalmers.se>
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Solaris x86 with Sun C setups
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with Sun C setups
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+####
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SunOS configs, assuming sparc for the gcc one.
+#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-cc -o32' manually.
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+# that the only difference between +O3 and +O4 is global inter-
+# procedural analysis. As it has to be performed during the link
+# stage the compiler leaves behind certain pseudo-code in lib*.a
+# which might be release or even patch level specific. Generating
+# the machine code for and analyzing the *whole* program appears
+# to be *extremely* memory demanding while the performance gain is
+# actually questionable. The situation is intensified by the default
+# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+# which is way too low for +O4. In other words, doesn't +O3 make
+# more sense?
+# - Keep in mind that the HP compiler by default generates code
+# suitable for execution on the host you're currently compiling at.
+# If the toolkit is ment to be used on various PA-RISC processors
+# consider './config +DAportable'.
+# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
+# compatible with *future* releases.
+# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
+# pass -D_REENTRANT on HP-UX 10 and later.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+# 32-bit message digests. (For the moment of this writing) HP C
+# doesn't seem to "digest" too many local variables (they make "him"
+# chew forever:-). For more details look-up MD32_XARRAY comment in
+# crypto/sha/sha_lcl.h.
+# <appro at fy.chalmers.se>
+#
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler at cup.hp.com>
+# Kevin Steves <ks at hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# HP/UX IA-64 targets
+"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts at nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC builds...
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# Legacy HPUX 9.X configs...
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+# DEC Alpha OSF/1/Tru64 targets.
+#
+# "What's in a name? That which we call a rose
+# By any other word would smell as sweet."
+#
+# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+#
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+#
+"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IA-32 targets...
+"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+####
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### SPARC Linux setups
+# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### Alpha Linux with GNU C and Compaq C setups
+# Special notes:
+# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+# ought to run './Configure linux-alpha+bwx-gcc' manually, do
+# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+# which is appropriate.
+# - If you use ccc keep in mind that -fast implies -arch host and the
+# compiler is free to issue instructions which gonna make elder CPU
+# choke. If you wish to build "blended" toolkit, add -arch generic
+# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+#
+# <appro at fy.chalmers.se>
+#
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+
+# Android: Linux but without -DTERMIO and pointers to headers and libs.
+"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### *BSD [do see comment about ${BSDthreads} above!]
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+# simply *happens* to work around a compiler bug in gcc 3.3.3,
+# triggered by RIPEMD160 code.
+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# QNX
+"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers. Tim Rice <tim at multitalents.net> has
+# patiently assisted to debug most of it.
+#
+# UnixWare 2.0x fails destest with -O.
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# SCO 5 - Ben Laurie <ben at algroup.co.uk> says the -O breaks the SCO cc.
+"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### IBM's AIX.
+"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+# at build time. $OBJECT_MODE is respected at ./config stage!
+"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+#
+# Cray T90 and similar (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined. The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede at SDSC.EDU>)
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman at acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
+# another use. Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+
+# DGUX, 88100.
+"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
+# You need to compile using the c89.sh wrapper in the tools directory, because the
+# IBM compiler does not like the -L switch after any object modules.
+#
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
+"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+# Visual C targets
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+
+# Borland C++ 4.5
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+# MinGW
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
+
+# UWIN
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+
+# Cygwin
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+
+# NetWare from David Ward (dsward at novell.com)
+# requires either MetroWerks NLM development tools, or gcc / nlmconv
+# NetWare defaults socket bio to WinSock sockets. However,
+# the builds can be configured to use BSD sockets instead.
+# netware-clib => legacy CLib c-runtime support
+"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+# netware-libc => LibC/NKS support
+"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
+
+# Ultrix from Bernhard Simon <simon at zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
+
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
+
+##### VxWorks for various targets
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
+);
+
+my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+ VC-NT VC-CE VC-WIN32
+ BC-32 OS2-EMX
+ netware-clib netware-clib-bsdsock
+ netware-libc netware-libc-bsdsock);
+
+my $idx = 0;
+my $idx_cc = $idx++;
+my $idx_cflags = $idx++;
+my $idx_unistd = $idx++;
+my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
+my $idx_lflags = $idx++;
+my $idx_bn_ops = $idx++;
+my $idx_cpuid_obj = $idx++;
+my $idx_bn_obj = $idx++;
+my $idx_des_obj = $idx++;
+my $idx_aes_obj = $idx++;
+my $idx_bf_obj = $idx++;
+my $idx_md5_obj = $idx++;
+my $idx_sha1_obj = $idx++;
+my $idx_cast_obj = $idx++;
+my $idx_rc4_obj = $idx++;
+my $idx_rmd160_obj = $idx++;
+my $idx_rc5_obj = $idx++;
+my $idx_dso_scheme = $idx++;
+my $idx_shared_target = $idx++;
+my $idx_shared_cflag = $idx++;
+my $idx_shared_ldflag = $idx++;
+my $idx_shared_extension = $idx++;
+my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
+
+my $prefix="";
+my $libdir="";
+my $openssldir="";
+my $exe_ext="";
+my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+my $cross_compile_prefix="";
+my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
+my $nofipscanistercheck=0;
+my $fipsdso=0;
+my $fipscanisterinternal="n";
+my $baseaddr="0xFB00000";
+my $no_threads=0;
+my $threads=0;
+my $no_shared=0; # but "no-shared" is default
+my $zlib=1; # but "no-zlib" is default
+my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
+my $no_rfc3779=1; # but "no-rfc3779" is default
+my $montasm=1; # but "no-montasm" is default
+my $no_asm=0;
+my $no_dso=0;
+my $no_gmp=0;
+my @skip=();
+my $Makefile="Makefile";
+my $des_locl="crypto/des/des_locl.h";
+my $des ="crypto/des/des.h";
+my $bn ="crypto/bn/bn.h";
+my $md2 ="crypto/md2/md2.h";
+my $rc4 ="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea ="crypto/idea/idea.h";
+my $rc2 ="crypto/rc2/rc2.h";
+my $bf ="crypto/bf/bf_locl.h";
+my $bn_asm ="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $fips_des_enc="fips_des_enc.o";
+my $aes_enc="aes_core.o aes_cbc.o";
+my $bf_enc ="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o rc4_skey.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $processor="";
+my $default_ranlib;
+my $perl;
+my $fips=0;
+
+
+# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+
+my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
+ "camellia" => "default",
+ "capieng" => "default",
+ "cms" => "default",
+ "gmp" => "default",
+ "jpake" => "experimental",
+ "mdc2" => "default",
+ "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
+ "rc5" => "default",
+ "rfc3779" => "default",
+ "seed" => "default",
+ "shared" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default"
+ );
+my @experimental = ();
+
+# This is what $depflags will look like with the above defaults
+# (we need this to see if we should advise the user to run "make depend"):
+my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED";
+
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
+# We will collect such requests in @experimental.
+# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
+
+
+my $no_sse2=0;
+
+&usage if ($#ARGV < 0);
+
+my $flags;
+my $depflags;
+my $openssl_experimental_defines;
+my $openssl_algorithm_defines;
+my $openssl_thread_defines;
+my $openssl_sys_defines="";
+my $openssl_other_defines;
+my $libs;
+my $libkrb5="";
+my $target;
+my $options;
+my $symlink;
+my $make_depend=0;
+my %withargs=();
+
+my @argvcopy=@ARGV;
+my $argvstring="";
+my $argv_unprocessed=1;
+
+while($argv_unprocessed)
+ {
+ $flags="";
+ $depflags="";
+ $openssl_experimental_defines="";
+ $openssl_algorithm_defines="";
+ $openssl_thread_defines="";
+ $openssl_sys_defines="";
+ $openssl_other_defines="";
+ $libs="";
+ $target="";
+ $options="";
+ $symlink=1;
+
+ $argv_unprocessed=0;
+ $argvstring=join(' ', at argvcopy);
+
+PROCESS_ARGS:
+ foreach (@argvcopy)
+ {
+ s /^-no-/no-/; # some people just can't read the instructions
+
+ # rewrite some options in "enable-..." form
+ s /^-?-?shared$/enable-shared/;
+ s /^threads$/enable-threads/;
+ s /^zlib$/enable-zlib/;
+ s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+ if (/^no-(.+)$/ || /^disable-(.+)$/)
+ {
+ if (!($disabled{$1} eq "experimental"))
+ {
+ if ($1 eq "ssl")
+ {
+ $disabled{"ssl2"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
+ }
+ elsif ($1 eq "tls")
+ {
+ $disabled{"tls1"} = "option(tls)"
+ }
+ else
+ {
+ $disabled{$1} = "option";
+ }
+ }
+ }
+ elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+ {
+ my $algo = $1;
+ if ($disabled{$algo} eq "experimental")
+ {
+ die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
+ unless (/^experimental-/);
+ push @experimental, $algo;
+ }
+ delete $disabled{$algo};
+
+ $threads = 1 if ($algo eq "threads");
+ }
+ elsif (/^--test-sanity$/)
+ {
+ exit(&test_sanity());
+ }
+ elsif (/^--strict-warnings/)
+ {
+ $strict_warnings = 1;
+ }
+ elsif (/^reconfigure/ || /^reconf/)
+ {
+ if (open(IN,"<$Makefile"))
+ {
+ while (<IN>)
+ {
+ chomp;
+ if (/^CONFIGURE_ARGS=(.*)/)
+ {
+ $argvstring=$1;
+ @argvcopy=split(' ',$argvstring);
+ die "Incorrect data to reconfigure, please do a normal configuration\n"
+ if (grep(/^reconf/, at argvcopy));
+ print "Reconfiguring with: $argvstring\n";
+ $argv_unprocessed=1;
+ close(IN);
+ last PROCESS_ARGS;
+ }
+ }
+ close(IN);
+ }
+ die "Insufficient data to reconfigure, please do a normal configuration\n";
+ }
+ elsif (/^386$/)
+ { $processor=386; }
+ elsif (/^fips$/)
+ {
+ $fips=1;
+ }
+ elsif (/^rsaref$/)
+ {
+ # No RSAref support any more since it's not needed.
+ # The check for the option is there so scripts aren't
+ # broken
+ }
+ elsif (/^nofipscanistercheck$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ }
+ elsif (/^fipscanisterbuild$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ }
+ elsif (/^fipsdso$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ $fipsdso = 1;
+ }
+ elsif (/^[-+]/)
+ {
+ if (/^-[lL](.*)$/)
+ {
+ $libs.=$_." ";
+ }
+ elsif (/^-[^-]/ or /^\+/)
+ {
+ $flags.=$_." ";
+ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+ }
+ elsif (/^--libdir=(.*)$/)
+ {
+ $libdir=$1;
+ }
+ elsif (/^--openssldir=(.*)$/)
+ {
+ $openssldir=$1;
+ }
+ elsif (/^--install.prefix=(.*)$/)
+ {
+ $install_prefix=$1;
+ }
+ elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+ {
+ $withargs{"krb5-".$1}=$2;
+ }
+ elsif (/^--with-zlib-lib=(.*)$/)
+ {
+ $withargs{"zlib-lib"}=$1;
+ }
+ elsif (/^--with-zlib-include=(.*)$/)
+ {
+ $withargs{"zlib-include"}="-I$1";
+ }
+ elsif (/^--with-fipslibdir=(.*)$/)
+ {
+ $fipslibdir="$1/";
+ }
+ elsif (/^--with-baseaddr=(.*)$/)
+ {
+ $baseaddr="$1";
+ }
+ else
+ {
+ print STDERR $usage;
+ exit(1);
+ }
+ }
+ elsif ($_ =~ /^([^:]+):(.+)$/)
+ {
+ eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+ $target=$1;
+ }
+ else
+ {
+ die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+ $target=$_;
+ }
+
+ unless ($_ eq $target || /^no-/ || /^disable-/)
+ {
+ # "no-..." follows later after implied disactivations
+ # have been derived. (Don't take this too seroiusly,
+ # we really only write OPTIONS to the Makefile out of
+ # nostalgia.)
+
+ if ($options eq "")
+ { $options = $_; }
+ else
+ { $options .= " ".$_; }
+ }
+ }
+ }
+
+
+
+if ($processor eq "386")
+ {
+ $disabled{"sse2"} = "forced";
+ }
+
+if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
+ {
+ $disabled{"krb5"} = "krb5-flavor not specified";
+ }
+
+if (!defined($disabled{"zlib-dynamic"}))
+ {
+ # "zlib-dynamic" was specifically enabled, so enable "zlib"
+ delete $disabled{"zlib"};
+ }
+
+if (defined($disabled{"rijndael"}))
+ {
+ $disabled{"aes"} = "forced";
+ }
+if (defined($disabled{"des"}))
+ {
+ $disabled{"mdc2"} = "forced";
+ }
+if (defined($disabled{"ec"}))
+ {
+ $disabled{"ecdsa"} = "forced";
+ $disabled{"ecdh"} = "forced";
+ }
+
+# SSL 2.0 requires MD5 and RSA
+if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
+ {
+ $disabled{"ssl2"} = "forced";
+ }
+
+# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+ || (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+ {
+ $disabled{"ssl3"} = "forced";
+ $disabled{"tls1"} = "forced";
+ }
+
+if (defined($disabled{"tls1"}))
+ {
+ $disabled{"tlsext"} = "forced";
+ }
+
+if ($target eq "TABLE") {
+ foreach $target (sort keys %table) {
+ print_table_entry($target);
+ }
+ exit 0;
+}
+
+if ($target eq "LIST") {
+ foreach (sort keys %table) {
+ print;
+ print "\n";
+ }
+ exit 0;
+}
+
+if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+}
+
+print "Configuring for $target\n";
+
+&usage if (!defined($table{$target}));
+
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+# Allow environment CC to override compiler...
+if($ENV{CC}) {
+ $cc = $ENV{CC};
+}
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+my $ar = $ENV{'AR'} || "ar";
+my $arflags = $fields[$idx_arflags];
+
+if ($fips)
+ {
+ delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
+ $disabled{"asm"}="forced"
+ if ($target !~ "VC\-.*" &&
+ "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
+ }
+
+foreach (sort @experimental)
+ {
+ my $ALGO;
+ ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
+
+ # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+ $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+ $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+ }
+
+foreach (sort (keys %disabled))
+ {
+ $options .= " no-$_";
+
+ printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
+
+ if (/^dso$/)
+ { $no_dso = 1; }
+ elsif (/^threads$/)
+ { $no_threads = 1; }
+ elsif (/^shared$/)
+ { $no_shared = 1; }
+ elsif (/^zlib$/)
+ { $zlib = 0; }
+ elsif (/^montasm$/)
+ { $montasm = 0; }
+ elsif (/^static-engine$/)
+ { }
+ elsif (/^zlib-dynamic$/)
+ { }
+ elsif (/^symlinks$/)
+ { $symlink = 0; }
+ elsif (/^sse2$/)
+ { $no_sse2 = 1; }
+ else
+ {
+ my ($ALGO, $algo);
+ ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+
+ if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
+ {
+ $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
+ elsif (/^asm$/) { $no_asm = 1; }
+ }
+ else
+ {
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^krb5$/)
+ { $no_krb5 = 1; }
+ else
+ {
+ push @skip, $algo;
+ print " (skip dir)";
+
+ $depflags .= " -DOPENSSL_NO_$ALGO";
+ }
+ }
+ }
+
+ print "\n";
+ }
+
+my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
+
+$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
+
+$no_shared = 0 if ($fipsdso && !$IsMK1MF);
+
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".nlm" if ($target =~ /netware/);
+$exe_ext=".pm" if ($target =~ /vos/);
+if ($openssldir eq "" and $prefix eq "")
+ {
+ if ($fips)
+ {
+ $openssldir="/usr/local/ssl/fips";
+ }
+ else
+ {
+ $openssldir="/usr/local/ssl";
+ }
+ }
+$prefix=$openssldir if $prefix eq "";
+
+$libdir="lib" if $libdir eq "";
+
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+ or $perl="perl";
+my $make = $ENV{'MAKE'} || "make";
+
+$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /.\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+
+
+print "IsMK1MF=$IsMK1MF\n";
+
+# '%' in $lflags is used to split flags to "pre-" and post-flags
+my ($prelflags,$postlflags)=split('%',$lflags);
+if (defined($postlflags)) { $lflags=$postlflags; }
+else { $lflags=$prelflags; undef $prelflags; }
+
+my $no_shared_warn=0;
+my $no_user_cflags=0;
+
+if ($flags ne "") { $cflags="$flags$cflags"; }
+else { $no_user_cflags=1; }
+
+# Kerberos settings. The flavor must be provided from outside, either through
+# the script "config" or manually.
+if (!$no_krb5)
+ {
+ my ($lresolv, $lpath, $lext);
+ if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+ {
+ die "Sorry, Heimdal is currently not supported\n";
+ }
+ ##### HACK to force use of Heimdal.
+ ##### WARNING: Since we don't really have adequate support for Heimdal,
+ ##### using this will break the build. You'll have to make
+ ##### changes to the source, and if you do, please send
+ ##### patches to openssl-dev at openssl.org
+ if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+ {
+ warn "Heimdal isn't really supported. Your build WILL break\n";
+ warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+ $withargs{"krb5-dir"} = "/usr/heimdal"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi -lkrb5 -lcom_err"
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+ $cflags="-DKRB5_HEIMDAL $cflags";
+ }
+ if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+ {
+ $withargs{"krb5-dir"} = "/usr/kerberos"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+ $cflags="-DKRB5_MIT $cflags";
+ $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+ if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+ {
+ $cflags="-DKRB5_MIT_OLD11 $cflags";
+ }
+ }
+ LRESOLV:
+ foreach $lpath ("/lib", "/usr/lib")
+ {
+ foreach $lext ("a", "so")
+ {
+ $lresolv = "$lpath/libresolv.$lext";
+ last LRESOLV if (-r "$lresolv");
+ $lresolv = "";
+ }
+ }
+ $withargs{"krb5-lib"} .= " -lresolv"
+ if ("$lresolv" ne "");
+ $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+ if $withargs{"krb5-include"} eq "" &&
+ $withargs{"krb5-dir"} ne "";
+ }
+
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+my $dso_cflags;
+if (!$no_dso && $dso_scheme ne "")
+ {
+ $dso_scheme =~ tr/[a-z]/[A-Z]/;
+ if ($dso_scheme eq "DLFCN")
+ {
+ $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+ }
+ elsif ($dso_scheme eq "DLFCN_NO_H")
+ {
+ $dso_cflags = "-DDSO_DLFCN";
+ }
+ else
+ {
+ $dso_cflags = "-DDSO_$dso_scheme";
+ }
+ $cflags = "$dso_cflags $cflags";
+ }
+
+my $thread_cflags;
+my $thread_defines;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+ {
+ # If we know how to do it, support threads by default.
+ $threads = 1;
+ }
+if ($thread_cflag eq "(unknown)" && $threads)
+ {
+ # If the user asked for "threads", [s]he is also expected to
+ # provide any system-dependent compiler options that are
+ # necessary.
+ if ($no_user_cflags)
+ {
+ print "You asked for multi-threading support, but didn't\n";
+ print "provide any system-specific compiler options\n";
+ exit(1);
+ }
+ $thread_cflags="-DOPENSSL_THREADS $cflags" ;
+ $thread_defines .= "#define OPENSSL_THREADS\n";
+ }
+else
+ {
+ $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+ $thread_defines .= "#define OPENSSL_THREADS\n";
+# my $def;
+# foreach $def (split ' ',$thread_cflag)
+# {
+# if ($def =~ s/^-D// && $def !~ /^_/)
+# {
+# $thread_defines .= "#define $def\n";
+# }
+# }
+ }
+
+$lflags="$libs$lflags" if ($libs ne "");
+
+if ($no_asm)
+ {
+ $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+ $sha1_obj=$md5_obj=$rmd160_obj="";
+ $cflags=~s/\-D[BL]_ENDIAN// if ($fips);
+ $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips);
+ }
+if ($montasm)
+ {
+ $bn_obj =~ s/MAYBE-MO86-/mo86-/;
+ }
+else
+ {
+ $bn_obj =~ s/MAYBE-MO86-[a-z.]*//;
+ }
+
+if (!$no_shared)
+ {
+ $cast_obj=""; # CAST assembler is not PIC
+ }
+
+if ($threads)
+ {
+ $cflags=$thread_cflags;
+ $openssl_thread_defines .= $thread_defines;
+ }
+
+if ($zlib)
+ {
+ $cflags = "-DZLIB $cflags";
+ if (defined($disabled{"zlib-dynamic"}))
+ {
+ $lflags = "$lflags -lz";
+ }
+ else
+ {
+ $cflags = "-DZLIB_SHARED $cflags";
+ }
+ }
+
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark = "";
+if ($shared_target eq "")
+ {
+ $no_shared_warn = 1 if !$no_shared && !$fips;
+ $no_shared = 1;
+ }
+if (!$no_shared)
+ {
+ if ($shared_cflag ne "")
+ {
+ $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+ }
+ }
+
+if (!$IsMK1MF)
+ {
+ if ($no_shared)
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+ }
+ else
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+ }
+ }
+
+$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+
+#
+# Platform fix-ups
+#
+if ($target =~ /\-icc$/) # Intel C compiler
+ {
+ my $iccver=0;
+ if (open(FD,"$cc -V 2>&1 |"))
+ {
+ while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
+ close(FD);
+ }
+ if ($iccver>=8)
+ {
+ # Eliminate unnecessary dependency from libirc.a. This is
+ # essential for shared library support, as otherwise
+ # apps/openssl can end up in endless loop upon startup...
+ $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
+ }
+ if ($iccver>=9)
+ {
+ $cflags.=" -i-static";
+ $cflags=~s/\-no_cpprt/-no-cpprt/;
+ }
+ if ($iccver>=10)
+ {
+ $cflags=~s/\-i\-static/-static-intel/;
+ }
+ }
+
+# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
+# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
+# .so objects. Apparently application RPATH is not global and does
+# not apply to .so linked with other .so. Problem manifests itself
+# when libssl.so fails to load libcrypto.so. One can argue that we
+# should engrave this into Makefile.shared rules or into BSD-* config
+# lines above. Meanwhile let's try to be cautious and pass -rpath to
+# linker only when --prefix is not /usr.
+if ($target =~ /^BSD\-/)
+ {
+ $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ }
+
+if ($sys_id ne "")
+ {
+ #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+ $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
+ }
+
+if ($ranlib eq "")
+ {
+ $ranlib = $default_ranlib;
+ }
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$cpuid_obj="" if ($processor eq "386");
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+# bn86* is the only one implementing bn_*_part_words
+$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
+
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
+
+if ($fips)
+ {
+ $openssl_other_defines.="#define OPENSSL_FIPS\n";
+ }
+
+$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+ {
+# $sha1_obj=$sha1_enc;
+ $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
+ $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
+ $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
+ if ($sha1_obj =~ /sse2/)
+ { if ($no_sse2)
+ { $sha1_obj =~ s/\S*sse2\S+//; }
+ elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
+ { $cflags.=" -DOPENSSL_IA32_SSE2"; }
+ }
+ }
+if ($md5_obj =~ /\.o$/)
+ {
+# $md5_obj=$md5_enc;
+ $cflags.=" -DMD5_ASM";
+ }
+if ($rmd160_obj =~ /\.o$/)
+ {
+# $rmd160_obj=$rmd160_enc;
+ $cflags.=" -DRMD160_ASM";
+ }
+if ($aes_obj =~ /\.o$/)
+ {
+ $cflags.=" -DAES_ASM";
+ }
+else {
+ $aes_obj=$aes_enc;
+ }
+
+# "Stringify" the C flags string. This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
+my $version = "unknown";
+my $version_num = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+ {
+ $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+ $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+ $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
+ }
+close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $major=$1;
+ $minor=$2;
+ }
+
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $shlib_major=$1;
+ $shlib_minor=$2;
+ }
+
+if ($strict_warnings)
+ {
+ my $wopt;
+ die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+ foreach $wopt (split /\s+/, $gcc_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ }
+ }
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+my $sdirs=0;
+while (<IN>)
+ {
+ chomp;
+ $sdirs = 1 if /^SDIRS=/;
+ if ($sdirs) {
+ my $dir;
+ foreach $dir (@skip) {
+ s/(\s)$dir\s/$1/;
+ s/\s$dir$//;
+ }
+ }
+ $sdirs = 0 unless /\\$/;
+ s/fips // if (/^DIRS=/ && !$fips);
+ s/engines // if (/^DIRS=/ && $disabled{"engine"});
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+ s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
+ s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
+ s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+ s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ s/^LIBDIR=.*$/LIBDIR=$libdir/;
+ s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+ s/^PLATFORM=.*$/PLATFORM=$target/;
+ s/^OPTIONS=.*$/OPTIONS=$options/;
+ s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
+ if ($cross_compile_prefix)
+ {
+ s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
+ s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+ s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+ }
+ else {
+ s/^CC=.*$/CC= $cc/;
+ s/^AR=\s*ar/AR= $ar/;
+ s/^RANLIB=.*/RANLIB= $ranlib/;
+ }
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ s/^CFLAG=.*$/CFLAG= $cflags/;
+ s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
+ s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
+ s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+ s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
+ s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
+ s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+ s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+ s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
+ s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+ s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+ s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+ s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+ s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+ s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+ s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+ s/^PROCESSOR=.*/PROCESSOR= $processor/;
+ s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+ s/^PERL=.*/PERL= $perl/;
+ s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
+ s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+ s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
+ s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
+ s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+ if ($fipsdso)
+ {
+ s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/;
+ s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/;
+ s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/;
+ }
+ else
+ {
+ s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
+ s/^SHARED_FIPS=.*/SHARED_FIPS=/;
+ s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
+ }
+ s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
+ s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+ s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+ s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+ s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+ if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
+ {
+ my $sotmp = $1;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+ {
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ {
+ my $sotmp = $1;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ {
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+ }
+ s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+ print OUT $_."\n";
+ }
+close(IN);
+close(OUT);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+
+print "CC =$cc\n";
+print "CFLAG =$cflags\n";
+print "EX_LIBS =$lflags\n";
+print "CPUID_OBJ =$cpuid_obj\n";
+print "BN_ASM =$bn_obj\n";
+print "DES_ENC =$des_obj\n";
+print "AES_ASM_OBJ =$aes_obj\n";
+print "BF_ENC =$bf_obj\n";
+print "CAST_ENC =$cast_obj\n";
+print "RC4_ENC =$rc4_obj\n";
+print "RC5_ENC =$rc5_obj\n";
+print "MD5_OBJ_ASM =$md5_obj\n";
+print "SHA1_OBJ_ASM =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "PROCESSOR =$processor\n";
+print "RANLIB =$ranlib\n";
+print "ARFLAGS =$arflags\n";
+print "PERL =$perl\n";
+print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
+ if $withargs{"krb5-include"} ne "";
+
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $rc4_chunk=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $export_var_as_fn=0;
+
+my $des_int;
+
+foreach (sort split(/\s+/,$bn_ops))
+ {
+ $des_ptr=1 if /DES_PTR/;
+ $des_risc1=1 if /DES_RISC1/;
+ $des_risc2=1 if /DES_RISC2/;
+ $des_unroll=1 if /DES_UNROLL/;
+ $des_int=1 if /DES_INT/;
+ $bn_ll=1 if /BN_LLONG/;
+ $rc4_int=0 if /RC4_CHAR/;
+ $rc4_int=3 if /RC4_LONG/;
+ $rc4_idx=1 if /RC4_INDEX/;
+ $rc4_chunk=1 if /RC4_CHUNK/;
+ $rc4_chunk=2 if /RC4_CHUNK_LL/;
+ $md2_int=0 if /MD2_CHAR/;
+ $md2_int=3 if /MD2_LONG/;
+ $idea_int=1 if /IDEA_SHORT/;
+ $idea_int=3 if /IDEA_LONG/;
+ $rc2_int=1 if /RC2_SHORT/;
+ $rc2_int=3 if /RC2_LONG/;
+ $bf_ptr=1 if $_ eq "BF_PTR";
+ $bf_ptr=2 if $_ eq "BF_PTR2";
+ ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+ $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
+ }
+
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
+print OUT "/* opensslconf.h */\n";
+print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+
+print OUT "/* OpenSSL was configured with the following options: */\n";
+my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
+$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+print OUT $openssl_sys_defines;
+print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_experimental_defines;
+print OUT "\n";
+print OUT $openssl_algorithm_defines;
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
+print OUT $openssl_thread_defines;
+print OUT $openssl_other_defines,"\n";
+
+print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
+print OUT " asks for it. This is a transient feature that is provided for those\n";
+print OUT " who haven't had the time to do the appropriate changes in their\n";
+print OUT " applications. */\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
+print OUT $openssl_algorithm_defines_trans;
+print OUT "#endif\n\n";
+
+print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj);
+
+while (<IN>)
+ {
+ if (/^#define\s+OPENSSLDIR/)
+ {
+ my $foo = $openssldir;
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define OPENSSLDIR \"$foo\"\n";
+ }
+ elsif (/^#define\s+ENGINESDIR/)
+ {
+ # $foo is to become "$prefix/lib$multilib/engines";
+ # as Makefile.org and engines/Makefile are adapted for
+ # $multilib suffix.
+ my $foo = "$prefix/lib/engines";
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define ENGINESDIR \"$foo\"\n";
+ }
+ elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+ { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+ if $export_var_as_fn;
+ printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
+ ($export_var_as_fn)?"define":"undef"; }
+ elsif (/^#define\s+OPENSSL_UNISTD/)
+ {
+ $unistd = "<unistd.h>" if $unistd eq "";
+ print OUT "#define OPENSSL_UNISTD $unistd\n";
+ }
+ elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+ { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
+ { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
+ { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
+ { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
+ { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
+ { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
+ elsif (/^\#define\s+DES_LONG\s+.*/)
+ { printf OUT "#define DES_LONG unsigned %s\n",
+ ($des_int)?'int':'long'; }
+ elsif (/^\#(define|undef)\s+DES_PTR/)
+ { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_RISC1/)
+ { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_RISC2/)
+ { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_UNROLL/)
+ { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
+ elsif (/^#define\s+RC4_INT\s/)
+ { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
+ elsif (/^#undef\s+RC4_CHUNK/)
+ {
+ printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
+ printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
+ printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
+ }
+ elsif (/^#((define)|(undef))\s+RC4_INDEX/)
+ { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
+ elsif (/^#(define|undef)\s+I386_ONLY/)
+ { printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
+ "define":"undef"; }
+ elsif (/^#define\s+MD2_INT\s/)
+ { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
+ elsif (/^#define\s+IDEA_INT\s/)
+ {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
+ elsif (/^#define\s+RC2_INT\s/)
+ {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
+ elsif (/^#(define|undef)\s+BF_PTR/)
+ {
+ printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
+ printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
+ printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
+ }
+ else
+ { print OUT $_; }
+ }
+close(IN);
+close(OUT);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+
+
+# Fix the date
+
+print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
+print "SIXTY_FOUR_BIT mode\n" if $b64;
+print "THIRTY_TWO_BIT mode\n" if $b32;
+print "SIXTEEN_BIT mode\n" if $b16;
+print "EIGHT_BIT mode\n" if $b8;
+print "DES_PTR used\n" if $des_ptr;
+print "DES_RISC1 used\n" if $des_risc1;
+print "DES_RISC2 used\n" if $des_risc2;
+print "DES_UNROLL used\n" if $des_unroll;
+print "DES_INT used\n" if $des_int;
+print "BN_LLONG mode\n" if $bn_ll;
+print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
+print "RC4_INDEX mode\n" if $rc4_idx;
+print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
+print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
+print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
+print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
+print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
+print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
+print "BF_PTR used\n" if $bf_ptr == 1;
+print "BF_PTR2 used\n" if $bf_ptr == 2;
+
+if($IsMK1MF) {
+ open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+ printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+ /* auto-generated by Configure for crypto/cversion.c:
+ * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+ * Windows builds (and other mk1mf builds) compile cversion.c with
+ * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+ #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
+ close(OUT);
+} else {
+ my $make_command = "$make PERL=\'$perl\'";
+ my $make_targets = "";
+ $make_targets .= " links" if $symlink;
+ $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
+ $make_targets .= " gentests" if $symlink;
+ (system $make_command.$make_targets) == 0 or exit $?
+ if $make_targets ne "";
+ if ( $perl =~ m@^/@) {
+ &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
+ } else {
+ # No path for Perl known ...
+ &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+ }
+ if ($depflags ne $default_depflags && !$make_depend) {
+ print <<EOF;
+
+Since you've disabled or enabled at least one algorithm, you need to do
+the following before building:
+
+ make depend
+EOF
+ }
+}
+
+# create the ms/version32.rc file if needed
+if ($IsMK1MF && ($target !~ /^netware/)) {
+ my ($v1, $v2, $v3, $v4);
+ if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+ $v1=hex $1;
+ $v2=hex $2;
+ $v3=hex $3;
+ $v4=hex $4;
+ }
+ open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
+ print OUT <<EOF;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+ FILEVERSION $v1,$v2,$v3,$v4
+ PRODUCTVERSION $v1,$v2,$v3,$v4
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x01L
+#else
+ FILEFLAGS 0x00L
+#endif
+ FILEOS VOS__WINDOWS32
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+#if defined(FIPS)
+ VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
+#endif
+ // Required:
+ VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+#if defined(FIPS)
+ VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
+#else
+ VALUE "FileDescription", "OpenSSL Shared Library\\0"
+#endif
+ VALUE "FileVersion", "$version\\0"
+#if defined(CRYPTO)
+ VALUE "InternalName", "libeay32\\0"
+ VALUE "OriginalFilename", "libeay32.dll\\0"
+#elif defined(SSL)
+ VALUE "InternalName", "ssleay32\\0"
+ VALUE "OriginalFilename", "ssleay32.dll\\0"
+#elif defined(FIPS)
+ VALUE "InternalName", "libosslfips\\0"
+ VALUE "OriginalFilename", "libosslfips.dll\\0"
+#endif
+ VALUE "ProductName", "The OpenSSL Toolkit\\0"
+ VALUE "ProductVersion", "$version\\0"
+ // Optional:
+ //VALUE "Comments", "\\0"
+ VALUE "LegalCopyright", "Copyright \xA9 1998-2007 The OpenSSL Project. Copyright \xA9 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ //VALUE "LegalTrademarks", "\\0"
+ //VALUE "PrivateBuild", "\\0"
+ //VALUE "SpecialBuild", "\\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 0x4b0
+ END
+END
+EOF
+ close(OUT);
+ }
+
+print <<EOF;
+
+Configured for $target.
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+EOF
+
+print <<\EOF if ($no_shared_warn);
+
+You gave the option 'shared'. Normally, that would give you shared libraries.
+Unfortunately, the OpenSSL configuration doesn't include shared library support
+for this platform yet, so it will pretend you gave the option 'no-shared'. If
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+libraries on this platform, they will at least look at it and try their best
+(but please first make sure you have tried with a current version of OpenSSL).
+EOF
+
+print <<\EOF if ($fipscanisterinternal eq "y");
+
+WARNING: OpenSSL has been configured using unsupported option(s) to internally
+generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
+compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
+OpenSSL FIPS Object Module as identified by the CMVP
+(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
+140-2 validated software.
+
+This is an OpenSSL 0.9.8 test version.
+
+See the file README.FIPS for details of how to build a test library.
+
+EOF
+
+exit(0);
+
+sub usage
+ {
+ print STDERR $usage;
+ print STDERR "\npick os/compiler from:\n";
+ my $j=0;
+ my $i;
+ my $k=0;
+ foreach $i (sort keys %table)
+ {
+ next if $i =~ /^debug/;
+ $k += length($i) + 1;
+ if ($k > 78)
+ {
+ print STDERR "\n";
+ $k=length($i);
+ }
+ print STDERR $i . " ";
+ }
+ foreach $i (sort keys %table)
+ {
+ next if $i !~ /^debug/;
+ $k += length($i) + 1;
+ if ($k > 78)
+ {
+ print STDERR "\n";
+ $k=length($i);
+ }
+ print STDERR $i . " ";
+ }
+ print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
+ exit(1);
+ }
+
+sub which
+ {
+ my($name)=@_;
+ my $path;
+ foreach $path (split /:/, $ENV{PATH})
+ {
+ if (-f "$path/$name$exe_ext" and -x _)
+ {
+ return "$path/$name$exe_ext" unless ($name eq "perl" and
+ system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
+ }
+ }
+ }
+
+sub dofile
+ {
+ my $f; my $p; my %m; my @a; my $k; my $ff;
+ ($f,$p,%m)=@_;
+
+ open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+ @a=<IN>;
+ close(IN);
+ foreach $k (keys %m)
+ {
+ grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)), at a);
+ }
+ open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
+ print OUT @a;
+ close(OUT);
+ rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+ rename("$f.new",$f) || die "unable to rename $f.new\n";
+ }
+
+sub print_table_entry
+ {
+ my $target = shift;
+
+ (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
+ my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
+ my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+ my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+ my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
+ split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+
+ print <<EOF
+
+*** $target
+\$cc = $cc
+\$cflags = $cflags
+\$unistd = $unistd
+\$thread_cflag = $thread_cflag
+\$sys_id = $sys_id
+\$lflags = $lflags
+\$bn_ops = $bn_ops
+\$cpuid_obj = $cpuid_obj
+\$bn_obj = $bn_obj
+\$des_obj = $des_obj
+\$aes_obj = $aes_obj
+\$bf_obj = $bf_obj
+\$md5_obj = $md5_obj
+\$sha1_obj = $sha1_obj
+\$cast_obj = $cast_obj
+\$rc4_obj = $rc4_obj
+\$rmd160_obj = $rmd160_obj
+\$rc5_obj = $rc5_obj
+\$dso_scheme = $dso_scheme
+\$shared_target= $shared_target
+\$shared_cflag = $shared_cflag
+\$shared_ldflag = $shared_ldflag
+\$shared_extension = $shared_extension
+\$ranlib = $ranlib
+\$arflags = $arflags
+EOF
+ }
+
+sub test_sanity
+ {
+ my $errorcnt = 0;
+
+ print STDERR "=" x 70, "\n";
+ print STDERR "=== SANITY TESTING!\n";
+ print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
+ print STDERR "=" x 70, "\n";
+
+ foreach $target (sort keys %table)
+ {
+ @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+
+ if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
+ {
+ $errorcnt++;
+ print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+ print STDERR " in the previous field\n";
+ }
+ elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
+ {
+ $errorcnt++;
+ print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+ print STDERR " in the following field\n";
+ }
+ elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
+ {
+ $errorcnt++;
+ print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
+ print STDERR " valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
+ }
+ }
+ print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
+ return $errorcnt;
+ }
+
+# Attempt to detect MSYS environment
+
+sub is_msys
+ {
+ return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys");
+ return 0;
+ }
Added: vendor-crypto/openssl/dist/FAQ
===================================================================
--- vendor-crypto/openssl/dist/FAQ (rev 0)
+++ vendor-crypto/openssl/dist/FAQ 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1039 @@
+OpenSSL - Frequently Asked Questions
+--------------------------------------
+
+[MISC] Miscellaneous questions
+
+* Which is the current version of OpenSSL?
+* Where is the documentation?
+* How can I contact the OpenSSL developers?
+* Where can I get a compiled version of OpenSSL?
+* Why aren't tools like 'autoconf' and 'libtool' used?
+* What is an 'engine' version?
+* How do I check the authenticity of the OpenSSL distribution?
+* How does the versioning scheme work?
+
+[LEGAL] Legal questions
+
+* Do I need patent licenses to use OpenSSL?
+* Can I use OpenSSL with GPL software?
+
+[USER] Questions on using the OpenSSL applications
+
+* Why do I get a "PRNG not seeded" error message?
+* Why do I get an "unable to write 'random state'" error message?
+* How do I create certificates or certificate requests?
+* Why can't I create certificate requests?
+* Why does <SSL program> fail with a certificate verify error?
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+* How can I create DSA certificates?
+* Why can't I make an SSL connection using a DSA certificate?
+* How can I remove the passphrase on a private key?
+* Why can't I use OpenSSL certificates with SSL client authentication?
+* Why does my browser give a warning about a mismatched hostname?
+* How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
+* Why does OpenSSL set the authority key identifier extension incorrectly?
+* How can I set up a bundle of commercial root CA certificates?
+
+[BUILD] Questions about building and testing OpenSSL
+
+* Why does the linker complain about undefined symbols?
+* Why does the OpenSSL test fail with "bc: command not found"?
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+* What is special about OpenSSL on Redhat?
+* Why does the OpenSSL compilation fail on MacOS X?
+* Why does the OpenSSL test suite fail on MacOS X?
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+* Why does compiler fail to compile sha512.c?
+* Test suite still fails, what to do?
+* I think I've found a bug, what should I do?
+* I'm SURE I've found a bug, how do I report it?
+* I've found a security issue, how do I report it?
+
+[PROG] Questions about programming with OpenSSL
+
+* Is OpenSSL thread-safe?
+* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* Why can't the OpenSSH configure script detect OpenSSL?
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+* I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of uninitialized data?
+* Why doesn't a memory BIO work when a file does?
+* Where are the declarations and implementations of d2i_X509() etc?
+
+===============================================================================
+
+[MISC] ========================================================================
+
+* Which is the current version of OpenSSL?
+
+The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 1.0.1d was released on Feb 5th, 2013.
+
+In addition to the current stable release, you can also access daily
+snapshots of the OpenSSL development version at <URL:
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
+
+
+* Where is the documentation?
+
+OpenSSL is a library that provides cryptographic functionality to
+applications such as secure web servers. Be sure to read the
+documentation of the application you want to use. The INSTALL file
+explains how to install this library.
+
+OpenSSL includes a command line utility that can be used to perform a
+variety of cryptographic functions. It is described in the openssl(1)
+manpage. Documentation for developers is currently being written. Many
+manual pages are available; overviews over libcrypto and
+libssl are given in the crypto(3) and ssl(3) manpages.
+
+The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
+different directory if you specified one as described in INSTALL).
+In addition, you can read the most current versions at
+<URL: http://www.openssl.org/docs/>. Note that the online documents refer
+to the very latest development versions of OpenSSL and may include features
+not present in released versions. If in doubt refer to the documentation
+that came with the version of OpenSSL you are using. The pod format
+documentation is included in each OpenSSL distribution under the docs
+directory.
+
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
+The original SSLeay documentation is included in OpenSSL as
+doc/ssleay.txt. It may be useful when none of the other resources
+help, but please note that it reflects the obsolete version SSLeay
+0.6.6.
+
+
+* How can I contact the OpenSSL developers?
+
+The README file describes how to submit bug reports and patches to
+OpenSSL. Information on the OpenSSL mailing lists is available from
+<URL: http://www.openssl.org>.
+
+
+* Where can I get a compiled version of OpenSSL?
+
+You can finder pointers to binary distributions in
+<URL: http://www.openssl.org/related/binaries.html> .
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to build OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
+
+
+* Why aren't tools like 'autoconf' and 'libtool' used?
+
+autoconf will probably be used in future OpenSSL versions. If it was
+less Unix-centric, it might have been used much earlier.
+
+* What is an 'engine' version?
+
+With version 0.9.6 OpenSSL was extended to interface to external crypto
+hardware. This was realized in a special release '0.9.6-engine'. With
+version 0.9.7 the changes were merged into the main development line,
+so that the special release is no longer necessary.
+
+* How do I check the authenticity of the OpenSSL distribution?
+
+We provide MD5 digests and ASC signatures of each tarball.
+Use MD5 to check that a tarball from a mirror site is identical:
+
+ md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+You can check authenticity using pgp or gpg. You need the OpenSSL team
+member public key used to sign it (download it from a key server, see a
+list of keys at <URL: http://www.openssl.org/about/>). Then
+just do:
+
+ pgp TARBALL.asc
+
+* How does the versioning scheme work?
+
+After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
+releases (e.g. 1.0.1a) can only contain bug and security fixes and no
+new features. Minor releases change the last number (e.g. 1.0.2) and
+can contain new features that retain binary compatibility. Changes to
+the middle number are considered major releases and neither source nor
+binary compatibility is guaranteed.
+
+Therefore the answer to the common question "when will feature X be
+backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
+in the next minor release.
+
+[LEGAL] =======================================================================
+
+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL. For information on intellectual
+property rights, please consult a lawyer. The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
+ ./config no-idea no-mdc2 no-rc5
+
+
+* Can I use OpenSSL with GPL software?
+
+On many systems including the major Linux and BSD distributions, yes (the
+GPL does not place restrictions on using libraries that are part of the
+normal operating system distribution).
+
+On other systems, the situation is less clear. Some GPL software copyright
+holders claim that you infringe on their rights if you use OpenSSL with
+their software on operating systems that don't normally include OpenSSL.
+
+If you develop open source software that uses OpenSSL, you may find it
+useful to choose an other license than the GPL, or state explicitly that
+"This program is released under the GPL with the additional exemption that
+compiling, linking, and/or using OpenSSL is allowed." If you are using
+GPL software developed by others, you may want to ask the copyright holder
+for permission to use their software with OpenSSL.
+
+
+[USER] ========================================================================
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly. Many open source operating systems provide a "randomness
+device" (/dev/urandom or /dev/random) that serves this purpose.
+All OpenSSL versions try to use /dev/urandom by default; starting with
+version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+available.
+
+On other systems, applications have to call the RAND_add() or
+RAND_seed() function with appropriate data before generating keys or
+performing public key encryption. (These functions initialize the
+pseudo-random number generator, PRNG.) Some broken applications do
+not do this. As of version 0.9.5, the OpenSSL functions that need
+randomness report an error if the random number generator has not been
+seeded with at least 128 bits of randomness. If this error occurs and
+is not discussed in the documentation of the application you are
+using, please contact the author of that application; it is likely
+that it never worked correctly. OpenSSL 0.9.5 and later make the
+error visible by refusing to perform potentially insecure encryption.
+
+If you are using Solaris 8, you can add /dev/urandom and /dev/random
+devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+available via the Patchfinder at <URL: http://sunsolve.sun.com>
+(Solaris 9 includes these devices by default). For /dev/random support
+for earlier Solaris versions, see Sun's statement at
+<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+(the SUNWski package is available in patch 105710).
+
+On systems without /dev/urandom and /dev/random, it is a good idea to
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+details. Starting with version 0.9.7, OpenSSL will automatically look
+for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+/etc/entropy.
+
+Most components of the openssl command line utility automatically try
+to seed the random number generator from a file. The name of the
+default seeding file is determined as follows: If environment variable
+RANDFILE is set, then it names the seeding file. Otherwise if
+environment variable HOME is set, then the seeding file is $HOME/.rnd.
+If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
+use file .rnd in the current directory while OpenSSL 0.9.6a uses no
+default seeding file at all. OpenSSL 0.9.6b and later will behave
+similarly to 0.9.6a, but will use a default of "C:\" for HOME on
+Windows systems if the environment variable has not been set.
+
+If the default seeding file does not exist or is too short, the "PRNG
+not seeded" error message may occur.
+
+The openssl command line utility will write back a new state to the
+default seeding file (and create this file if necessary) unless
+there was no sufficient seeding.
+
+Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+Use the "-rand" option of the OpenSSL command line tools instead.
+The $RANDFILE environment variable and $HOME/.rnd are only used by the
+OpenSSL command line tools. Applications using the OpenSSL library
+provide their own configuration options to specify the entropy source,
+please check out the documentation coming the with application.
+
+
+* Why do I get an "unable to write 'random state'" error message?
+
+
+Sometimes the openssl command line utility does not abort with
+a "PRNG not seeded" error message, but complains that it is
+"unable to write 'random state'". This message refers to the
+default seeding file (see previous answer). A possible reason
+is that no default filename is known because neither RANDFILE
+nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
+current directory in this case, but this has changed with 0.9.6a.)
+
+
+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (in ca(1), req(1), x509v3_config(5) )
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+ unable to find 'distinguished_name' in config
+ problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+
+This is almost certainly because you are using an old "export grade" browser
+which only supports weak encryption. Upgrade your browser to support 128 bit
+ciphers.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers (including Netscape and MSIE) only support connections to servers
+supporting RSA cipher suites. The other cause is that a set of DH parameters
+has not been supplied to the server. DH parameters can be created with the
+dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
+check the source to s_server in apps/s_server.c for an example.
+
+
+* How can I remove the passphrase on a private key?
+
+Firstly you should be really *really* sure you want to do this. Leaving
+a private key unencrypted is a major security risk. If you decide that
+you do have to do this check the EXAMPLES sections of the rsa(1) and
+dsa(1) manual pages.
+
+
+* Why can't I use OpenSSL certificates with SSL client authentication?
+
+What will typically happen is that when a server requests authentication
+it will either not include your certificate or tell you that you have
+no client certificates (Netscape) or present you with an empty list box
+(MSIE). The reason for this is that when a server requests a client
+certificate it includes a list of CAs names which it will accept. Browsers
+will only let you select certificates from the list on the grounds that
+there is little point presenting a certificate which the server will
+reject.
+
+The solution is to add the relevant CA certificate to your servers "trusted
+CA list". How you do this depends on the server software in uses. You can
+print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+
+openssl s_client -connect www.some.host:443 -prexit
+
+If your server only requests certificates on certain URLs then you may need
+to manually issue an HTTP GET command to get the list when s_client connects:
+
+GET /some/page/needing/a/certificate.html
+
+If your CA does not appear in the list then this confirms the problem.
+
+
+* Why does my browser give a warning about a mismatched hostname?
+
+Browsers expect the server's hostname to match the value in the commonName
+(CN) field of the certificate. If it does not then you get a warning.
+
+
+* How do I install a CA certificate into a browser?
+
+The usual way is to send the DER encoded certificate to the browser as
+MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
+link. On MSIE certain extensions such as .der or .cacert may also work, or you
+can import the certificate using the certificate import wizard.
+
+You can convert a certificate to DER form using the command:
+
+openssl x509 -in ca.pem -outform DER -out ca.der
+
+Occasionally someone suggests using a command such as:
+
+openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
+
+DO NOT DO THIS! This command will give away your CAs private key and
+reduces its security to zero: allowing anyone to forge certificates in
+whatever name they choose.
+
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
+
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
+
+The term "128 bit certificate" is a highly misleading marketing term. It does
+*not* refer to the size of the public key in the certificate! A certificate
+containing a 128 bit RSA key would have negligible security.
+
+There were various other names such as "magic certificates", "SGC
+certificates", "step up certificates" etc.
+
+You can't generally create such a certificate using OpenSSL but there is no
+need to any more. Nowadays web browsers using unrestricted strong encryption
+are generally available.
+
+When there were tight restrictions on the export of strong encryption
+software from the US only weak encryption algorithms could be freely exported
+(initially 40 bit and then 56 bit). It was widely recognised that this was
+inadequate. A relaxation of the rules allowed the use of strong encryption but
+only to an authorised server.
+
+Two slighly different techniques were developed to support this, one used by
+Netscape was called "step up", the other used by MSIE was called "Server Gated
+Cryptography" (SGC). When a browser initially connected to a server it would
+check to see if the certificate contained certain extensions and was issued by
+an authorised authority. If these test succeeded it would reconnect using
+strong encryption.
+
+Only certain (initially one) certificate authorities could issue the
+certificates and they generally cost more than ordinary certificates.
+
+Although OpenSSL can create certificates containing the appropriate extensions
+the certificate would not come from a permitted authority and so would not
+be recognized.
+
+The export laws were later changed to allow almost unrestricted use of strong
+encryption so these certificates are now obsolete.
+
+
+* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
+
+It doesn't: this extension is often the cause of confusion.
+
+Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
+certificate C contains AKID.
+
+The purpose of this extension is to identify the authority certificate B. This
+can be done either by including the subject key identifier of B or its issuer
+name and serial number.
+
+In this latter case because it is identifying certifcate B it must contain the
+issuer name and serial number of B.
+
+It is often wrongly assumed that it should contain the subject name of B. If it
+did this would be redundant information because it would duplicate the issuer
+name of C.
+
+
+* How can I set up a bundle of commercial root CA certificates?
+
+The OpenSSL software is shipped without any root CA certificate as the
+OpenSSL project does not have any policy on including or excluding
+any specific CA and does not intend to set up such a policy. Deciding
+about which CAs to support is up to application developers or
+administrators.
+
+Other projects do have other policies so you can for example extract the CA
+bundle used by Mozilla and/or modssl as described in this article:
+
+ <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
+
+
+[BUILD] =======================================================================
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing. Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target. File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
+* Why does the OpenSSL test fail with "bc: command not found"?
+
+You didn't install "bc", the Unix calculator. If you want to run the
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+
+
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+
+On some SCO installations or versions, bc has a bug that gets triggered
+when you run the test suite (using "make test"). The message returned is
+"bc: 1 not implemented".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it. This gets triggered when you run the
+test suite (using "make test"). The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+
+On some Alpha installations running Tru64 Unix and Compaq C, the compilation
+of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
+memory to continue compilation.' As far as the tests have shown, this may be
+a compiler bug. What happens is that it eats up a lot of resident memory
+to build something, probably a table. The problem is clearly in the
+optimization code, because if one eliminates optimization completely (-O0),
+the compilation goes through (and the compiler consumes about 2MB of resident
+memory instead of 240MB or whatever one's limit is currently).
+
+There are three options to solve this problem:
+
+1. set your current data segment size soft limit higher. Experience shows
+that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
+this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
+kbytes to set the limit to.
+
+2. If you have a hard limit that is lower than what you need and you can't
+get it changed, you can compile all of OpenSSL with -O0 as optimization
+level. This is however not a very nice thing to do for those who expect to
+get the best result from OpenSSL. A bit more complicated solution is the
+following:
+
+----- snip:start -----
+ make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+ sed -e 's/ -O[0-9] / -O0 /'`"
+ rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
+ make
+----- snip:end -----
+
+This will only compile sha_dgst.c with -O0, the rest with the optimization
+level chosen by the configuration process. When the above is done, do the
+test and installation and you're set.
+
+3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
+should not be used and is not used in SSL/TLS nor any other recognized
+protocol in either case.
+
+
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+
+Getting this message is quite usual on Solaris 2, because Sun has hidden
+away 'ar' and other development commands in directories that aren't in
+$PATH by default. One of those directories is '/usr/ccs/bin'. The
+quickest way to fix this is to do the following (it assumes you use sh
+or any sh-compatible shell):
+
+----- snip:start -----
+ PATH=${PATH}:/usr/ccs/bin; export PATH
+----- snip:end -----
+
+and then redo the compilation. What you should really do is make sure
+'/usr/ccs/bin' is permanently in your $PATH, for example through your
+'.profile' (again, assuming you use a sh-compatible shell).
+
+
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+
+Sometimes, you may get reports from VC++ command line (cl) that it
+can't find standard include files like stdio.h and other weirdnesses.
+One possible cause is that the environment isn't correctly set up.
+To solve that problem for VC++ versions up to 6, one should run
+VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
+installation directory (somewhere under 'Program Files'). For VC++
+version 7 (and up?), which is also called VS.NET, the file is called
+VSVARS32.BAT instead.
+This needs to be done prior to running NMAKE, and the changes are only
+valid for the current DOS session.
+
+
+* What is special about OpenSSL on Redhat?
+
+Red Hat Linux (release 7.0 and later) include a preinstalled limited
+version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
+is disabled in this version. The same may apply to other Linux distributions.
+Users may therefore wish to install more or all of the features left out.
+
+To do this you MUST ensure that you do not overwrite the openssl that is in
+/usr/bin on your Red Hat machine. Several packages depend on this file,
+including sendmail and ssh. /usr/local/bin is a good alternative choice. The
+libraries that come with Red Hat 7.0 onwards have different names and so are
+not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
+/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
+/lib/libcrypto.so.2 respectively).
+
+Please note that we have been advised by Red Hat attempting to recompile the
+openssl rpm with all the cryptography enabled will not work. All other
+packages depend on the original Red Hat supplied openssl package. It is also
+worth noting that due to the way Red Hat supplies its packages, updates to
+openssl on each distribution never change the package version, only the
+build number. For example, on Red Hat 7.1, the latest openssl package has
+version number 0.9.6 and build number 9 even though it contains all the
+relevant updates in packages up to and including 0.9.6b.
+
+A possible way around this is to persuade Red Hat to produce a non-US
+version of Red Hat Linux.
+
+FYI: Patent numbers and expiry dates of US patents:
+MDC-2: 4,908,861 13/03/2007
+IDEA: 5,214,703 25/05/2010
+RC5: 5,724,428 03/03/2015
+
+
+* Why does the OpenSSL compilation fail on MacOS X?
+
+If the failure happens when trying to build the "openssl" binary, with
+a large number of undefined symbols, it's very probable that you have
+OpenSSL 0.9.6b delivered with the operating system (you can find out by
+running '/usr/bin/openssl version') and that you were trying to build
+OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
+MacOS X has a misfeature that's quite difficult to go around.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+
+* Why does the OpenSSL test suite fail on MacOS X?
+
+If the failure happens when running 'make test' and the RC4 test fails,
+it's very probable that you have OpenSSL 0.9.6b delivered with the
+operating system (you can find out by running '/usr/bin/openssl version')
+and that you were trying to build OpenSSL 0.9.6d. The problem is that
+the loader ('ld') in MacOS X has a misfeature that's quite difficult to
+go around and has linked the programs "openssl" and the test programs
+with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
+libraries you just built.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+
+Failure in BN_sqr test is most likely caused by a failure to configure the
+toolkit for current platform or lack of support for the platform in question.
+Run './config -t' and './apps/openssl version -p'. Do these platform
+identifiers match? If they don't, then you most likely failed to run
+./config and you're hereby advised to do so before filing a bug report.
+If ./config itself fails to run, then it's most likely problem with your
+local environment and you should turn to your system administrator (or
+similar). If identifiers match (and/or no alternative identifier is
+suggested by ./config script), then the platform is unsupported. There might
+or might not be a workaround. Most notably on SPARC64 platforms with GNU
+C compiler you should be able to produce a working build by running
+'./config -m32'. I understand that -m32 might not be what you want/need,
+but the build should be operational. For further details turn to
+<openssl-dev at openssl.org>.
+
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+
+As of 0.9.7 assembler routines were overhauled for position independence
+of the machine code, which is essential for shared library support. For
+some reason OpenBSD is equipped with an out-of-date GNU assembler which
+finds the new code offensive. To work around the problem, configure with
+no-asm (and sacrifice a great deal of performance) or patch your assembler
+according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
+For your convenience a pre-compiled replacement binary is provided at
+<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
+Reportedly elder *BSD a.out platforms also suffer from this problem and
+remedy should be same. Provided binary is statically linked and should be
+working across wider range of *BSD branches, not just OpenBSD.
+
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+
+If the test program in question fails withs SIGILL, Illegal Instruction
+exception, then you more than likely to run SSE2-capable CPU, such as
+Intel P4, under control of kernel which does not support SSE2
+instruction extentions. See accompanying INSTALL file and
+OPENSSL_ia32cap(3) documentation page for further information.
+
+* Why does compiler fail to compile sha512.c?
+
+OpenSSL SHA-512 implementation depends on compiler support for 64-bit
+integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
+couple] lack support for this and therefore are incapable of compiling
+the module in question. The recommendation is to disable SHA-512 by
+adding no-sha512 to ./config [or ./Configure] command line. Another
+possible alternative might be to switch to GCC.
+
+* Test suite still fails, what to do?
+
+Another common reason for failure to complete some particular test is
+simply bad code generated by a buggy component in toolchain or deficiency
+in run-time environment. There are few cases documented in PROBLEMS file,
+consult it for possible workaround before you beat the drum. Even if you
+don't find solution or even mention there, do reserve for possibility of
+a compiler bug. Compiler bugs might appear in rather bizarre ways, they
+never make sense, and tend to emerge when you least expect them. In order
+to identify one, drop optimization level, e.g. by editing CFLAG line in
+top-level Makefile, recompile and re-run the test.
+
+* I think I've found a bug, what should I do?
+
+If you are a new user then it is quite likely you haven't found a bug and
+something is happening you aren't familiar with. Check this FAQ, the associated
+documentation and the mailing lists for similar queries. If you are still
+unsure whether it is a bug or not submit a query to the openssl-users mailing
+list.
+
+
+* I'm SURE I've found a bug, how do I report it?
+
+Bug reports with no security implications should be sent to the request
+tracker. This can be done by mailing the report to <rt at openssl.org> (or its
+alias <openssl-bugs at openssl.org>), please note that messages sent to the
+request tracker also appear in the public openssl-dev mailing list.
+
+The report should be in plain text. Any patches should be sent as
+plain text attachments because some mailers corrupt patches sent inline.
+If your issue affects multiple versions of OpenSSL check any patches apply
+cleanly and, if possible include patches to each affected version.
+
+The report should be given a meaningful subject line briefly summarising the
+issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
+
+By sending reports to the request tracker the bug can then be given a priority
+and assigned to the appropriate maintainer. The history of discussions can be
+accessed and if the issue has been addressed or a reason why not. If patches
+are only sent to openssl-dev they can be mislaid if a team member has to
+wade through months of old messages to review the discussion.
+
+See also <URL: http://www.openssl.org/support/rt.html>
+
+
+* I've found a security issue, how do I report it?
+
+If you think your bug has security implications then please send it to
+openssl-security at openssl.org if you don't get a prompt reply at least
+acknowledging receipt then resend or mail it directly to one of the
+more active team members (e.g. Steve).
+
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
+[PROG] ========================================================================
+
+* Is OpenSSL thread-safe?
+
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads). On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries. If your platform is not one of these, consult the INSTALL
+file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL by calling CRYPTO_set_locking_callback() and
+CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
+including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
+and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
+and friends. This is described in the threads(3) manpage.
+
+* I've compiled a program under Windows and it crashes: why?
+
+This is usually because you've missed the comment in INSTALL.W32.
+Your application must link against the same version of the Win32
+C-Runtime against which your openssl libraries were linked. The
+default version for OpenSSL is /MD - "Multithreaded DLL".
+
+If you are using Microsoft Visual C++'s IDE (Visual Studio), in
+many cases, your new project most likely defaulted to "Debug
+Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
+program will crash, typically on the first BIO related read or write
+operation.
+
+For each of the six possible link stage configurations within Win32,
+your application must link against the same by which OpenSSL was
+built. If you are using MS Visual C++ (Studio) this can be changed
+by:
+
+ 1. Select Settings... from the Project Menu.
+ 2. Select the C/C++ Tab.
+ 3. Select "Code Generation from the "Category" drop down list box
+ 4. Select the Appropriate library (see table below) from the "Use
+ run-time library" drop down list box. Perform this step for both
+ your debug and release versions of your application (look at the
+ top left of the settings panel to change between the two)
+
+ Single Threaded /ML - MS VC++ often defaults to
+ this for the release
+ version of a new project.
+ Debug Single Threaded /MLd - MS VC++ often defaults to
+ this for the debug version
+ of a new project.
+ Multithreaded /MT
+ Debug Multithreaded /MTd
+ Multithreaded DLL /MD - OpenSSL defaults to this.
+ Debug Multithreaded DLL /MDd
+
+Note that debug and release libraries are NOT interchangeable. If you
+built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+
+As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
+.DLLs compiled with some specific run-time option [we insist on the
+default /MD] can be deployed with application compiled with different
+option or even different compiler. But there is a catch! Instead of
+re-compiling OpenSSL toolkit, as you would have to with prior versions,
+you have to compile small C snippet with compiler and/or options of
+your choice. The snippet gets installed as
+<install-root>/include/openssl/applink.c and should be either added to
+your application project or simply #include-d in one [and only one]
+of your application source files. Failure to link this shim module
+into your application manifests itself as fatal "no OPENSSL_Applink"
+run-time error. An explicit reminder is due that in this situation
+[mixing compiler options] it is as important to add CRYPTO_malloc_init
+prior first call to OpenSSL.
+
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+
+You have two options. You can either use a memory BIO in conjunction
+with the i2d_*_bio() or d2i_*_bio() functions or you can use the
+i2d_*(), d2i_*() functions directly. Since these are often the
+cause of grief here are some code fragments using PKCS7 as an example:
+
+ unsigned char *buf, *p;
+ int len;
+
+ len = i2d_PKCS7(p7, NULL);
+ buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+ p = buf;
+ i2d_PKCS7(p7, &p);
+
+At this point buf contains the len bytes of the DER encoding of
+p7.
+
+The opposite assumes we already have len bytes in buf:
+
+ unsigned char *p;
+ p = buf;
+ p7 = d2i_PKCS7(NULL, &p, len);
+
+At this point p7 contains a valid PKCS7 structure of NULL if an error
+occurred. If an error occurred ERR_print_errors(bio) should give more
+information.
+
+The reason for the temporary variable 'p' is that the ASN1 functions
+increment the passed pointer so it is ready to read or write the next
+structure. This is often a cause of problems: without the temporary
+variable the buffer pointer is changed to point just after the data
+that has been read or written. This may well be uninitialized data
+and attempts to free the buffer will have unpredictable results
+because it no longer points to the same address.
+
+
+* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
+
+The short answer is yes, because DER is a special case of BER and OpenSSL
+ASN1 decoders can process BER.
+
+The longer answer is that ASN1 structures can be encoded in a number of
+different ways. One set of ways is the Basic Encoding Rules (BER) with various
+permissible encodings. A restriction of BER is the Distinguished Encoding
+Rules (DER): these uniquely specify how a given structure is encoded.
+
+Therefore, because DER is a special case of BER, DER is an acceptable encoding
+for BER.
+
+
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
+This usually happens when you try compiling something using the PKCS#12
+macros with a C++ compiler. There is hardly ever any need to use the
+PKCS#12 macros in a program, it is much easier to parse and create
+PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
+documented in doc/openssl.txt and with examples in demos/pkcs12. The
+'pkcs12' application has to use the macros because it prints out
+debugging information.
+
+
+* I've called <some function> and it fails, why?
+
+Before submitting a report or asking in one of the mailing lists, you
+should try to determine the cause. In particular, you should call
+ERR_print_errors() or ERR_print_errors_fp() after the failed call
+and see if the message helps. Note that the problem may occur earlier
+than you think -- you should check for errors after every call where
+it is possible, otherwise the actual problem may be hidden because
+some OpenSSL functions clear the error state.
+
+
+* I just get a load of numbers for the error output, what do they mean?
+
+The actual format is described in the ERR_print_errors() manual page.
+You should call the function ERR_load_crypto_strings() before hand and
+the message will be output in text form. If you can't do this (for example
+it is a pre-compiled binary) you can use the errstr utility on the error
+code itself (the hex digits after the second colon).
+
+
+* Why do I get errors about unknown algorithms?
+
+The cause is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information. This
+can cause several problems such as being unable to read in an encrypted
+PEM file, unable to decrypt a PKCS#12 file or signature failure when
+verifying certificates.
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+Several reasons for problems with the automatic detection exist.
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
+Sometimes the distribution has installed an older version in the system
+locations that is detected instead of a new one installed. The OpenSSL
+library might have been compiled for another CPU or another mode (32/64 bits).
+Permissions might be wrong.
+
+The general answer is to check the config.log file generated when running
+the OpenSSH configure script. It should contain the detailed information
+on why the OpenSSL library was not detected or considered incompatible.
+
+
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+
+Yes; make sure to read the SSL_get_error(3) manual page!
+
+A pitfall to avoid: Don't assume that SSL_read() will just read from
+the underlying transport or that SSL_write() will just write to it --
+it is also possible that SSL_write() cannot do any useful work until
+there is data to read, or that SSL_read() cannot do anything until it
+is possible to send data. One reason for this is that the peer may
+request a new TLS/SSL handshake at any time during the protocol,
+requiring a bi-directional message exchange; both SSL_read() and
+SSL_write() will try to continue any pending handshake.
+
+
+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
+* I think I've detected a memory leak, is this a bug?
+
+In most cases the cause of an apparent memory leak is an OpenSSL internal table
+that is allocated when an application starts up. Since such tables do not grow
+in size over time they are harmless.
+
+These internal tables can be freed up when an application closes using various
+functions. Currently these include following:
+
+Thread-local cleanup functions:
+
+ ERR_remove_state()
+
+Application-global cleanup functions that are aware of usage (and therefore
+thread-safe):
+
+ ENGINE_cleanup() and CONF_modules_unload()
+
+"Brutal" (thread-unsafe) Application-global cleanup functions:
+
+ ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
+
+
+* Why does Valgrind complain about the use of uninitialized data?
+
+When OpenSSL's PRNG routines are called to generate random numbers the supplied
+buffer contents are mixed into the entropy pool: so it technically does not
+matter whether the buffer is initialized at this point or not. Valgrind (and
+other test tools) will complain about this. When using Valgrind, make sure the
+OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
+to get rid of these warnings.
+
+
+* Why doesn't a memory BIO work when a file does?
+
+This can occur in several cases for example reading an S/MIME email message.
+The reason is that a memory BIO can do one of two things when all the data
+has been read from it.
+
+The default behaviour is to indicate that no more data is available and that
+the call should be retried, this is to allow the application to fill up the BIO
+again if necessary.
+
+Alternatively it can indicate that no more data is available and that EOF has
+been reached.
+
+If a memory BIO is to behave in the same way as a file this second behaviour
+is needed. This must be done by calling:
+
+ BIO_set_mem_eof_return(bio, 0);
+
+See the manual pages for more details.
+
+
+* Where are the declarations and implementations of d2i_X509() etc?
+
+These are defined and implemented by macros of the form:
+
+
+ DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+The implementation passes an ASN1 "template" defining the structure into an
+ASN1 interpreter using generalised functions such as ASN1_item_d2i().
+
+
+===============================================================================
Added: vendor-crypto/openssl/dist/INSTALL
===================================================================
--- vendor-crypto/openssl/dist/INSTALL (rev 0)
+++ vendor-crypto/openssl/dist/INSTALL 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,350 @@
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
+ and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
+ INSTALL.MacOS and INSTALL.NW.
+
+ This document describes installation on operating systems in the Unix
+ family.]
+
+ To install OpenSSL, you will need:
+
+ * make
+ * Perl 5
+ * an ANSI C compiler
+ * a development environment in form of development libraries and C
+ header files
+ * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+ $ ./config
+ $ make
+ $ make test
+ $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+ $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build:
+
+ --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
+ Configuration files used by OpenSSL will be in DIR/ssl
+ or the directory specified by --openssldir.
+
+ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+ the library files and binaries are also installed there.
+
+ no-threads Don't try to build with support for multi-threaded
+ applications.
+
+ threads Build with support for multi-threaded applications.
+ This will usually require additional system-dependent options!
+ See "Note on multi-threading" below.
+
+ no-zlib Don't try to build with support for zlib compression and
+ decompression.
+
+ zlib Build with support for zlib compression/decompression.
+
+ zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
+ when needed. This is only supported on systems where loading
+ of shared libraries is supported. This is the default choice.
+
+ no-shared Don't try to create shared libraries.
+
+ shared In addition to the usual static libraries, create shared
+ libraries on platforms where it's supported. See "Note on
+ shared libraries" below.
+
+ no-asm Do not use assembler code.
+
+ 386 Use the 80386 instruction set only (the default x86 code is
+ more efficient, but requires at least a 486). Note: Use
+ compiler flags for any other CPU specific configuration,
+ e.g. "-m32" to build x86 code on an x64 system.
+
+ no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
+ detected at run-time, but the decision whether or not the
+ machine code will be executed is taken solely on CPU
+ capability vector. This means that if you happen to run OS
+ kernel which does not support SSE2 extension on Intel P4
+ processor, then your application might be exposed to
+ "illegal instruction" exception. There might be a way
+ to enable support in kernel, e.g. FreeBSD kernel can be
+ compiled with CPU_ENABLE_SSE, and there is a way to
+ disengage SSE2 code pathes upon application start-up,
+ but if you aim for wider "audience" running such kernel,
+ consider no-sse2. Both 386 and no-asm options above imply
+ no-sse2.
+
+ no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
+ hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+ The crypto/<cipher> directory can be removed after running
+ "make depend".
+
+ -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
+ be passed through to the compiler to allow you to
+ define preprocessor symbols, specify additional libraries,
+ library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+ $ ./config [options]
+
+ This guesses at your operating system (and compiler, if necessary) and
+ configures OpenSSL based on this guess. Run ./config -t to see
+ if it guessed correctly. If you want to use a different compiler, you
+ are cross-compiling for another platform, or the ./config guess was
+ wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+ On some systems, you can include debugging information as follows:
+
+ $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+ OpenSSL knows about a range of different operating system, hardware and
+ compiler combinations. To see the ones it knows about, run
+
+ $ ./Configure
+
+ Pick a suitable name from the list that matches your system. For most
+ operating systems there is a choice between using "cc" or "gcc". When
+ you have identified your system (and if necessary compiler) use this name
+ as the argument to ./Configure. For example, a "linux-elf" user would
+ run:
+
+ $ ./Configure linux-elf [options]
+
+ If your system is not available, you will have to edit the Configure
+ program and add the correct configuration for your system. The
+ generic configurations "cc" or "gcc" should usually work on 32 bit
+ systems.
+
+ Configure creates the file Makefile.ssl from Makefile.org and
+ defines various macros in crypto/opensslconf.h (generated from
+ crypto/opensslconf.h.in).
+
+ 2. Build OpenSSL by running:
+
+ $ make
+
+ This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+ OpenSSL binary ("openssl"). The libraries will be built in the top-level
+ directory, and the binary will be in the "apps" directory.
+
+ If "make" fails, look at the output. There may be reasons for
+ the failure that aren't problems in OpenSSL itself (like missing
+ standard headers). If it is a problem with OpenSSL itself, please
+ report the problem to <openssl-bugs at openssl.org> (note that your
+ message will be recorded in the request tracker publicly readable
+ via http://www.openssl.org/support/rt.html and will be forwarded to a
+ public mailing list). Include the output of "make report" in your message.
+ Please check out the request tracker. Maybe the bug was already
+ reported or has already been fixed.
+
+ [If you encounter assembler error messages, try the "no-asm"
+ configuration option as an immediate fix.]
+
+ Compiling parts of OpenSSL with gcc and others with the system
+ compiler will result in unresolved symbols on some systems.
+
+ 3. After a successful build, the libraries should be tested. Run:
+
+ $ make test
+
+ If a test fails, look at the output. There may be reasons for
+ the failure that isn't a problem in OpenSSL itself (like a missing
+ or malfunctioning bc). If it is a problem with OpenSSL itself,
+ try removing any compiler optimization flags from the CFLAG line
+ in Makefile.ssl and run "make clean; make". Please send a bug
+ report to <openssl-bugs at openssl.org>, including the output of
+ "make report" in order to be added to the request tracker at
+ http://www.openssl.org/support/rt.html.
+
+ 4. If everything tests ok, install OpenSSL with
+
+ $ make install
+
+ This will create the installation directory (if it does not exist) and
+ then the following subdirectories:
+
+ certs Initially empty, this is the default location
+ for certificate files.
+ man/man1 Manual pages for the 'openssl' command line tool
+ man/man3 Manual pages for the libraries (very incomplete)
+ misc Various scripts.
+ private Initially empty, this is the default location
+ for private key files.
+
+ If you didn't choose a different installation prefix, the
+ following additional subdirectories will be created:
+
+ bin Contains the openssl binary and a few other
+ utility programs.
+ include/openssl Contains the header files needed if you want to
+ compile programs with libcrypto or libssl.
+ lib Contains the OpenSSL library files themselves.
+
+ Package builders who want to configure the library for standard
+ locations, but have the package installed somewhere else so that
+ it can easily be packaged, can use
+
+ $ make INSTALL_PREFIX=/tmp/package-root install
+
+ (or specify "--install_prefix=/tmp/package-root" as a configure
+ option). The specified prefix will be prepended to all
+ installation target filenames.
+
+
+ NOTE: The header files used to reside directly in the include
+ directory, but have now been moved to include/openssl so that
+ OpenSSL can co-exist with other libraries which use some of the
+ same filenames. This means that applications that use OpenSSL
+ should now use C preprocessor directives of the form
+
+ #include <openssl/ssl.h>
+
+ instead of "#include <ssl.h>", which was used with library versions
+ up to OpenSSL 0.9.2b.
+
+ If you install a new version of OpenSSL over an old library version,
+ you should delete the old header files in the include directory.
+
+ Compatibility issues:
+
+ * COMPILING existing applications
+
+ To compile an application that uses old filenames -- e.g.
+ "#include <ssl.h>" --, it will usually be enough to find
+ the CFLAGS definition in the application's Makefile and
+ add a C option such as
+
+ -I/usr/local/ssl/include/openssl
+
+ to it.
+
+ But don't delete the existing -I option that points to
+ the ..../include directory! Otherwise, OpenSSL header files
+ could not #include each other.
+
+ * WRITING applications
+
+ To write an application that is able to handle both the new
+ and the old directory layout, so that it can still be compiled
+ with library versions up to OpenSSL 0.9.2b without bothering
+ the user, you can proceed as follows:
+
+ - Always use the new filename of OpenSSL header files,
+ e.g. #include <openssl/ssl.h>.
+
+ - Create a directory "incl" that contains only a symbolic
+ link named "openssl", which points to the "include" directory
+ of OpenSSL.
+ For example, your application's Makefile might contain the
+ following rule, if OPENSSLDIR is a pathname (absolute or
+ relative) of the directory where OpenSSL resides:
+
+ incl/openssl:
+ -mkdir incl
+ cd $(OPENSSLDIR) # Check whether the directory really exists
+ -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+ You will have to add "incl/openssl" to the dependencies
+ of those C files that include some OpenSSL header file.
+
+ - Add "-Iincl" to your CFLAGS.
+
+ With these additions, the OpenSSL header files will be available
+ under both name variants if an old library version is used:
+ Your application can reach them under names like <openssl/foo.h>,
+ while the header files still are able to #include each other
+ with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications. On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.) The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+ Note on shared libraries
+ ------------------------
+
+ Shared libraries have certain caveats. Binary backward compatibility
+ can't be guaranteed before OpenSSL version 1.0. The only reason to
+ use them would be to conserve memory on systems where several programs
+ are using OpenSSL.
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created. This method supports Makefile
+ targets for shared library creation, like linux-shared. Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
+ Note on support for multiple builds
+ -----------------------------------
+
+ OpenSSL is usually built in its source tree. Unfortunately, this doesn't
+ support building for multiple platforms from the same source tree very well.
+ It is however possible to build in a separate tree through the use of lots
+ of symbolic links, which should be prepared like this:
+
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+ mkdir -p `dirname $F`
+ rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
+ echo $F '->' $OPENSSL_SOURCE/$F
+ done
+ make -f Makefile.org clean
+
+ OPENSSL_SOURCE is an environment variable that contains the absolute (this
+ is important!) path to the OpenSSL source tree.
+
+ Also, operations like 'make update' should still be made in the source tree.
Added: vendor-crypto/openssl/dist/INSTALL.DJGPP
===================================================================
--- vendor-crypto/openssl/dist/INSTALL.DJGPP (rev 0)
+++ vendor-crypto/openssl/dist/INSTALL.DJGPP 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,47 @@
+
+
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ environment for 16-bit DOS, but only with long filename support.
+ If you wish to compile on native DOS with 8+3 filenames, you will
+ have to tweak the installation yourself, including renaming files
+ with illegal or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and BC also be installed.
+
+ All of these can be obtained from the usual DJGPP mirror sites or
+ directly at "http://www.delorie.com/pub/djgpp". For help on which
+ files to download, see the DJGPP "ZIP PICKER" page at
+ "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
+ The Makefile assumes that the WATT-32 code is in the directory
+ specified by the environment variable WATT_ROOT. If you have watt-32
+ in directory "watt32" under your main DJGPP directory, specify
+ WATT_ROOT="/dev/env/DJDIR/watt32".
+
+ To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ running "./Configure" with appropriate arguments:
+
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+
+ And finally fire up "make". You may run out of DPMI selectors when
+ running in a DOS box under Windows. If so, just close the BASH
+ shell, go back to Windows, and restart BASH. Then run "make" again.
+
+ RUN-TIME CAVEAT LECTOR
+ --------------
+
+ Quoting FAQ:
+
+ "Cryptographic software needs a source of unpredictable data to work
+ correctly. Many open source operating systems provide a "randomness
+ device" (/dev/urandom or /dev/random) that serves this purpose."
+
+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
+ obtained from "http://www.rahul.net/dkaufman/index.html".
Added: vendor-crypto/openssl/dist/INSTALL.VMS
===================================================================
--- vendor-crypto/openssl/dist/INSTALL.VMS (rev 0)
+++ vendor-crypto/openssl/dist/INSTALL.VMS 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,299 @@
+ VMS Installation instructions
+ written by Richard Levitte
+ <richard at levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+ Requirements - Mandatory reading.
+ Checking the distribution - Mandatory reading.
+ Compilation - Mandatory reading.
+ Logical names - Mandatory reading.
+ Test - Mandatory reading.
+ Installation - Mandatory reading.
+ Backward portability - Read if it's an issue.
+ Possible bugs or quirks - A few warnings on things that
+ may go wrong or may surprise you.
+ TODO - Things that are to come.
+
+
+Requirements:
+=============
+
+To build and install OpenSSL, you will need:
+
+ * DEC C or some other ANSI C compiler. VAX C is *not* supported.
+ [Note: OpenSSL has only been tested with DEC C. Compiling with
+ a different ANSI C compiler may require some work]
+
+Checking the distribution:
+==========================
+
+There have been reports of places where the distribution didn't quite get
+through, for example if you've copied the tree from a NFS-mounted Unix
+mount point.
+
+The easiest way to check if everything got through as it should is to check
+for one of the following files:
+
+ [.CRYPTO]OPENSSLCONF.H_IN
+ [.CRYPTO]OPENSSLCONF_H.IN
+
+They should never exist both at once, but one of them should (preferably
+the first variant). If you can't find any of those two, something went
+wrong.
+
+The best way to get a correct distribution is to download the gzipped tar
+file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
+use VMSTAR to unpack the resulting tar file.
+
+GUNZIP is available in many places on the net. One of the distribution
+points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
+
+VMSTAR is also available in many places on the net. The recommended place
+to find information about it is http://www.free.lp.se/vmstar/ .
+
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer at mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately. Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them. However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory. The syntax is the following:
+
+ @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+ ALL Just build "everything".
+ CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+ BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
+ SOFTLINKS Just copies some files, to simulate Unix soft links.
+ BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
+ RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+ CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+ SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+ SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+ TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+ APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+ RSAREF compile using the RSAREF Library
+ NORSAREF compile without using RSAREF
+
+Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
+ expires September 20, 2000, and RSA Security chose to make
+ the algorithm public domain two weeks before that.
+
+Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
+ and you have to download it. RSA Security doesn't carry it
+ any more, but there are a number of places where you can find
+ it. You have to get the ".tar-Z" file as the ".zip" file
+ doesn't have the directory structure stored. You have to
+ extract the file into the [.RSAREF] directory as that is where
+ the scripts will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+ DEBUG compile with debugging info (will not optimize)
+ NODEBUG compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+ DECC For DEC C.
+ GNUC For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
+just to test them. For production use, make sure you install first, see
+Installation below.
+
+Note 1: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+ you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
+ a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
+
+
+Logical names:
+==============
+
+There are a few things that can't currently be given through the command
+line. Instead, logical names are used.
+
+Currently, the logical names supported are:
+
+ OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
+ not be used. Instead, plain C implementations are
+ used. This is good to try if something doesn't work.
+ OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
+ will not be implemented. Supported algorithms to
+ do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
+ SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
+ SSL2. So, for example, having the logical name
+ OPENSSL_NO_RSA with the value YES means that the
+ LIBCRYPTO.OLB library will not contain an RSA
+ implementation.
+
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+ @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs at openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+ @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+ OPENSSL_STARTUP.COM
+
+ defines all needed logical names. Takes one argument that
+ tells it in what logical name table to insert the logical
+ names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+ call should look like this:
+
+ @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+ OPENSSL_UTILS.COM
+
+ sets up the symbols to the applications. Should be called
+ from for example SYS$MANAGER:SYLOGIN.COM
+
+The logical names that are set up are the following:
+
+ SSLROOT a dotted concealed logical name pointing at the
+ root directory.
+
+ SSLCERTS Initially an empty directory, this is the default
+ location for certificate files.
+ SSLMISC Various scripts.
+ SSLPRIVATE Initially an empty directory, this is the default
+ location for private key files.
+
+ SSLEXE Contains the openssl binary and a few other utility
+ programs.
+ SSLINCLUDE Contains the header files needed if you want to
+ compile programs with libcrypto or libssl.
+ SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
+ and LIBSSL.OLB) themselves.
+
+ OPENSSL Same as SSLINCLUDE. This is because the standard
+ way to include OpenSSL header files from version
+ 0.9.3 and on is:
+
+ #include <openssl/header.h>
+
+ For more info on this issue, see the INSTALL. file
+ (the NOTE in section 4 of "Installation in Detail").
+ You don't need to "deleting old header files"!!!
+
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible. Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros). One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck. Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values. In the compilation scripts, I've provided the possibility
+for the user to influence the creation of such macros, through a bunch of
+symbols, all having names starting with USER_. Here's the list of them:
+
+ USER_CCFLAGS - Used to give additional qualifiers to the
+ compiler. It can't be used to define macros
+ since the scripts will do such things as well.
+ To do such things, use USER_CCDEFS.
+ USER_CCDEFS - Used to define macros on the command line. The
+ value of this symbol will be inserted inside a
+ /DEFINE=(...).
+ USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
+ inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+ $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+ $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only useful for library compilation. The
+ programs will still be linked with the current version of the
+ C library shareable image, and will thus complain if they are
+ faced with an older version of the same C library shareable image.
+ This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments. Please experiment.
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users at openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard at levitte.org>
+2000-02-27
Added: vendor-crypto/openssl/dist/LICENSE
===================================================================
--- vendor-crypto/openssl/dist/LICENSE (rev 0)
+++ vendor-crypto/openssl/dist/LICENSE 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,127 @@
+
+ LICENSE ISSUES
+ ==============
+
+ The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+ the OpenSSL License and the original SSLeay license apply to the toolkit.
+ See below for the actual license texts. Actually both licenses are BSD-style
+ Open Source licenses. In case of any license issues related to OpenSSL
+ please contact openssl-core at openssl.org.
+
+ OpenSSL License
+ ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
Added: vendor-crypto/openssl/dist/Makefile
===================================================================
--- vendor-crypto/openssl/dist/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,732 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=0.9.8zb
+MAJOR=0
+MINOR=9.8
+SHLIB_VERSION_NUMBER=0.9.8
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=0
+SHLIB_MINOR=9.8
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+CONFIGURE_ARGS=dist
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+CFLAG= -O
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+ARFLAGS=
+AR= ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
+RANLIB= /usr/bin/ranlib
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG=makedepend
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ objects \
+ md2 md4 md5 sha hmac ripemd \
+ des aes rc2 rc4 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os2.h
+HEADER= e_os.h
+
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ LIBDIR='${LIBDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+ cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
+
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
+
+build_crypto:
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
+clean-shared:
+ @set -e; for i in $(SHLIBDIRS); do \
+ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+ tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+ for j in $${tmp:-x}; do \
+ ( set -x; rm -f lib$$i$$j ); \
+ done; \
+ fi; \
+ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ fi; \
+ done
+
+link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
+ done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+ libs="-l$$i $$libs"; \
+ done
+
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+
+clean: libclean
+ rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
+ rm -f speed.* .pure
+ rm -f $(TARFILE)
+ @set -e; for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
+
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+ rm -f *.bak
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs) && \
+ touch rehash.time; \
+ fi
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
+
+report:
+ @$(PERL) util/selftest.pl
+
+depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+ rm -f TAGS
+ find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+ $(PERL) util/mkerr.pl -recurse -write
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
+
+stacks:
+ $(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+ $(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+ $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+ $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+ $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
+ find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ rm -f ../$(TARFILE).list; \
+ ls -l ../$(TARFILE).gz
+
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+install: all install_docs install_sw
+
+install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+ tmp="$(SHARED_LIBS)"; \
+ for i in $${tmp:-x}; \
+ do \
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ fi ); \
+ fi; \
+ done; \
+ ( here="`pwd`"; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+ filecase=-i; \
+ fi; \
+ set -e; for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
Added: vendor-crypto/openssl/dist/Makefile.bak
===================================================================
--- vendor-crypto/openssl/dist/Makefile.bak (rev 0)
+++ vendor-crypto/openssl/dist/Makefile.bak 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,732 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=0.9.8zb-dev
+MAJOR=0
+MINOR=9.8
+SHLIB_VERSION_NUMBER=0.9.8
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=0
+SHLIB_MINOR=9.8
+SHLIB_EXT=
+PLATFORM=gcc
+OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+CONFIGURE_ARGS=gcc
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+CFLAG= -O3
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+ARFLAGS=
+AR= ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
+RANLIB= /usr/bin/ranlib
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG= gcc
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ objects \
+ md2 md4 md5 sha hmac ripemd \
+ des aes rc2 rc4 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os2.h
+HEADER= e_os.h
+
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ LIBDIR='${LIBDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+ cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
+
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
+
+build_crypto:
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
+clean-shared:
+ @set -e; for i in $(SHLIBDIRS); do \
+ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+ tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+ for j in $${tmp:-x}; do \
+ ( set -x; rm -f lib$$i$$j ); \
+ done; \
+ fi; \
+ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ fi; \
+ done
+
+link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
+ done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+ libs="-l$$i $$libs"; \
+ done
+
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+
+clean: libclean
+ rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
+ rm -f speed.* .pure
+ rm -f $(TARFILE)
+ @set -e; for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
+
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+ rm -f *.bak
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs) && \
+ touch rehash.time; \
+ fi
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
+
+report:
+ @$(PERL) util/selftest.pl
+
+depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+ rm -f TAGS
+ find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+ $(PERL) util/mkerr.pl -recurse -write
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
+
+stacks:
+ $(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+ $(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+ $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+ $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+ $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
+ find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ rm -f ../$(TARFILE).list; \
+ ls -l ../$(TARFILE).gz
+
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+install: all install_docs install_sw
+
+install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+ tmp="$(SHARED_LIBS)"; \
+ for i in $${tmp:-x}; \
+ do \
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ fi ); \
+ fi; \
+ done; \
+ ( here="`pwd`"; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+ filecase=-i; \
+ fi; \
+ set -e; for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
Added: vendor-crypto/openssl/dist/Makefile.org
===================================================================
--- vendor-crypto/openssl/dist/Makefile.org (rev 0)
+++ vendor-crypto/openssl/dist/Makefile.org 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,730 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS=
+CONFIGURE_ARGS=
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+CFLAG= -O
+DEPFLAG=
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+ARFLAGS=
+AR=ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
+RANLIB= ranlib
+PERL= perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG=makedepend
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ=aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
+DIRS= crypto fips ssl engines apps test tools
+SHLIBDIRS= crypto ssl fips
+
+# dirs in crypto to build
+SDIRS= \
+ objects \
+ md2 md4 md5 sha mdc2 hmac ripemd \
+ des aes rc2 rc4 rc5 idea bf cast camellia seed \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store cms pqueue jpake
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os2.h
+HEADER= e_os.h
+
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ LIBDIR='${LIBDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+ cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
+
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
+
+build_crypto:
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
+clean-shared:
+ @set -e; for i in $(SHLIBDIRS); do \
+ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+ tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+ for j in $${tmp:-x}; do \
+ ( set -x; rm -f lib$$i$$j ); \
+ done; \
+ fi; \
+ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ fi; \
+ done
+
+link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
+ done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+ libs="-l$$i $$libs"; \
+ done
+
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+
+clean: libclean
+ rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
+ rm -f speed.* .pure
+ rm -f $(TARFILE)
+ @set -e; for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
+
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+ rm -f *.bak
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs) && \
+ touch rehash.time; \
+ fi
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
+
+report:
+ @$(PERL) util/selftest.pl
+
+depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+ rm -f TAGS
+ find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+ $(PERL) util/mkerr.pl -recurse -write
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
+
+stacks:
+ $(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+ $(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+ $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+ $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+ $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
+ find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ rm -f ../$(TARFILE).list; \
+ ls -l ../$(TARFILE).gz
+
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+install: all install_docs install_sw
+
+install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+ tmp="$(SHARED_LIBS)"; \
+ for i in $${tmp:-x}; \
+ do \
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ fi ); \
+ fi; \
+ done; \
+ ( here="`pwd`"; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+ filecase=-i; \
+ fi; \
+ set -e; for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
Added: vendor-crypto/openssl/dist/Makefile.shared
===================================================================
--- vendor-crypto/openssl/dist/Makefile.shared (rev 0)
+++ vendor-crypto/openssl/dist/Makefile.shared 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,609 @@
+#
+# Helper makefile to link shared libraries in a portable way.
+# This is much simpler than libtool, and hopefully not too error-prone.
+#
+# The following variables need to be set on the command line to build
+# properly
+
+# CC contains the current compiler. This one MUST be defined
+CC=cc
+CFLAGS=$(CFLAG)
+# LDFLAGS contains flags to be used when temporary object files (when building
+# shared libraries) are created, or when an application is linked.
+# SHARED_LDFLAGS contains flags to be used when the shared library is created.
+LDFLAGS=
+SHARED_LDFLAGS=
+
+# LIBNAME contains just the name of the library, without prefix ("lib"
+# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+# .dll, ...). This one MUST have a value when using this makefile to
+# build shared libraries.
+# For example, to build libfoo.so, you need to do the following:
+#LIBNAME=foo
+LIBNAME=
+
+# APPNAME contains just the name of the application, without suffix (""
+# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
+# this makefile to build applications.
+# For example, to build foo, you need to do the following:
+#APPNAME=foo
+APPNAME=
+
+# OBJECTS contains all the object files to link together into the application.
+# This must contain at least one object file.
+#OBJECTS=foo.o
+OBJECTS=
+
+# LIBEXTRAS contains extra modules to link together with the library.
+# For example, if a second library, say libbar.a needs to be linked into
+# libfoo.so, you need to do the following:
+#LIBEXTRAS=libbar.a
+# Note that this MUST be used when using the link_o targets, to hold the
+# names of all object files that go into the target library.
+LIBEXTRAS=
+
+# LIBVERSION contains the current version of the library.
+# For example, to build libfoo.so.1.2, you need to do the following:
+#LIBVERSION=1.2
+LIBVERSION=
+
+# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
+# the library. They MUST be in decreasing order.
+# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
+# and libfoo.so.1, you need to do the following:
+#LIBCOMPATVERSIONS=1.2 1
+# Note that on systems that use sonames, the last number will appear as
+# part of it.
+# It's also possible, for systems that support it (Tru64, for example),
+# to add extra compatibility info with more precision, by adding a second
+# list of versions, separated from the first with a semicolon, like this:
+#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
+LIBCOMPATVERSIONS=
+
+# LIBDEPS contains all the flags necessary to cover all necessary
+# dependencies to other libraries.
+LIBDEPS=
+
+#------------------------------------------------------------------------------
+# The rest is private to this makefile.
+
+SET_X=:
+#SET_X=set -x
+
+top:
+ echo "Trying to use this makefile interactively? Don't."
+
+CALC_VERSIONS= \
+ SHLIB_COMPAT=; SHLIB_SOVER=; \
+ if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
+ prev=""; \
+ for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
+ SHLIB_SOVER_NODOT=$$v; \
+ SHLIB_SOVER=.$$v; \
+ if [ -n "$$prev" ]; then \
+ SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
+ fi; \
+ prev=$$v; \
+ done; \
+ fi
+
+LINK_APP= \
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+
+LINK_SO= \
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+ ) && $(SYMLINK_SO)
+
+SYMLINK_SO= \
+ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
+ prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ if [ -n "$$SHLIB_COMPAT" ]; then \
+ for x in $$SHLIB_COMPAT; do \
+ ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
+ prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+ fi
+
+LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
+
+LINK_SO_A_VIA_O= \
+ SHOBJECTS=lib$(LIBNAME).o; \
+ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
+ ( $(SET_X); \
+ ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
+ $(LINK_SO) && rm -f $(LIBNAME).o
+
+LINK_SO_A_UNPACKED= \
+ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
+ (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
+ ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
+ SHOBJECTS=$$UNPACKDIR/*.o; \
+ $(LINK_SO) && rm -rf $$UNPACKDIR
+
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+
+DO_GNU_SO=$(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+
+#This is rather special. It's a special target with which one can link
+#applications without bothering with any features that have anything to
+#do with shared libraries, for example when linking against static
+#libraries. It's mostly here to avoid a lot of conditionals everywhere
+#else...
+link_app.:
+ $(LINK_APP)
+
+link_o.gnu:
+ @ $(DO_GNU_SO); $(LINK_SO_O)
+link_a.gnu:
+ @ $(DO_GNU_SO); $(LINK_SO_A)
+link_app.gnu:
+ @ $(DO_GNU_APP); $(LINK_APP)
+
+link_o.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ LIBDEPS=" "; \
+ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+ NOALLSYMSFLAGS=; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+ fi; $(LINK_SO_O)
+link_a.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ LIBDEPS=" "; \
+ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+ NOALLSYMSFLAGS=; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+ fi; $(LINK_SO_A)
+link_app.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+ LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
+ fi; $(LINK_APP)
+
+# For Darwin AKA Mac OS/X (dyld)
+# link_o.darwin produces .so, because we let it use dso_dlfcn module,
+# which has .so extension hard-coded. One can argue that one should
+# develop special dso module for MacOS X. At least manual encourages
+# to use native NSModule(3) API and refers to dlfcn as termporary hack.
+link_o.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
+ SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
+ SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
+ SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
+ ALLSYMSFLAGS='-all_load'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+ if [ -n "$(LIBVERSION)" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME); \
+ SHLIB_SUFFIX=.dylib; \
+ ALLSYMSFLAGS='-all_load'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+ if [ -n "$(LIBVERSION)" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+ fi; \
+ SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
+ $(LINK_SO_A)
+link_app.darwin: # is there run-path on darwin?
+ $(LINK_APP)
+
+link_o.cygwin:
+ @ $(CALC_VERSIONS); \
+ INHIBIT_SYMLINKS=yes; \
+ SHLIB=cyg$(LIBNAME); \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+ SHLIB=$(LIBNAME)eay32; base=; \
+ fi; \
+ SHLIB_SUFFIX=.dll; \
+ LIBVERSION="$(LIBVERSION)"; \
+ SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+ $(LINK_SO_O)
+link_a.cygwin:
+ @ $(CALC_VERSIONS); \
+ INHIBIT_SYMLINKS=yes; \
+ SHLIB=cyg$(LIBNAME); \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+ SHLIB=$(LIBNAME)eay32; \
+ base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ fi; \
+ SHLIB_SUFFIX=.dll; \
+ SHLIB_SOVER=-$(LIBVERSION); \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+ [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
+ [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
+ $(LINK_SO_A) || exit 1; \
+ cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
+ cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
+link_app.cygwin:
+ $(LINK_APP)
+
+link_o.alpha-osf1:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+ else \
+ SHLIB_HIST="$(LIBVERSION)"; \
+ fi; \
+ SHLIB_SOVER=; \
+ ALLSYMSFLAGS='-all'; \
+ NOALLSYMSFLAGS='-none'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+ fi; \
+ fi; \
+ $(LINK_SO_O)
+link_a.alpha-osf1:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+ else \
+ SHLIB_HIST="$(LIBVERSION)"; \
+ fi; \
+ SHLIB_SOVER=; \
+ ALLSYMSFLAGS='-all'; \
+ NOALLSYMSFLAGS='-none'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+ fi; \
+ fi; \
+ $(LINK_SO_A)
+link_app.alpha-osf1:
+ @if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_APP); \
+ else \
+ LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+link_o.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ MINUSZ='-z '; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS="$${MINUSZ}allextract"; \
+ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ MINUSZ='-z '; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=;\
+ ALLSYMSFLAGS="$${MINUSZ}allextract"; \
+ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+ fi; \
+ $(LINK_SO_A)
+link_app.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_APP); \
+ else \
+ LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+# OpenServer 5 native compilers used
+link_o.svr3:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.svr3:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_A_UNPACKED)
+link_app.svr3:
+ @${DETECT_GNU_LD} && $(DO_GNU_APP); \
+ $(LINK_APP)
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+link_o.svr5:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHARE_FLAG='-G'; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.svr5:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHARE_FLAG='-G'; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_A_UNPACKED)
+link_app.svr5:
+ @${DETECT_GNU_LD} && $(DO_GNU_APP); \
+ $(LINK_APP)
+
+link_o.irix:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ MINUSWL=""; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+ ALLSYMSFLAGS="$${MINUSWL}-all"; \
+ NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.irix:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ MINUSWL=""; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+ ALLSYMSFLAGS="$${MINUSWL}-all"; \
+ NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+ fi; \
+ $(LINK_SO_A)
+link_app.irix:
+ @LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
+ $(LINK_APP)
+
+# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# rules imply that we can only link one level down in catalog structure,
+# but that's what takes place for the moment of this writing. +cdp option
+# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# editor context only [it's simply ignored in other cases, which are all
+# ELFs by the way].
+#
+link_o.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ NOALLSYMSFLAGS=''; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+ fi; \
+ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
+ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_a.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ NOALLSYMSFLAGS=''; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+ fi; \
+ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
+ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_app.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+ LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+link_o.aix:
+ @ $(CALC_VERSIONS); \
+ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
+ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+ $(LINK_SO_O);
+link_a.aix:
+ @ $(CALC_VERSIONS); \
+ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
+ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-bnogc'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+ $(LINK_SO_A_VIA_O)
+link_app.aix:
+ LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+ $(LINK_APP)
+
+link_o.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) -G'; \
+ $(LINK_SO_O)
+link_a.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) -G'; \
+ $(LINK_SO_A_UNPACKED)
+link_app.reliantunix:
+ $(LINK_APP)
+
+# Targets to build symbolic links when needed
+symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
+symlink.aix symlink.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ $(SYMLINK_SO)
+symlink.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME); \
+ SHLIB_SUFFIX=.dylib; \
+ $(SYMLINK_SO)
+symlink.hpux:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ $(SYMLINK_SO)
+# The following lines means those specific architectures do no symlinks
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+
+# Compatibility targets
+link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
+link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+link_o.bsd-shared: link_o.bsd
+link_a.bsd-shared: link_a.bsd
+link_app.bsd-shared: link_app.bsd
+link_o.darwin-shared: link_o.darwin
+link_a.darwin-shared: link_a.darwin
+link_app.darwin-shared: link_app.darwin
+symlink.darwin-shared: symlink.darwin
+link_o.cygwin-shared: link_o.cygwin
+link_a.cygwin-shared: link_a.cygwin
+link_app.cygwin-shared: link_app.cygwin
+symlink.cygwin-shared: symlink.cygwin
+link_o.alpha-osf1-shared: link_o.alpha-osf1
+link_a.alpha-osf1-shared: link_a.alpha-osf1
+link_app.alpha-osf1-shared: link_app.alpha-osf1
+symlink.alpha-osf1-shared: symlink.alpha-osf1
+link_o.tru64-shared: link_o.tru64
+link_a.tru64-shared: link_a.tru64
+link_app.tru64-shared: link_app.tru64
+symlink.tru64-shared: symlink.tru64
+link_o.tru64-shared-rpath: link_o.tru64-rpath
+link_a.tru64-shared-rpath: link_a.tru64-rpath
+link_app.tru64-shared-rpath: link_app.tru64-rpath
+symlink.tru64-shared-rpath: symlink.tru64-rpath
+link_o.solaris-shared: link_o.solaris
+link_a.solaris-shared: link_a.solaris
+link_app.solaris-shared: link_app.solaris
+symlink.solaris-shared: symlink.solaris
+link_o.svr3-shared: link_o.svr3
+link_a.svr3-shared: link_a.svr3
+link_app.svr3-shared: link_app.svr3
+symlink.svr3-shared: symlink.svr3
+link_o.svr5-shared: link_o.svr5
+link_a.svr5-shared: link_a.svr5
+link_app.svr5-shared: link_app.svr5
+symlink.svr5-shared: symlink.svr5
+link_o.irix-shared: link_o.irix
+link_a.irix-shared: link_a.irix
+link_app.irix-shared: link_app.irix
+symlink.irix-shared: symlink.irix
+link_o.hpux-shared: link_o.hpux
+link_a.hpux-shared: link_a.hpux
+link_app.hpux-shared: link_app.hpux
+symlink.hpux-shared: symlink.hpux
+link_o.aix-shared: link_o.aix
+link_a.aix-shared: link_a.aix
+link_app.aix-shared: link_app.aix
+symlink.aix-shared: symlink.aix
+link_o.reliantunix-shared: link_o.reliantunix
+link_a.reliantunix-shared: link_a.reliantunix
+link_app.reliantunix-shared: link_app.reliantunix
+symlink.reliantunix-shared: symlink.reliantunix
Added: vendor-crypto/openssl/dist/NEWS
===================================================================
--- vendor-crypto/openssl/dist/NEWS (rev 0)
+++ vendor-crypto/openssl/dist/NEWS 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,603 @@
+
+ NEWS
+ ====
+
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3508
+
+ Known issues in OpenSSL 0.9.8za:
+
+ o Compilation failure of s3_pkt.c on some platforms due to missing
+ <limits.h> include. Fixed in 0.9.8zb-dev.
+ o FIPS capable link failure with missing symbol BN_consttime_swap.
+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
+ Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
+
+ o Fix for CVE-2014-0224
+ o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0195
+ o Fix for CVE-2014-3470
+ o Fix for CVE-2014-0076
+ o Fix for CVE-2010-5298
+ o Fix to TLS alert handling.
+
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Fix policy check double free error CVE-2011-4109
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
+
+ o Fix for security issue CVE-2011-0014
+
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+
+ o Fix for security issue CVE-2010-3864.
+
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+
+ o Fix for security issue CVE-2010-0742.
+ o Various DTLS fixes.
+ o Recognise SHA2 certificates if only SSL algorithms added.
+ o Fix for no-rc4 compilation.
+ o Chil ENGINE unload workaround.
+
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+ o CFB cipher definition fixes.
+ o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+ o Cipher definition fixes.
+ o Workaround for slow RAND_poll() on some WIN32 versions.
+ o Remove MD2 from algorithm tables.
+ o SPKAC handling fixes.
+ o Support for RFC5746 TLS renegotiation extension.
+ o Compression memory leak fixed.
+ o Compression session resumption fixed.
+ o Ticket and SNI coexistence fixes.
+ o Many fixes to DTLS handling.
+
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+ o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+ o Fix various build issues.
+ o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+ o Fix security issue (CVE-2008-5077)
+ o Merge FIPS 140-2 branch code.
+
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+ o CryptoAPI ENGINE support.
+ o Various precautionary measures.
+ o Fix for bugs affecting certificate request creation.
+ o Support for local machine keyset attribute in PKCS#12 files.
+
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+ o Backport of CMS functionality to 0.9.8.
+ o Fixes for bugs introduced with 0.9.8f.
+
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+ o Add gcc 4.2 support.
+ o Add support for AES and SSE2 assembly lanugauge optimization
+ for VC++ build.
+ o Support for RFC4507bis and server name extensions if explicitly
+ selected at compile time.
+ o DTLS improvements.
+ o RFC4507bis support.
+ o TLS Extensions support.
+
+ Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+ o Various ciphersuite selection fixes.
+ o RFC3779 support.
+
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+ o Changes to ciphersuite selection algorithm
+
+ Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+ o New cipher Camellia
+
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+ o Cipher string fixes.
+ o Fixes for VC++ 2005.
+ o Updated ECC cipher suite support.
+ o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+ o Zlib compression usage fixes.
+ o Built in dynamic engine compilation support on Win32.
+ o Fixes auto dynamic engine loading in Win32.
+
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+ o Fix potential SSL 2.0 rollback, CVE-2005-2969
+ o Extended Windows CE support
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+ o Major work on the BIGNUM library for higher efficiency and to
+ make operations more streamlined and less contradictory. This
+ is the result of a major audit of the BIGNUM library.
+ o Addition of BIGNUM functions for fields GF(2^m) and NIST
+ curves, to support the Elliptic Crypto functions.
+ o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+ the use through EVP, X509 and ENGINE.
+ o New ASN.1 mini-compiler that's usable through the OpenSSL
+ configuration file.
+ o Added support for ASN.1 indefinite length constructed encoding.
+ o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+ o Complete rework of shared library construction and linking
+ programs with shared or static libraries, through a separate
+ Makefile.shared.
+ o Rework of the passing of parameters from one Makefile to another.
+ o Changed ENGINE framework to load dynamic engine modules
+ automatically from specifically given directories.
+ o New structure and ASN.1 functions for CertificatePair.
+ o Changed the ZLIB compression method to be stateful.
+ o Changed the key-generation and primality testing "progress"
+ mechanism to take a structure that contains the ticker
+ function and an argument.
+ o New engine module: GMP (performs private key exponentiation).
+ o New engine module: VIA PadLOck ACE extension in VIA C3
+ Nehemiah processors.
+ o Added support for IPv6 addresses in certificate extensions.
+ See RFC 1884, section 2.2.
+ o Added support for certificate policy mappings, policy
+ constraints and name constraints.
+ o Added support for multi-valued AVAs in the OpenSSL
+ configuration file.
+ o Added support for multiple certificates with the same subject
+ in the 'openssl ca' index file.
+ o Make it possible to create self-signed certificates using
+ 'openssl ca -selfsign'.
+ o Make it possible to generate a serial number file with
+ 'openssl ca -create_serial'.
+ o New binary search functions with extended functionality.
+ o New BUF functions.
+ o New STORE structure and library to provide an interface to all
+ sorts of data repositories. Supports storage of public and
+ private keys, certificates, CRLs, numbers and arbitrary blobs.
+ This library is unfortunately unfinished and unused withing
+ OpenSSL.
+ o New control functions for the error stack.
+ o Changed the PKCS#7 library to support one-pass S/MIME
+ processing.
+ o Added the possibility to compile without old deprecated
+ functionality with the OPENSSL_NO_DEPRECATED macro or the
+ 'no-deprecated' argument to the config and Configure scripts.
+ o Constification of all ASN.1 conversion functions, and other
+ affected functions.
+ o Improved platform support for PowerPC.
+ o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+ o New X509_VERIFY_PARAM structure to support parametrisation
+ of X.509 path validation.
+ o Major overhaul of RC4 performance on Intel P4, IA-64 and
+ AMD64.
+ o Changed the Configure script to have some algorithms disabled
+ by default. Those can be explicitely enabled with the new
+ argument form 'enable-xxx'.
+ o Change the default digest in 'openssl' commands from MD5 to
+ SHA-1.
+ o Added support for DTLS.
+ o New BIGNUM blinding.
+ o Added support for the RSA-PSS encryption scheme
+ o Added support for the RSA X.931 padding.
+ o Added support for BSD sockets on NetWare.
+ o Added support for files larger than 2GB.
+ o Added initial support for Win64.
+ o Added alternate pkg-config files.
+
+ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+ o FIPS 1.1.1 module linking.
+ o Various ciphersuite selection fixes.
+
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+ Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+ o Visual C++ 2005 fixes.
+ o Update Windows build system for FIPS.
+
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+ o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+ o Fix SSL 2.0 Rollback, CVE-2005-2969
+ o Allow use of fixed-length exponent on DSA signing
+ o Default fixed-window RSA, DSA, DH private-key operations
+
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+ o More compilation issues fixed.
+ o Adaptation to more modern Kerberos API.
+ o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+ o Enhanced x86_64 assembler BIGNUM module.
+ o More constification.
+ o Added processing of proxy certificates (RFC 3820).
+
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+ o Several compilation issues fixed.
+ o Many memory allocation failure checks added.
+ o Improved comparison of X509 Name type.
+ o Mandatory basic checks on certificates.
+ o Performance improvements.
+
+ Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+ o Fix race condition in CRL checking code.
+ o Fixes to PKCS#7 (S/MIME) code.
+
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+ o Security: Fix null-pointer assignment in do_change_cipher_spec()
+ o Allow multiple active certificates with same subject in CA index
+ o Multiple X509 verification fixes
+ o Speed up HMAC and other operations
+
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+ o Security: fix various ASN1 parsing bugs.
+ o New -ignore_err option to OCSP utility.
+ o Various interop and bug fixes in S/MIME code.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
+ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+ o Security: counter the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack
+ o Security: make RSA blinding default.
+ o Configuration: Irix fixes, AIX fixes, better mingw support.
+ o Support for new platforms: linux-ia64-ecc.
+ o Build: shared library support fixes.
+ o ASN.1: treat domainComponent correctly.
+ o Documentation: fixes and additions.
+
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+ o Security: Important security related bugfixes.
+ o Enhanced compatibility with MIT Kerberos.
+ o Can be built without the ENGINE framework.
+ o IA32 assembler enhancements.
+ o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+ o Configuration: the no-err option now works properly.
+ o SSL/TLS: now handles manual certificate chain building.
+ o SSL/TLS: certain session ID malfunctions corrected.
+
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+ o New library section OCSP.
+ o Complete rewrite of ASN1 code.
+ o CRL checking in verify code and openssl utility.
+ o Extension copying in 'ca' utility.
+ o Flexible display options in 'ca' utility.
+ o Provisional support for international characters with UTF8.
+ o Support for external crypto devices ('engine') is no longer
+ a separate distribution.
+ o New elliptic curve library section.
+ o New AES (Rijndael) library section.
+ o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+ Linux x86_64, Linux 64-bit on Sparc v9
+ o Extended support for some platforms: VxWorks
+ o Enhanced support for shared libraries.
+ o Now only builds PIC code when shared library support is requested.
+ o Support for pkg-config.
+ o Lots of new manuals.
+ o Makes symbolic links to or copies of manuals to cover all described
+ functions.
+ o Change DES API to clean up the namespace (some applications link also
+ against libdes providing similar functions having the same name).
+ Provide macros for backward compatibility (will be removed in the
+ future).
+ o Unify handling of cryptographic algorithms (software and engine)
+ to be available via EVP routines for asymmetric and symmetric ciphers.
+ o NCONF: new configuration handling routines.
+ o Change API to use more 'const' modifiers to improve error checking
+ and help optimizers.
+ o Finally remove references to RSAref.
+ o Reworked parts of the BIGNUM code.
+ o Support for new engines: Broadcom ubsec, Accelerated Encryption
+ Processing, IBM 4758.
+ o A few new engines added in the demos area.
+ o Extended and corrected OID (object identifier) table.
+ o PRNG: query at more locations for a random device, automatic query for
+ EGD style random sources at several locations.
+ o SSL/TLS: allow optional cipher choice according to server's preference.
+ o SSL/TLS: allow server to explicitly set new session ids.
+ o SSL/TLS: support Kerberos cipher suites (RFC2712).
+ Only supports MIT Kerberos for now.
+ o SSL/TLS: allow more precise control of renegotiations and sessions.
+ o SSL/TLS: add callback to retrieve SSL/TLS messages.
+ o SSL/TLS: support AES cipher suites (RFC3268).
+
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+ o Security: fix various ASN1 parsing bugs.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
+ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+ o Security: counter the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack
+ o Security: make RSA blinding default.
+ o Build: shared library support fixes.
+
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+ o Important security related bugfixes.
+
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+ o New configuration targets for Tandem OSS and A/UX.
+ o New OIDs for Microsoft attributes.
+ o Better handling of SSL session caching.
+ o Better comparison of distinguished names.
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+ o Support assembler code with Borland C.
+ o Fixes for length problems.
+ o Fixes for uninitialised variables.
+ o Fixes for memory leaks, some unusual crashes and some race conditions.
+ o Fixes for smaller building problems.
+ o Updates of manuals, FAQ and other instructive documents.
+
+ Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+ o Important building fixes on Unix.
+
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+ o Various important bugfixes.
+
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+ o Important security related bugfixes.
+ o Various SSL/TLS library bugfixes.
+
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+ o Various SSL/TLS library bugfixes.
+ o Fix DH parameter generation for 'non-standard' generators.
+
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+ o Various SSL/TLS library bugfixes.
+ o BIGNUM library fixes.
+ o RSA OAEP and random number generation fixes.
+ o Object identifiers corrected and added.
+ o Add assembler BN routines for IA64.
+ o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+ MIPS Linux; shared library support for Irix, HP-UX.
+ o Add crypto accelerator support for AEP, Baltimore SureWare,
+ Broadcom and Cryptographic Appliance's keyserver
+ [in 0.9.6c-engine release].
+
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+ o Security fix: PRNG improvements.
+ o Security fix: RSA OAEP check.
+ o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+ attack.
+ o MIPS bug fix in BIGNUM.
+ o Bug fix in "openssl enc".
+ o Bug fix in X.509 printing routine.
+ o Bug fix in DSA verification routine and DSA S/MIME verification.
+ o Bug fix to make PRNG thread-safe.
+ o Bug fix in RAND_file_name().
+ o Bug fix in compatibility mode trust settings.
+ o Bug fix in blowfish EVP.
+ o Increase default size for BIO buffering filter.
+ o Compatibility fixes in some scripts.
+
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+ o Security fix: change behavior of OpenSSL to avoid using
+ environment variables when running as root.
+ o Security fix: check the result of RSA-CRT to reduce the
+ possibility of deducing the private key from an incorrectly
+ calculated signature.
+ o Security fix: prevent Bleichenbacher's DSA attack.
+ o Security fix: Zero the premaster secret after deriving the
+ master secret in DH ciphersuites.
+ o Reimplement SSL_peek(), which had various problems.
+ o Compatibility fix: the function des_encrypt() renamed to
+ des_encrypt1() to avoid clashes with some Unixen libc.
+ o Bug fixes for Win32, HP/UX and Irix.
+ o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+ memory checking routines.
+ o Bug fixes for RSA operations in threaded environments.
+ o Bug fixes in misc. openssl applications.
+ o Remove a few potential memory leaks.
+ o Add tighter checks of BIGNUM routines.
+ o Shared library support has been reworked for generality.
+ o More documentation.
+ o New function BN_rand_range().
+ o Add "-rand" option to openssl s_client and s_server.
+
+ Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+ o Some documentation for BIO and SSL libraries.
+ o Enhanced chain verification using key identifiers.
+ o New sign and verify options to 'dgst' application.
+ o Support for DER and PEM encoded messages in 'smime' application.
+ o New 'rsautl' application, low level RSA utility.
+ o MD4 now included.
+ o Bugfix for SSL rollback padding check.
+ o Support for external crypto devices [1].
+ o Enhanced EVP interface.
+
+ [1] The support for external crypto devices is currently a separate
+ distribution. See the file README.ENGINE.
+
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+ o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
+ o Shared library support for HPUX and Solaris-gcc
+ o Support of Linux/IA64
+ o Assembler support for Mingw32
+ o New 'rand' application
+ o New way to check for existence of algorithms from scripts
+
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+ o S/MIME support in new 'smime' command
+ o Documentation for the OpenSSL command line application
+ o Automation of 'req' application
+ o Fixes to make s_client, s_server work under Windows
+ o Support for multiple fieldnames in SPKACs
+ o New SPKAC command line utilty and associated library functions
+ o Options to allow passwords to be obtained from various sources
+ o New public key PEM format and options to handle it
+ o Many other fixes and enhancements to command line utilities
+ o Usable certificate chain verification
+ o Certificate purpose checking
+ o Certificate trust settings
+ o Support of authority information access extension
+ o Extensions in certificate requests
+ o Simplified X509 name and attribute routines
+ o Initial (incomplete) support for international character sets
+ o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+ o Read only memory BIOs and simplified creation function
+ o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+ record; allow fragmentation and interleaving of handshake and other
+ data
+ o TLS/SSL code now "tolerates" MS SGC
+ o Work around for Netscape client certificate hang bug
+ o RSA_NULL option that removes RSA patent code but keeps other
+ RSA functionality
+ o Memory leak detection now allows applications to add extra information
+ via a per-thread stack
+ o PRNG robustness improved
+ o EGD support
+ o BIGNUM library bug fixes
+ o Faster DSA parameter generation
+ o Enhanced support for Alpha Linux
+ o Experimental MacOS support
+
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+ o Transparent support for PKCS#8 format private keys: these are used
+ by several software packages and are more secure than the standard
+ form
+ o PKCS#5 v2.0 implementation
+ o Password callbacks have a new void * argument for application data
+ o Avoid various memory leaks
+ o New pipe-like BIO that allows using the SSL library when actual I/O
+ must be handled by the application (BIO pair)
+
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+ o Lots of enhancements and cleanups to the Configuration mechanism
+ o RSA OEAP related fixes
+ o Added `openssl ca -revoke' option for revoking a certificate
+ o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+ o Source tree cleanups: removed lots of obsolete files
+ o Thawte SXNet, certificate policies and CRL distribution points
+ extension support
+ o Preliminary (experimental) S/MIME support
+ o Support for ASN.1 UTF8String and VisibleString
+ o Full integration of PKCS#12 code
+ o Sparc assembler bignum implementation, optimized hash functions
+ o Option to disable selected ciphers
+
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+ o Fixed a security hole related to session resumption
+ o Fixed RSA encryption routines for the p < q case
+ o "ALL" in cipher lists now means "everything except NULL ciphers"
+ o Support for Triple-DES CBCM cipher
+ o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+ o First support for new TLSv1 ciphers
+ o Added a few new BIOs (syslog BIO, reliable BIO)
+ o Extended support for DSA certificate/keys.
+ o Extended support for Certificate Signing Requests (CSR)
+ o Initial support for X.509v3 extensions
+ o Extended support for compression inside the SSL record layer
+ o Overhauled Win32 builds
+ o Cleanups and fixes to the Big Number (BN) library
+ o Support for ASN.1 GeneralizedTime
+ o Splitted ASN.1 SETs from SEQUENCEs
+ o ASN1 and PEM support for Netscape Certificate Sequences
+ o Overhauled Perl interface
+ o Lots of source tree cleanups.
+ o Lots of memory leak fixes.
+ o Lots of bug fixes.
+
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+ o Integration of the popular NO_RSA/NO_DSA patches
+ o Initial support for compression inside the SSL record layer
+ o Added BIO proxy and filtering functionality
+ o Extended Big Number (BN) library
+ o Added RIPE MD160 message digest
+ o Addeed support for RC2/64bit cipher
+ o Extended ASN.1 parser routines
+ o Adjustations of the source tree for CVS
+ o Support for various new platforms
+
Added: vendor-crypto/openssl/dist/PROBLEMS
===================================================================
--- vendor-crypto/openssl/dist/PROBLEMS (rev 0)
+++ vendor-crypto/openssl/dist/PROBLEMS 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,199 @@
+* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
+
+
+ NOTE: The problem described here only applies when OpenSSL isn't built
+ with shared library support (i.e. without the "shared" configuration
+ option). If you build with shared library support, you will have no
+ problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
+
+
+This is really a misfeature in ld, which seems to look for .dylib libraries
+along the whole library path before it bothers looking for .a libraries. This
+means that -L switches won't matter unless OpenSSL is built with shared
+library support.
+
+The workaround may be to change the following lines in apps/Makefile and
+test/Makefile:
+
+ LIBCRYPTO=-L.. -lcrypto
+ LIBSSL=-L.. -lssl
+
+to:
+
+ LIBCRYPTO=../libcrypto.a
+ LIBSSL=../libssl.a
+
+It's possible that something similar is needed for shared library support
+as well. That hasn't been well tested yet.
+
+
+Another solution that many seem to recommend is to move the libraries
+/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
+directory, build and install OpenSSL and anything that depends on your
+build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
+original places. Note that the version numbers on those two libraries
+may differ on your machine.
+
+
+As long as Apple doesn't fix the problem with ld, this problem building
+OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
+passing -Wl,-search_paths_first, but it's unknown if the flag was
+supported from the initial MacOS X release.
+
+
+* Parallell make leads to errors
+
+While running tests, running a parallell make is a bad idea. Many test
+scripts use the same name for output and input files, which means different
+will interfere with each other and lead to test failure.
+
+The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc triggered
+
+- According to a problem report, there are bugs in gcc 3.0 that are
+ triggered by some of the code in OpenSSL, more specifically in
+ PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+
+ header+=11;
+ if (*header != '4') return(0); header++;
+ if (*header != ',') return(0); header++;
+
+ What happens is that gcc might optimize a little too agressively, and
+ you end up with an extra incrementation when *header != '4'.
+
+ We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+ implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+ and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+ latter - SHA one.
+
+ The recomendation is to upgrade your compiler. This naturally applies to
+ other similar cases.
+
+- There is a subtle Solaris x86-specific gcc run-time environment bug, which
+ "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
+ manifests itself as Segmentation Fault upon early application start-up.
+ The problem can be worked around by patching the environment according to
+ http://www.openssl.org/~appro/values.c.
+
+* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
+
+As subject suggests SHA-1 might perform poorly (4 times slower)
+if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
+this seems to be the fact that compiler emits multiplication to
+perform shift operations:-( To work the problem around configure
+with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
+
+* Problems with hp-parisc2-cc target when used with "no-asm" flag
+
+When using the hp-parisc2-cc target, wrong bignum code is generated.
+This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
+aggressive optimization.
+The problem manifests itself by the BN_kronecker test hanging in an
+endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
+which itself hangs. The reason could be tracked down to the bn_mul_comba8()
+function in bn_asm.c. At some occasions the higher 32bit value of r[7]
+is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
+as no debugger support possible at +O3 and additional fprintf()'s
+introduced fixed the bug, therefore it is most likely a bug in the
+optimizer.
+The bug was found in the BN_kronecker test but may also lead to
+failures in other parts of the code.
+(See Ticket #426.)
+
+Workaround: modify the target to +O2 when building with no-asm.
+
+* Problems building shared libraries on SCO OpenServer Release 5.0.6
+ with gcc 2.95.3
+
+The symptoms appear when running the test suite, more specifically
+test/ectest, with the following result:
+
+OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
+ectest.c:186: ABORT
+
+The cause of the problem seems to be that isxdigit(), called from
+BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
+investigation shows that any of the isxxx() macros return 0 on any
+input. A direct look in the information array that the isxxx() use,
+called __ctype, shows that it contains all zeroes...
+
+Taking a look at the newly created libcrypto.so with nm, one can see
+that the variable __ctype is defined in libcrypto's .bss (which
+explains why it is filled with zeroes):
+
+$ nm -Pg libcrypto.so | grep __ctype
+__ctype B 0011659c
+__ctype2 U
+
+Curiously, __ctype2 is undefined, in spite of being declared in
+/usr/include/ctype.h in exactly the same way as __ctype.
+
+Any information helping to solve this issue would be deeply
+appreciated.
+
+NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+ and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+ ment variables *prior* you execute ./Configure and make:
+
+ PROG_ENV=POSIX
+ MAKESHELL=/bin/ksh
+ export PROG_ENV MAKESHELL
+
+ or if your shell is csh-compatible:
+
+ setenv PROG_ENV POSIX
+ setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+ following 'test' script for example in /tmp:
+
+ #!/bin/ksh
+ ${0##*/} "$@"
+
+ Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+ your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+ natively just replace system /bin/test and /bin/[ with the
+ above script.
+
+* hpux64-ia64-cc fails blowfish test.
+
+Compiler bug, presumably at particular patch level. It should be noted
+that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
+target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
+
+* no-engines generates errors.
+
+Unfortunately, the 'no-engines' configuration option currently doesn't
+work properly. Use 'no-hw' and you'll will at least get no hardware
+support. We'll see how we fix that on OpenSSL versions past 0.9.8.
+
+* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
+ if elder GNU binutils were deployed to link shared libcrypto.so.
+
+As subject suggests the failure is caused by a bug in elder binutils,
+either as or ld, and was observed on FreeBSD and Linux. There are two
+options. First is naturally to upgrade binutils, the second one - to
+reconfigure with additional no-sse2 [or 386] option passed to ./config.
+
+* If configured with ./config no-dso, toolkit still gets linked with -ldl,
+ which most notably poses a problem when linking with dietlibc.
+
+We don't have framework to associate -ldl with no-dso, therefore the only
+way is to edit Makefile right after ./config no-dso and remove -ldl from
+EX_LIBS line.
Added: vendor-crypto/openssl/dist/README
===================================================================
--- vendor-crypto/openssl/dist/README (rev 0)
+++ vendor-crypto/openssl/dist/README 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,218 @@
+
+ OpenSSL 0.9.8zb 6 Aug 2014
+
+ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+ Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+ both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+ General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+ actually logically part of it. It includes routines for the following:
+
+ Ciphers
+ libdes - EAY's libdes DES encryption package which was floating
+ around the net for a few years, and was then relicensed by
+ him as part of SSLeay. It includes 15 'modes/variations'
+ of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+ pcbc and a more general form of cfb and ofb) including desx
+ in cbc mode, a fast crypt(3), and routines to read
+ passwords from the keyboard.
+ RC4 encryption,
+ RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
+
+ Digests
+ MD5 and MD2 message digest algorithms, fast implementations,
+ SHA (SHA-0) and SHA-1 message digest algorithms,
+ MDC2 message digest. A DES based hash that is popular on smart cards.
+
+ Public Key
+ RSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ DSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ Diffie-Hellman key-exchange/key generation.
+ There is no limit on the number of bits.
+
+ X.509v3 certificates
+ X509 encoding/decoding into/from binary ASN1 and a PEM
+ based ASCII-binary encoding which supports encryption with a
+ private key. Program to generate RSA and DSA certificate
+ requests and to generate RSA and DSA certificates.
+
+ Systems
+ The normal digital envelope routines and base64 encoding. Higher
+ level access to ciphers and digests by name. New ciphers can be
+ loaded at run time. The BIO io system which is a simple non-blocking
+ IO abstraction. Current methods supported are file descriptors,
+ sockets, socket accept, socket connect, memory buffer, buffering, SSL
+ client/server, file pointer, encryption, digest, non-blocking testing
+ and null.
+
+ Data structures
+ A dynamically growing hashing system
+ A simple stack.
+ A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl:
+ A command line tool that can be used for:
+ Creation of RSA, DH and DSA key parameters
+ Creation of X.509 certificates, CSRs and CRLs
+ Calculation of Message Digests
+ Encryption and Decryption with Ciphers
+ SSL/TLS Client and Server Tests
+ Handling of S/MIME signed or encrypted mail
+
+
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.
+
+ RSA Security holds software patents on the RC5 algorithm. If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
+
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
+ should be contacted if that algorithm is to be used; their web page is
+ http://www.ascom.ch/.
+
+ NTT and Mitsubishi have patents and pending patents on the Camellia
+ algorithm, but allow use at no charge without requiring an explicit
+ licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file. For
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
+
+ Read the documentation in the doc/ directory. It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author. We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details of how to obtain
+ commercial technical support.
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ to see if the problem has already been addressed
+ - Remove ASM versions of libraries
+ - Remove compiler optimisation flags
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+ - On Unix systems:
+ Self-test report generated by 'make report'
+ - On other systems:
+ OpenSSL version: output of 'openssl version -a'
+ OS Name, Version, Hardware platform
+ Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/support/rt.html) by mail to:
+
+ openssl-bugs at openssl.org
+
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.
+
+ Note that mail to openssl-bugs at openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security at openssl.org
+ (PGP key available from the key servers).
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-bugs at openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+
+ Patches should be as up to date as possible, preferably relative to the
+ current Git or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov
+ (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ please take some time to look at
+ http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and
+ http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
+ for the details. If "your encryption source code is too large to serve as
+ an email attachment", they are glad to receive it by fax instead; hope you
+ have a cheap long-distance plan.
+
+ Our preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch
+
Added: vendor-crypto/openssl/dist/README.ASN1
===================================================================
--- vendor-crypto/openssl/dist/README.ASN1 (rev 0)
+++ vendor-crypto/openssl/dist/README.ASN1 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,187 @@
+
+OpenSSL ASN1 Revision
+=====================
+
+This document describes some of the issues relating to the new ASN1 code.
+
+Previous OpenSSL ASN1 problems
+=============================
+
+OK why did the OpenSSL ASN1 code need revising in the first place? Well
+there are lots of reasons some of which are included below...
+
+1. The code is difficult to read and write. For every single ASN1 structure
+(e.g. SEQUENCE) four functions need to be written for new, free, encode and
+decode operations. This is a very painful and error prone operation. Very few
+people have ever written any OpenSSL ASN1 and those that have usually wish
+they hadn't.
+
+2. Partly because of 1. the code is bloated and takes up a disproportionate
+amount of space. The SEQUENCE encoder is particularly bad: it essentially
+contains two copies of the same operation, one to compute the SEQUENCE length
+and the other to encode it.
+
+3. The code is memory based: that is it expects to be able to read the whole
+structure from memory. This is fine for small structures but if you have a
+(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
+
+4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
+changing the tag to the expected one, attempting to read it, then changing it
+back again. This means that decode buffers have to be writable even though they
+are ultimately unchanged. This gets in the way of constification.
+
+5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
+the decoder and encoder for every EXPLICIT tag.
+
+6. APPLICATION and PRIVATE tags aren't even supported at all.
+
+7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
+types that are not OPTIONAL.
+
+8. Much of the code assumes that a tag will fit in a single octet. This is
+only true if the tag is 30 or less (mercifully tags over 30 are rare).
+
+9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
+macros that properly support it.
+
+10. Encoders have no concept of OPTIONAL and have no error checking. If the
+passed structure contains a NULL in a mandatory field it will not be encoded,
+resulting in an invalid structure.
+
+11. It is tricky to add ASN1 encoders and decoders to external applications.
+
+Template model
+==============
+
+One of the major problems with revision is the sheer volume of the ASN1 code.
+Attempts to change (for example) the IMPLICIT behaviour would result in a
+modification of *every* single decode function.
+
+I decided to adopt a template based approach. I'm using the term 'template'
+in a manner similar to SNACC templates: it has nothing to do with C++
+templates.
+
+A template is a description of an ASN1 module as several constant C structures.
+It describes in a machine readable way exactly how the ASN1 structure should
+behave. If this template contains enough detail then it is possible to write
+versions of new, free, encode, decode (and possibly others operations) that
+operate on templates.
+
+Instead of having to write code to handle each operation only a single
+template needs to be written. If new operations are needed (such as a 'print'
+operation) only a single new template based function needs to be written
+which will then automatically handle all existing templates.
+
+Plans for revision
+==================
+
+The revision will consist of the following steps. Other than the first two
+these can be handled in any order.
+
+o Design and write template new, free, encode and decode operations, initially
+memory based. *DONE*
+
+o Convert existing ASN1 code to template form. *IN PROGRESS*
+
+o Convert an existing ASN1 compiler (probably SNACC) to output templates
+in OpenSSL form.
+
+o Add support for BIO based ASN1 encoders and decoders to handle large
+structures, initially blocking I/O.
+
+o Add support for non blocking I/O: this is quite a bit harder than blocking
+I/O.
+
+o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
+certificates etc etc.
+
+Description of major changes
+============================
+
+The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
+absent. The meaning of absent depends on the context. If for example the
+boolean type is DEFAULT FALSE (as in the case of the critical flag for
+certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
+Usually the value will only ever be read via an API which will hide this from
+an application.
+
+There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
+SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
+old code would omit the structure if the STACK was NULL (which is fine) or if
+it had zero elements (which is NOT OK). This causes problems because an empty
+SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
+it is encoded it will be omitted resulting in different encodings. The new code
+only omits the encoding if the STACK is NULL, if it contains zero elements it
+is encoded and empty. There is an additional problem though: because an empty
+STACK was omitted, sometimes the corresponding *_new() function would
+initialize the STACK to empty so an application could immediately use it, if
+this is done with the new code (i.e. a NULL) it wont work. Therefore a new
+STACK should be allocated first. One instance of this is the X509_CRL list of
+revoked certificates: a helper function X509_CRL_add0_revoked() has been added
+for this purpose.
+
+The X509_ATTRIBUTE structure used to have an element called 'set' which took
+the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
+to the behaviour of CHOICE in the new code this has been changed to a field
+called 'single' which is 0 for a SET OF and 1 for single. The old field has
+been deleted to deliberately break source compatibility. Since this structure
+is normally accessed via higher level functions this shouldn't break too much.
+
+The X509_REQ_INFO certificate request info structure no longer has a field
+called 'req_kludge'. This used to be set to 1 if the attributes field was
+(incorrectly) omitted. You can check to see if the field is omitted now by
+checking if the attributes field is NULL. Similarly if you need to omit
+the field then free attributes and set it to NULL.
+
+The top level 'detached' field in the PKCS7 structure is no longer set when
+a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
+The behaviour of PKCS7_get_detached() is unaffected.
+
+The values of 'type' in the GENERAL_NAME structure have changed. This is
+because the old code use the ASN1 initial octet as the selector. The new
+code uses the index in the ASN1_CHOICE template.
+
+The DIST_POINT_NAME structure has changed to be a true CHOICE type.
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+ STACK_OF(GENERAL_NAME) *fullname;
+ STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+This means that name.fullname or name.relativename should be set
+and type reflects the option. That is if name.fullname is set then
+type is 0 and if name.relativename is set type is 1.
+
+With the old code using the i2d functions would typically involve:
+
+unsigned char *buf, *p;
+int len;
+/* Find length of encoding */
+len = i2d_SOMETHING(x, NULL);
+/* Allocate buffer */
+buf = OPENSSL_malloc(len);
+if(buf == NULL) {
+ /* Malloc error */
+}
+/* Use temp variable because &p gets updated to point to end of
+ * encoding.
+ */
+p = buf;
+i2d_SOMETHING(x, &p);
+
+
+Using the new i2d you can also do:
+
+unsigned char *buf = NULL;
+int len;
+len = i2d_SOMETHING(x, &buf);
+if(len < 0) {
+ /* Malloc error */
+}
+
+and it will automatically allocate and populate a buffer with the
+encoding. After this call 'buf' will point to the start of the
+encoding which is len bytes long.
Added: vendor-crypto/openssl/dist/README.ENGINE
===================================================================
--- vendor-crypto/openssl/dist/README.ENGINE (rev 0)
+++ vendor-crypto/openssl/dist/README.ENGINE 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,289 @@
+ ENGINE
+ ======
+
+ With OpenSSL 0.9.6, a new component was added to support alternative
+ cryptography implementations, most commonly for interfacing with external
+ crypto devices (eg. accelerator cards). This component is called ENGINE,
+ and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+ caused a little confusion as 0.9.6** releases were rolled in two
+ versions, a "standard" and an "engine" version. In development for 0.9.7,
+ the ENGINE code has been merged into the main branch and will be present
+ in the standard releases from 0.9.7 forwards.
+
+ There are currently built-in ENGINE implementations for the following
+ crypto devices:
+
+ o CryptoSwift
+ o Compaq Atalla
+ o nCipher CHIL
+ o Nuron
+ o Broadcom uBSec
+
+ In addition, dynamic binding to external ENGINE implementations is now
+ provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+ section below for details.
+
+ At this stage, a number of things are still needed and are being worked on:
+
+ 1 Integration of EVP support.
+ 2 Configuration support.
+ 3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+ the ENGINE model so that alternative implementations of existing
+ algorithms/modes (or previously unimplemented ones) can be provided by
+ ENGINE implementations.
+
+2 Configuration support currently exists in the ENGINE API itself, in the
+ form of "control commands". These allow an application to expose to the
+ user/admin the set of commands and parameter types a given ENGINE
+ implementation supports, and for an application to directly feed string
+ based input to those ENGINEs, in the form of name-value pairs. This is an
+ extensible way for ENGINEs to define their own "configuration" mechanisms
+ that are specific to a given ENGINE (eg. for a particular hardware
+ device) but that should be consistent across *all* OpenSSL-based
+ applications when they use that ENGINE. Work is in progress (or at least
+ in planning) for supporting these control commands from the CONF (or
+ NCONF) code so that applications using OpenSSL's existing configuration
+ file format can have ENGINE settings specified in much the same way.
+ Presently however, applications must use the ENGINE API itself to provide
+ such functionality. To see first hand the types of commands available
+ with the various compiled-in ENGINEs (see further down for dynamic
+ ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+ openssl engine -vvvv
+
+3 Documentation? Volunteers welcome! The source code is reasonably well
+ self-documenting, but some summaries and usage instructions are needed -
+ moreover, they are needed in the same POD format the existing OpenSSL
+ documentation is provided in. Any complete or incomplete contributions
+ would help make this happen.
+
+ STABILITY & BUG-REPORTS
+ =======================
+
+ What already exists is fairly stable as far as it has been tested, but
+ the test base has been a bit small most of the time. For the most part,
+ the vendors of the devices these ENGINEs support have contributed to the
+ development and/or testing of the implementations, and *usually* (with no
+ guarantees) have experience in using the ENGINE support to drive their
+ devices from common OpenSSL-based applications. Bugs and/or inexplicable
+ behaviour in using a specific ENGINE implementation should be sent to the
+ author of that implementation (if it is mentioned in the corresponding C
+ file), and in the case of implementations for commercial hardware
+ devices, also through whatever vendor support channels are available. If
+ none of this is possible, or the problem seems to be something about the
+ ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+ implementation) then you should mail complete details to the relevant
+ OpenSSL mailing list. For a definition of "complete details", refer to
+ the OpenSSL "README" file. As for which list to send it to;
+
+ openssl-users: if you are *using* the ENGINE abstraction, either in an
+ pre-compiled application or in your own application code.
+
+ openssl-dev: if you are discussing problems with OpenSSL source code.
+
+ USAGE
+ =====
+
+ The default "openssl" ENGINE is always chosen when performing crypto
+ operations unless you specify otherwise. You must actively tell the
+ openssl utility commands to use anything else through a new command line
+ switch called "-engine". Also, if you want to use the ENGINE support in
+ your own code to do something similar, you must likewise explicitly
+ select the ENGINE implementation you want.
+
+ Depending on the type of hardware, system, and configuration, "settings"
+ may need to be applied to an ENGINE for it to function as expected/hoped.
+ The recommended way of doing this is for the application to support
+ ENGINE "control commands" so that each ENGINE implementation can provide
+ whatever configuration primitives it might require and the application
+ can allow the user/admin (and thus the hardware vendor's support desk
+ also) to provide any such input directly to the ENGINE implementation.
+ This way, applications do not need to know anything specific to any
+ device, they only need to provide the means to carry such user/admin
+ input through to the ENGINE in question. Ie. this connects *you* (and
+ your helpdesk) to the specific ENGINE implementation (and device), and
+ allows application authors to not get buried in hassle supporting
+ arbitrary devices they know (and care) nothing about.
+
+ A new "openssl" utility, "openssl engine", has been added in that allows
+ for testing and examination of ENGINE implementations. Basic usage
+ instructions are available by specifying the "-?" command line switch.
+
+ DYNAMIC ENGINES
+ ===============
+
+ The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+ implementations that aren't pre-compiled and linked into OpenSSL-based
+ applications. This could be because existing compiled-in implementations
+ have known problems and you wish to use a newer version with an existing
+ application. It could equally be because the application (or OpenSSL
+ library) you are using simply doesn't have support for the ENGINE you
+ wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+ you with a self-contained implementation in the form of a shared-library.
+ The other use-case for "dynamic" is with applications that wish to
+ maintain the smallest foot-print possible and so do not link in various
+ ENGINE implementations from OpenSSL, but instead leaves you to provide
+ them, if you want them, in the form of "dynamic"-loadable
+ shared-libraries. It should be possible for hardware vendors to provide
+ their own shared-libraries to support arbitrary hardware to work with
+ applications based on OpenSSL 0.9.7 or later. If you're using an
+ application based on 0.9.7 (or later) and the support you desire is only
+ announced for versions later than the one you need, ask the vendor to
+ backport their ENGINE to the version you need.
+
+ How does "dynamic" work?
+ ------------------------
+ The dynamic ENGINE has a special flag in its implementation such that
+ every time application code asks for the 'dynamic' ENGINE, it in fact
+ gets its own copy of it. As such, multi-threaded code (or code that
+ multiplexes multiple uses of 'dynamic' in a single application in any
+ way at all) does not get confused by 'dynamic' being used to do many
+ independent things. Other ENGINEs typically don't do this so there is
+ only ever 1 ENGINE structure of its type (and reference counts are used
+ to keep order). The dynamic ENGINE itself provides absolutely no
+ cryptographic functionality, and any attempt to "initialise" the ENGINE
+ automatically fails. All it does provide are a few "control commands"
+ that can be used to control how it will load an external ENGINE
+ implementation from a shared-library. To see these control commands,
+ use the command-line;
+
+ openssl engine -vvvv dynamic
+
+ The "SO_PATH" control command should be used to identify the
+ shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+ might possibly be useful if there is a minor version conflict and you
+ (or a vendor helpdesk) is convinced you can safely ignore it.
+ "ID" is probably only needed if a shared-library implements
+ multiple ENGINEs, but if you know the engine id you expect to be using,
+ it doesn't hurt to specify it (and this provides a sanity check if
+ nothing else). "LIST_ADD" is only required if you actually wish the
+ loaded ENGINE to be discoverable by application code later on using the
+ ENGINE's "id". For most applications, this isn't necessary - but some
+ application authors may have nifty reasons for using it. The "LOAD"
+ command is the only one that takes no parameters and is the command
+ that uses the settings from any previous commands to actually *load*
+ the shared-library ENGINE implementation. If this command succeeds, the
+ (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+ that has been loaded from the shared-library. As such, any control
+ commands supported by the loaded ENGINE could then be executed as per
+ normal. Eg. if ENGINE "foo" is implemented in the shared-library
+ "libfoo.so" and it supports some special control command "CMD_FOO", the
+ following code would load and use it (NB: obviously this code has no
+ error checking);
+
+ ENGINE *e = ENGINE_by_id("dynamic");
+ ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+ ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+ ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+ ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+ For testing, the "openssl engine" utility can be useful for this sort
+ of thing. For example the above code excerpt would achieve much the
+ same result as;
+
+ openssl engine dynamic \
+ -pre SO_PATH:/lib/libfoo.so \
+ -pre ID:foo \
+ -pre LOAD \
+ -pre "CMD_FOO:some input data"
+
+ Or to simply see the list of commands supported by the "foo" ENGINE;
+
+ openssl engine -vvvv dynamic \
+ -pre SO_PATH:/lib/libfoo.so \
+ -pre ID:foo \
+ -pre LOAD
+
+ Applications that support the ENGINE API and more specifically, the
+ "control commands" mechanism, will provide some way for you to pass
+ such commands through to ENGINEs. As such, you would select "dynamic"
+ as the ENGINE to use, and the parameters/commands you pass would
+ control the *actual* ENGINE used. Each command is actually a name-value
+ pair and the value can sometimes be omitted (eg. the "LOAD" command).
+ Whilst the syntax demonstrated in "openssl engine" uses a colon to
+ separate the command name from the value, applications may provide
+ their own syntax for making that separation (eg. a win32 registry
+ key-value pair may be used by some applications). The reason for the
+ "-pre" syntax in the "openssl engine" utility is that some commands
+ might be issued to an ENGINE *after* it has been initialised for use.
+ Eg. if an ENGINE implementation requires a smart-card to be inserted
+ during initialisation (or a PIN to be typed, or whatever), there may be
+ a control command you can issue afterwards to "forget" the smart-card
+ so that additional initialisation is no longer possible. In
+ applications such as web-servers, where potentially volatile code may
+ run on the same host system, this may provide some arguable security
+ value. In such a case, the command would be passed to the ENGINE after
+ it has been initialised for use, and so the "-post" switch would be
+ used instead. Applications may provide a different syntax for
+ supporting this distinction, and some may simply not provide it at all
+ ("-pre" is almost always what you're after, in reality).
+
+ How do I build a "dynamic" ENGINE?
+ ----------------------------------
+ This question is trickier - currently OpenSSL bundles various ENGINE
+ implementations that are statically built in, and any application that
+ calls the "ENGINE_load_builtin_engines()" function will automatically
+ have all such ENGINEs available (and occupying memory). Applications
+ that don't call that function have no ENGINEs available like that and
+ would have to use "dynamic" to load any such ENGINE - but on the other
+ hand such applications would only have the memory footprint of any
+ ENGINEs explicitly loaded using user/admin provided control commands.
+ The main advantage of not statically linking ENGINEs and only using
+ "dynamic" for hardware support is that any installation using no
+ "external" ENGINE suffers no unnecessary memory footprint from unused
+ ENGINEs. Likewise, installations that do require an ENGINE incur the
+ overheads from only *that* ENGINE once it has been loaded.
+
+ Sounds good? Maybe, but currently building an ENGINE implementation as
+ a shared-library that can be loaded by "dynamic" isn't automated in
+ OpenSSL's build process. It can be done manually quite easily however.
+ Such a shared-library can either be built with any OpenSSL code it
+ needs statically linked in, or it can link dynamically against OpenSSL
+ if OpenSSL itself is built as a shared library. The instructions are
+ the same in each case, but in the former (statically linked any
+ dependencies on OpenSSL) you must ensure OpenSSL is built with
+ position-independent code ("PIC"). The default OpenSSL compilation may
+ already specify the relevant flags to do this, but you should consult
+ with your compiler documentation if you are in any doubt.
+
+ This example will show building the "atalla" ENGINE in the
+ crypto/engine/ directory as a shared-library for use via the "dynamic"
+ ENGINE.
+ 1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+ source tree.
+ 2) Recompile at least one source file so you can see all the compiler
+ flags (and syntax) being used to build normally. Eg;
+ touch hw_atalla.c ; make
+ will rebuild "hw_atalla.o" using all such flags.
+ 3) Manually enter the same compilation line to compile the
+ "hw_atalla.c" file but with the following two changes;
+ (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+ (b) change the output file from "hw_atalla.o" to something new,
+ eg. "tmp_atalla.o"
+ 4) Link "tmp_atalla.o" into a shared-library using the top-level
+ OpenSSL libraries to resolve any dependencies. The syntax for doing
+ this depends heavily on your system/compiler and is a nightmare
+ known well to anyone who has worked with shared-library portability
+ before. 'gcc' on Linux, for example, would use the following syntax;
+ gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+ 5) Test your shared library using "openssl engine" as explained in the
+ previous section. Eg. from the top-level directory, you might try;
+ apps/openssl engine -vvvv dynamic \
+ -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+ If the shared-library loads successfully, you will see both "-pre"
+ commands marked as "SUCCESS" and the list of control commands
+ displayed (because of "-vvvv") will be the control commands for the
+ *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+ the "-t" switch to the utility if you want it to try and initialise
+ the atalla ENGINE for use to test any possible hardware/driver
+ issues.
+
+ PROBLEMS
+ ========
+
+ It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+ A quick test done right before the release showed that trying "openssl speed
+ -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+ to write at memory address 0x00000002.
+
Added: vendor-crypto/openssl/dist/VMS/TODO
===================================================================
--- vendor-crypto/openssl/dist/VMS/TODO (rev 0)
+++ vendor-crypto/openssl/dist/VMS/TODO 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,18 @@
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users at openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard at levitte.org>
+1999-05-24
Added: vendor-crypto/openssl/dist/VMS/VMSify-conf.pl
===================================================================
--- vendor-crypto/openssl/dist/VMS/VMSify-conf.pl (rev 0)
+++ vendor-crypto/openssl/dist/VMS/VMSify-conf.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,34 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
+my @file_vars = ( "database", "certificate", "serial", "crlnumber",
+ "crl", "private_key", "RANDFILE" );
+while(<STDIN>) {
+ chomp;
+ foreach my $d (@directory_vars) {
+ if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
+ $_ = "$1sys\\\$disk:\[.$2$3";
+ } elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
+ $_ = "$1sys\\\$disk:\[.$2$3";
+ }
+ s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
+ while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
+ $_ = "$1.$3]$4";
+ }
+ }
+ foreach my $f (@file_vars) {
+ s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
+ while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
+ $_ = "$1.$3$4";
+ }
+ if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
+ $_ = "$1]$3.$4";
+ } elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
+ $_ = "$1]$3$4";
+ }
+ }
+ print $_,"\n";
+}
Added: vendor-crypto/openssl/dist/VMS/WISHLIST.TXT
===================================================================
--- vendor-crypto/openssl/dist/VMS/WISHLIST.TXT (rev 0)
+++ vendor-crypto/openssl/dist/VMS/WISHLIST.TXT 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,4 @@
+* Have the building procedure contain a LINK-only possibility.
+ Wished by Mark Daniel <mark.daniel at dsto.defence.gov.au>
+
+ One way to enable that is also to go over to DESCRIP.MMS files.
Added: vendor-crypto/openssl/dist/VMS/install.com
===================================================================
--- vendor-crypto/openssl/dist/VMS/install.com (rev 0)
+++ vendor-crypto/openssl/dist/VMS/install.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,79 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard at levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1 root of the directory tree
+$!
+$ IF P1 .EQS. ""
+$ THEN
+$ WRITE SYS$OUTPUT "First argument missing."
+$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$ EXIT
+$ ENDIF
+$
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$ ARCH := VAX
+$ ELSE
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$ ENDIF
+$
+$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+ - "[000000." - "][" - "[" - "]"
+$ ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLINCLUDE:
+$ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$ IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
+ DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
+$
+$ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
+$ WRITE SF "$! Startup file for Openssl"
+$ WRITE SF "$!"
+$ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$ WRITE SF "$!"
+$ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names"
+$ WRITE SF "$! defined in the system logical name table."
+$ WRITE SF "$!"
+$ WRITE SF "$ IF (F$GETSYI(""CPU"").LT.128)"
+$ WRITE SF "$ THEN"
+$ WRITE SF "$ ARCH := VAX"
+$ WRITE SF "$ ELSE"
+$ WRITE SF "$ ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
+$ WRITE SF "$ IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
+$ WRITE SF "$ ENDIF"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLEXE SSLROOT:['ARCH'_EXE]"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLCERTS SSLROOT:[CERTS]"
+$ WRITE SF "$ DEFINE/NOLOG'P1 SSLPRIVATE SSLROOT:[PRIVATE]"
+$ WRITE SF "$"
+$ WRITE SF "$! This is program can include <openssl/{foo}.h>"
+$ WRITE SF "$ DEFINE/NOLOG'P1 OPENSSL SSLINCLUDE:"
+$ WRITE SF "$"
+$ WRITE SF "$ IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
+$ WRITE SF " @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$ WRITE SF "$"
+$ WRITE SF "$ EXIT"
+$ CLOSE SF
+$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$
+$ COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
+$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
+$
+$ EXIT
Added: vendor-crypto/openssl/dist/VMS/mkshared.com
===================================================================
--- vendor-crypto/openssl/dist/VMS/mkshared.com (rev 0)
+++ vendor-crypto/openssl/dist/VMS/mkshared.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,371 @@
+$! MKSHARED.COM -- script to created shareable images on VMS
+$!
+$! No command line parameters. This should be run at the start of the source
+$! tree (the same directory where one finds INSTALL.VMS).
+$!
+$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB
+$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB
+$! Output: [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
+$! [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$!
+$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
+$! ===========================================================================
+$
+$! ----- Prepare info for processing: version number and file info
+$ gosub read_version_info
+$ if libver .eqs. ""
+$ then
+$ write sys$error "ERROR: Couldn't find any library version info..."
+$ exit
+$ endif
+$
+$ if (f$getsyi("cpu").lt.128)
+$ then
+$ arch := VAX
+$ else
+$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
+$ if arch .nes. "VAX"
+$ then
+$ arch_vax = 0
+$ libid = "Crypto"
+$ libnum = "[.UTIL]LIBEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.CRYPTO]"
+$ libolb = "''libdir'LIBCRYPTO.OLB"
+$ libopt = "''libdir'LIBCRYPTO.OPT"
+$ libmap = "''libdir'LIBCRYPTO.MAP"
+$ libgoal= "''libdir'LIBCRYPTO.EXE"
+$ libref = ""
+$ gosub create_nonvax_shr
+$ libid = "SSL"
+$ libnum = "[.UTIL]SSLEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.SSL]"
+$ libolb = "''libdir'LIBSSL.OLB"
+$ libopt = "''libdir'LIBSSL.OPT"
+$ libmap = "''libdir'LIBSSL.MAP"
+$ libgoal= "''libdir'LIBSSL.EXE"
+$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
+$ gosub create_nonvax_shr
+$ else
+$ arch_vax = 1
+$ libtit = "CRYPTO_TRANSFER_VECTOR"
+$ libid = "Crypto"
+$ libnum = "[.UTIL]LIBEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.CRYPTO]"
+$ libmar = "''libdir'LIBCRYPTO.MAR"
+$ libolb = "''libdir'LIBCRYPTO.OLB"
+$ libopt = "''libdir'LIBCRYPTO.OPT"
+$ libobj = "''libdir'LIBCRYPTO.OBJ"
+$ libmap = "''libdir'LIBCRYPTO.MAP"
+$ libgoal= "''libdir'LIBCRYPTO.EXE"
+$ libref = ""
+$ libvec = "LIBCRYPTO"
+$ gosub create_vax_shr
+$ libtit = "SSL_TRANSFER_VECTOR"
+$ libid = "SSL"
+$ libnum = "[.UTIL]SSLEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.SSL]"
+$ libmar = "''libdir'LIBSSL.MAR"
+$ libolb = "''libdir'LIBSSL.OLB"
+$ libopt = "''libdir'LIBSSL.OPT"
+$ libobj = "''libdir'LIBSSL.OBJ"
+$ libmap = "''libdir'LIBSSL.MAP"
+$ libgoal= "''libdir'LIBSSL.EXE"
+$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
+$ libvec = "LIBSSL"
+$ gosub create_vax_shr
+$ endif
+$ exit
+$
+$! ----- Soubroutines to build the shareable libraries
+$! For each supported architecture, there's a main shareable library
+$! creator, which is called from the main code above.
+$! The creator will define a number of variables to tell the next levels of
+$! subroutines what routines to use to write to the option files, call the
+$! main processor, read_func_num, and when that is done, it will write version
+$! data at the end of the .opt file, close it, and link the library.
+$!
+$! read_func_num reads through a .num file and calls the writer routine for
+$! each line. It's also responsible for checking that order is properly kept
+$! in the .num file, check that each line applies to VMS and the architecture,
+$! and to fill in "holes" with dummy entries.
+$!
+$! The creator routines depend on the following variables:
+$! libnum The name of the .num file to use as input
+$! libolb The name of the object library to build from
+$! libid The identification string of the shareable library
+$! libopt The name of the .opt file to write
+$! libtit The title of the assembler transfer vector file (VAX only)
+$! libmar The name of the assembler transfer vector file (VAX only)
+$! libmap The name of the map file to write
+$! libgoal The name of the shareable library to write
+$! libref The name of a shareable library to link in
+$!
+$! read_func_num depends on the following variables from the creator:
+$! libwriter The name of the writer routine to call for each .num file line
+$! -----
+$
+$! ----- Subroutines for non-VAX
+$! -----
+$! The creator routine
+$ create_nonvax_shr:
+$ open/write opt 'libopt'
+$ write opt "identification=""",libid," ",libverstr,""""
+$ write opt libolb,"/lib"
+$ if libref .nes. "" then write opt libref,"/SHARE"
+$ write opt "SYMBOL_VECTOR=(-"
+$ libfirstentry := true
+$ libwrch := opt
+$ libwriter := write_nonvax_transfer_entry
+$ textcount = 0
+$ gosub read_func_num
+$ write opt ")"
+$ write opt "GSMATCH=",libvmatch,",",libver
+$ close opt
+$ link/map='libmap'/full/share='libgoal' 'libopt'/option
+$ return
+$
+$! The record writer routine
+$ write_nonvax_transfer_entry:
+$ if libentry .eqs. ".dummy" then return
+$ if info_kind .eqs. "VARIABLE"
+$ then
+$ pr:=DATA
+$ else
+$ pr:=PROCEDURE
+$ endif
+$ textcount_this = f$length(pr) + f$length(libentry) + 5
+$ if textcount + textcount_this .gt. 1024
+$ then
+$ write opt ")"
+$ write opt "SYMBOL_VECTOR=(-"
+$ textcount = 16
+$ libfirstentry := true
+$ endif
+$ if libfirstentry
+$ then
+$ write 'libwrch' " ",libentry,"=",pr," -"
+$ else
+$ write 'libwrch' " ,",libentry,"=",pr," -"
+$ endif
+$ libfirstentry := false
+$ textcount = textcount + textcount_this
+$ return
+$
+$! ----- Subroutines for VAX
+$! -----
+$! The creator routine
+$ create_vax_shr:
+$ open/write mar 'libmar'
+$ type sys$input:/out=mar:
+;
+; Transfer vector for VAX shareable image
+;
+$ write mar " .TITLE ",libtit
+$ write mar " .IDENT /",libid,"/"
+$ type sys$input:/out=mar:
+;
+; Define macro to assist in building transfer vector entries. Each entry
+; should take no more than 8 bytes.
+;
+ .MACRO FTRANSFER_ENTRY routine
+ .ALIGN QUAD
+ .TRANSFER routine
+ .MASK routine
+ JMP routine+2
+ .ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
+$ write mar libvec,"_xfer:"
+$ libwrch := mar
+$ libwriter := write_vax_ftransfer_entry
+$ gosub read_func_num
+$ type sys$input:/out=mar:
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
+$! libwriter := write_vax_vtransfer_entry
+$! gosub read_func_num
+$ write mar " .END"
+$ close mar
+$ open/write opt 'libopt'
+$ write opt "identification=""",libid," ",libverstr,""""
+$ write opt libobj
+$ write opt libolb,"/lib"
+$ if libref .nes. "" then write opt libref,"/SHARE"
+$ type sys$input:/out=opt:
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+$ write opt "COLLECT=FIRST,$$",libvec
+$ write opt "GSMATCH=",libvmatch,",",libver
+$ type sys$input:/out=opt:
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+$ libwrch := opt
+$ libwriter := write_vax_psect_attr
+$ gosub read_func_num
+$ close opt
+$ macro/obj='libobj' 'libmar'
+$ link/map='libmap'/full/share='libgoal' 'libopt'/option
+$ return
+$
+$! The record writer routine for VAX functions
+$ write_vax_ftransfer_entry:
+$ if info_kind .nes. "FUNCTION" then return
+$ if libentry .eqs ".dummy"
+$ then
+$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
+$ else
+$ write 'libwrch' " FTRANSFER_ENTRY ",libentry
+$ endif
+$ return
+$! The record writer routine for VAX variables (should never happen!)
+$ write_vax_psect_attr:
+$ if info_kind .nes. "VARIABLE" then return
+$ if libentry .eqs ".dummy" then return
+$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
+$ return
+$
+$! ----- Common subroutines
+$! -----
+$! The .num file reader. This one has great responsability.
+$ read_func_num:
+$ open libnum 'libnum'
+$ goto read_nums
+$
+$ read_nums:
+$ libentrynum=0
+$ liblastentry:=false
+$ entrycount=0
+$ loop:
+$ read/end=loop_end/err=loop_end libnum line
+$ entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
+$ entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
+$ curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
+$ info_exist=f$element(0,":",entryinfo)
+$ info_platforms=","+f$element(1,":",entryinfo)+","
+$ info_kind=f$element(2,":",entryinfo)
+$ info_algorithms=","+f$element(3,":",entryinfo)+","
+$ if info_exist .eqs. "NOEXIST" then goto loop
+$ truesum = 0
+$ falsesum = 0
+$ negatives = 1
+$ plat_i = 0
+$ loop1:
+$ plat_entry = f$element(plat_i,",",info_platforms)
+$ plat_i = plat_i + 1
+$ if plat_entry .eqs. "" then goto loop1
+$ if plat_entry .nes. ","
+$ then
+$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
+$ if f$getsyi("CPU") .lt. 128
+$ then
+$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
+$ truesum = truesum + 1
+$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
+$ falsesum = falsesum + 1
+$ endif
+$!
+$ if ((plat_entry .eqs. "VMS") .or. -
+ (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
+ truesum = truesum + 1
+$!
+$ if ((plat_entry .eqs. "!VMS") .or. -
+ (arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
+ falsesum = falsesum + 1
+$!
+$ goto loop1
+$ endif
+$ endloop1:
+$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$!DEBUG!$ then
+$!DEBUG!$ write sys$output line
+$!DEBUG!$ write sys$output " truesum = ",truesum,-
+$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum
+$!DEBUG!$ endif
+$ if falsesum .ne. 0 then goto loop
+$ if truesum+negatives .eq. 0 then goto loop
+$ alg_i = 0
+$ loop2:
+$ alg_entry = f$element(alg_i,",",info_algorithms)
+$ alg_i = alg_i + 1
+$ if alg_entry .eqs. "" then goto loop2
+$ if alg_entry .nes. ","
+$ then
+$ if alg_entry .eqs. "KRB5" then goto loop ! Special for now
+$ if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now
+$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
+$ goto loop2
+$ endif
+$ endloop2:
+$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$ then
+$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo
+$ endif
+$ redo:
+$ next:=loop
+$ tolibentry=curentry
+$ if libentrynum .ne. entrynum
+$ then
+$ entrycount=entrycount+1
+$ if entrycount .lt. entrynum
+$ then
+$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
+$ tolibentry=".dummy"
+$ next:=redo
+$ endif
+$ if entrycount .gt. entrynum
+$ then
+$ write sys$error "Decreasing library entry numbers! Can't continue"
+$ write sys$error """",line,""""
+$ close libnum
+$ return
+$ endif
+$ libentry=tolibentry
+$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo
+$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
+$ else
+$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..."
+$ endif
+$ libentrynum=entrycount
+$ goto 'next'
+$ loop_end:
+$ close libnum
+$ return
+$
+$! The version number reader
+$ read_version_info:
+$ libver = ""
+$ open/read vf [.CRYPTO]OPENSSLV.H
+$ loop_rvi:
+$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line
+$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
+ goto loop_rvi
+$ libverstr = f$element(1,"""",rvi_line)
+$ libvmajor = f$element(0,".",libverstr)
+$ libvminor = f$element(1,".",libverstr)
+$ libvedit = f$element(2,".",libverstr)
+$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
+$ libvedit = f$extract(0,1,libvedit)
+$ libver = f$string(f$int(libvmajor)*100)+","+-
+ f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
+$ if libvmajor .eqs. "0"
+$ then
+$ libvmatch = "EQUAL"
+$ else
+$ ! Starting with the 1.0 release, backward compatibility should be
+$ ! kept, so switch over to the following
+$ libvmatch = "LEQUAL"
+$ endif
+$ endloop_rvi:
+$ close vf
+$ return
Added: vendor-crypto/openssl/dist/VMS/multinet_shr.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/multinet_shr.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/multinet_shr.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+multinet:multinet_socket_library.exe/share
Added: vendor-crypto/openssl/dist/VMS/openssl_utils.com
===================================================================
--- vendor-crypto/openssl/dist/VMS/openssl_utils.com (rev 0)
+++ vendor-crypto/openssl/dist/VMS/openssl_utils.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,46 @@
+$!
+$! APPS.COM
+$! Written By: Robert Byer
+$! Vice-President
+$! A-Com Computing, Inc.
+$! byer at mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard at levitte.org>
+$!
+$!
+$! Always define OPENSSL. Others are optional (non-null P1).
+$!
+$ OPENSSL :== $SSLEXE:OPENSSL
+$
+$ IF (P1 .NES. "")
+$ THEN
+$ VERIFY :== $SSLEXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$! REQ could conflict with REQUEST.
+$ OREQ :== $SSLEXE:OPENSSL REQ
+$ DGST :== $SSLEXE:OPENSSL DGST
+$ DH :== $SSLEXE:OPENSSL DH
+$ ENC :== $SSLEXE:OPENSSL ENC
+$ GENDH :== $SSLEXE:OPENSSL GENDH
+$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
+$ CA :== $SSLEXE:OPENSSL CA
+$ CRL :== $SSLEXE:OPENSSL CRL
+$ RSA :== $SSLEXE:OPENSSL RSA
+$ DSA :== $SSLEXE:OPENSSL DSA
+$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$ X509 :== $SSLEXE:OPENSSL X509
+$ GENRSA :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA :== $SSLEXE:OPENSSL GENDSA
+$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$ SPEED :== $SSLEXE:OPENSSL SPEED
+$ S_TIME :== $SSLEXE:OPENSSL S_TIME
+$ VERSION :== $SSLEXE:OPENSSL VERSION
+$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
+$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
+$ ENDIF
Added: vendor-crypto/openssl/dist/VMS/socketshr_shr.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/socketshr_shr.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/socketshr_shr.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+socketshr/share
Added: vendor-crypto/openssl/dist/VMS/tcpip_shr_decc.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/tcpip_shr_decc.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/tcpip_shr_decc.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share
Added: vendor-crypto/openssl/dist/VMS/test-includes.com
===================================================================
--- vendor-crypto/openssl/dist/VMS/test-includes.com (rev 0)
+++ vendor-crypto/openssl/dist/VMS/test-includes.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,28 @@
+$! Quick script to check how well including individual header files works
+$! on VMS, even when the VMS macro isn't defined.
+$
+$ sav_def = f$env("DEFAULT")
+$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
+$ set default 'here'
+$ set default [-.include.openssl]
+$ define openssl 'f$env("DEFAULT")'
+$ set default [--]
+$
+$ loop:
+$ f = f$search("openssl:*.h")
+$ if f .eqs. "" then goto loop_end
+$ write sys$output "Checking ",f
+$ open/write foo foo.c
+$ write foo "#undef VMS"
+$ write foo "#include <stdio.h>"
+$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
+$ write foo "main()"
+$ write foo "{printf(""foo\n"");}"
+$ close foo
+$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
+$ delete foo.c;
+$ goto loop
+$ loop_end:
+$ set default 'save_def'
+$ exit
+
Added: vendor-crypto/openssl/dist/VMS/ucx_shr_decc.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/ucx_shr_decc.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/ucx_shr_decc.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+sys$share:ucx$ipc_shr.exe/share
Added: vendor-crypto/openssl/dist/VMS/ucx_shr_decc_log.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/ucx_shr_decc_log.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/ucx_shr_decc_log.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+ucx$ipc_shr/share
Added: vendor-crypto/openssl/dist/VMS/ucx_shr_vaxc.opt
===================================================================
--- vendor-crypto/openssl/dist/VMS/ucx_shr_vaxc.opt (rev 0)
+++ vendor-crypto/openssl/dist/VMS/ucx_shr_vaxc.opt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+sys$library:ucx$ipc.olb/library
Added: vendor-crypto/openssl/dist/apps/CA.com
===================================================================
--- vendor-crypto/openssl/dist/apps/CA.com (rev 0)
+++ vendor-crypto/openssl/dist/apps/CA.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,220 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$! some setup stuff to be done before you can use it and this makes
+$! things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request
+$! CA -sign ... will sign the generated request and output
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh Added more things ... including CA -signcert which
+$! converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+$! environment variable so this can be driven from
+$! a script.
+$! 25-Jul-96 eay Cleaned up filenames some more.
+$! 11-Jun-96 eay Fixed a few filename missmatches.
+$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh Original hacking
+$!
+$! Tim Hudson
+$! tjh at cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS = "-days 365"
+$ REQ = openssl + " req " + SSLEAY_CONFIG
+$ CA = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509 = openssl + " x509"
+$ PKCS12 = openssl + " pkcs12"
+$ echo = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP := 's'.demoCA
+$ CAKEY := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
+$ THEN
+$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
+$ exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$ ! Get input from somewhere other than SYS$COMMAND
+$ i = i + 1
+$ __INPUT = P'i'
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$ ! Create a certificate.
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$ RET=$STATUS
+$ echo "Certificate (and private key) is in newreq.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$ ! Create a certificate request
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$ RET=$STATUS
+$ echo "Request (and private key) is in newreq.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$ ! If explicitly asked for or it doesn't exist then setup the directory
+$ ! structure that Eric likes to manage things.
+$ IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$ THEN
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$
+$ OPEN /WRITE ser_file 'CATOP']serial.
+$ WRITE ser_file "01"
+$ CLOSE ser_file
+$ APPEND/NEW NL: 'CATOP']index.txt
+$
+$ ! The following is to make sure access() doesn't get confused. It
+$ ! really needs one file in the directory to give correct answers...
+$ COPY NLA0: 'CATOP'.certs].;
+$ COPY NLA0: 'CATOP'.crl].;
+$ COPY NLA0: 'CATOP'.newcerts].;
+$ COPY NLA0: 'CATOP'.private].;
+$ ENDIF
+$!
+$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$ THEN
+$ READ '__INPUT' FILE -
+ /PROMPT="CA certificate filename (or enter to create): "
+$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
+$ THEN
+$ COPY 'FILE' 'CATOP'.private'CAKEY'
+$ RET=$STATUS
+$ ELSE
+$ echo "Making CA certificate ..."
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+ -out 'CATOP''CACERT' 'DAYS'
+$ RET=$STATUS
+$ ENDIF
+$ ENDIF
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-pkcs12")
+$ THEN
+$ i = i + 1
+$ cname = P'i'
+$ IF cname .EQS. "" THEN cname = "My certificate"
+$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
+ -out newcert.p12 -export -name "''cname'"
+$ RET=$STATUS
+$ exit RET
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -infiles newreq.pem
+$ RET=$STATUS
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$ RET=$STATUS
+$ type newcert.pem
+$ echo "Signed certificate is in newcert.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$ THEN
+$!
+$ echo "Cert passphrase will be requested twice - bug?"
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$ type newcert.pem
+$ echo "Signed certificate is in newcert.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!
+$ i = i + 1
+$ IF (p'i' .EQS. "")
+$ THEN
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$ ELSE
+$ j = i
+$ verify_opt_loop:
+$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$ IF p'j' .NES. ""
+$ THEN
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ __tmp = p'j'
+$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$ tmp=$STATUS
+$ IF tmp .NE. 0 THEN RET=tmp
+$ ENDIF
+$ j = j + 1
+$ GOTO verify_opt_loop
+$ verify_opt_loop_end:
+$ ENDIF
+$
+$ GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!
+$ echo "Unknown argument ''prog_opt'"
+$
+$ EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'
Added: vendor-crypto/openssl/dist/apps/CA.pl
===================================================================
--- vendor-crypto/openssl/dist/apps/CA.pl (rev 0)
+++ vendor-crypto/openssl/dist/apps/CA.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,189 @@
+#!/usr/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq[-nodes] ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh at cryptsoft.com
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson at bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+ $openssl = $ENV{OPENSSL};
+} else {
+ $openssl = "openssl";
+ $ENV{OPENSSL} = $openssl;
+}
+
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
+$DAYS="-days 365"; # 1 year
+$CADAYS="-days 1095"; # 3 years
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CAREQ="careq.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
+ $RET=$?;
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
+ } elsif (/^-newca$/) {
+ # if explicitly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ open OUT, ">${CATOP}/crlnumber";
+ print OUT "01\n";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+ system ("$CA -create_serial " .
+ "-out ${CATOP}/$CACERT $CADAYS -batch " .
+ "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+ "-extensions v3_ca " .
+ "-infiles ${CATOP}/$CAREQ ");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-pkcs12$/) {
+ my $cname = $ARGV[1];
+ $cname = "My Certificate" unless defined $cname;
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
+ "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+ "-export -name \"$cname\"");
+ $RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
+ exit $RET;
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^(-signCA)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-extensions v3_ca -infiles newreq.pem");
+ $RET=$?;
+ print "Signed CA certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
Added: vendor-crypto/openssl/dist/apps/CA.pl.in
===================================================================
--- vendor-crypto/openssl/dist/apps/CA.pl.in (rev 0)
+++ vendor-crypto/openssl/dist/apps/CA.pl.in 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,189 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq[-nodes] ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh at cryptsoft.com
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson at bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+ $openssl = $ENV{OPENSSL};
+} else {
+ $openssl = "openssl";
+ $ENV{OPENSSL} = $openssl;
+}
+
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
+$DAYS="-days 365"; # 1 year
+$CADAYS="-days 1095"; # 3 years
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CAREQ="careq.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
+ $RET=$?;
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
+ } elsif (/^-newca$/) {
+ # if explicitly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ open OUT, ">${CATOP}/crlnumber";
+ print OUT "01\n";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+ system ("$CA -create_serial " .
+ "-out ${CATOP}/$CACERT $CADAYS -batch " .
+ "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+ "-extensions v3_ca " .
+ "-infiles ${CATOP}/$CAREQ ");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-pkcs12$/) {
+ my $cname = $ARGV[1];
+ $cname = "My Certificate" unless defined $cname;
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
+ "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+ "-export -name \"$cname\"");
+ $RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
+ exit $RET;
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^(-signCA)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-extensions v3_ca -infiles newreq.pem");
+ $RET=$?;
+ print "Signed CA certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
Added: vendor-crypto/openssl/dist/apps/CA.sh
===================================================================
--- vendor-crypto/openssl/dist/apps/CA.sh (rev 0)
+++ vendor-crypto/openssl/dist/apps/CA.sh 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,198 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh at cryptsoft.com
+#
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+cp_pem() {
+ infile=$1
+ outfile=$2
+ bound=$3
+ flag=0
+ exec <$infile;
+ while read line; do
+ if [ $flag -eq 1 ]; then
+ echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
+ if [ $? -eq 0 ] ; then
+ echo $line >>$outfile
+ break
+ else
+ echo $line >>$outfile
+ fi
+ fi
+
+ echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
+ if [ $? -eq 0 ]; then
+ echo $line >$outfile
+ flag=1
+ fi
+ done
+}
+
+usage() {
+ echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
+}
+
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
+if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
+CADAYS="-days 1095" # 3 years
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
+PKCS12="openssl pkcs12"
+
+if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
+CAKEY=./cakey.pem
+CAREQ=./careq.pem
+CACERT=./cacert.pem
+
+RET=0
+
+while [ "$1" != "" ] ; do
+case $1 in
+-\?|-h|-help)
+ usage
+ exit 0
+ ;;
+-newcert)
+ # create a certificate
+ $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
+ RET=$?
+ echo "Certificate is in newcert.pem, private key is in newkey.pem"
+ ;;
+-newreq)
+ # create a certificate request
+ $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Request is in newreq.pem, private key is in newkey.pem"
+ ;;
+-newreq-nodes)
+ # create a certificate request
+ $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Request (and private key) is in newreq.pem"
+ ;;
+-newca)
+ # if explicitly asked for or it doesn't exist then setup the directory
+ # structure that Eric likes to manage things
+ NEW="1"
+ if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+ # create the directory hierarchy
+ mkdir -p ${CATOP}
+ mkdir -p ${CATOP}/certs
+ mkdir -p ${CATOP}/crl
+ mkdir -p ${CATOP}/newcerts
+ mkdir -p ${CATOP}/private
+ touch ${CATOP}/index.txt
+ fi
+ if [ ! -f ${CATOP}/private/$CAKEY ]; then
+ echo "CA certificate filename (or enter to create)"
+ read FILE
+
+ # ask user for existing CA certificate
+ if [ "$FILE" ]; then
+ cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
+ cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
+ RET=$?
+ if [ ! -f "${CATOP}/serial" ]; then
+ $X509 -in ${CATOP}/$CACERT -noout -next_serial \
+ -out ${CATOP}/serial
+ fi
+ else
+ echo "Making CA certificate ..."
+ $REQ -new -keyout ${CATOP}/private/$CAKEY \
+ -out ${CATOP}/$CAREQ
+ $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
+ -keyfile ${CATOP}/private/$CAKEY -selfsign \
+ -extensions v3_ca \
+ -infiles ${CATOP}/$CAREQ
+ RET=$?
+ fi
+ fi
+ ;;
+-xsign)
+ $CA -policy policy_anything -infiles newreq.pem
+ RET=$?
+ ;;
+-pkcs12)
+ if [ -z "$2" ] ; then
+ CNAME="My Certificate"
+ else
+ CNAME="$2"
+ fi
+ $PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
+ -out newcert.p12 -export -name "$CNAME"
+ RET=$?
+ exit $RET
+ ;;
+-sign|-signreq)
+ $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+ RET=$?
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-signCA)
+ $CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
+ RET=$?
+ echo "Signed CA certificate is in newcert.pem"
+ ;;
+-signcert)
+ echo "Cert passphrase will be requested twice - bug?"
+ $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+ $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+ RET=$?
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-verify)
+ shift
+ if [ -z "$1" ]; then
+ $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+ RET=$?
+ else
+ for j
+ do
+ $VERIFY -CAfile $CATOP/$CACERT $j
+ if [ $? != 0 ]; then
+ RET=$?
+ fi
+ done
+ fi
+ exit $RET
+ ;;
+*)
+ echo "Unknown arg $i" >&2
+ usage
+ exit 1
+ ;;
+esac
+shift
+done
+exit $RET
Added: vendor-crypto/openssl/dist/apps/Makefile
===================================================================
--- vendor-crypto/openssl/dist/apps/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/apps/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,985 @@
+#
+# apps/Makefile
+#
+
+DIR= apps
+TOP= ..
+CC= cc
+INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG= -g -static
+MAKEFILE= Makefile
+PERL= perl
+RM= rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+
+SHLIB_TARGET=
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile makeapps.com install.com
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+PROGRAM= openssl
+
+SCRIPTS=CA.sh CA.pl
+
+EXE= $(PROGRAM)$(EXE_EXT)
+
+E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+ ca crl rsa rsautl dsa dsaparam ec ecparam \
+ x509 genrsa gendsa s_server s_client speed \
+ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
+ pkcs8 spkac smime rand engine ocsp prime
+
+PROGS= $(PROGRAM).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ= s_cb.o s_socket.o
+S_SRC= s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
+
+E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+ ca.o pkcs7.o crl2p7.o crl.o \
+ rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
+ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
+ ocsp.o prime.o cms.o
+
+E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
+ pkcs7.c crl2p7.c crl.c \
+ rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
+ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
+ ocsp.c prime.c cms.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+ testdsa.h testrsa.h \
+ $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: exe
+
+exe: $(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+ shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ fi; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
+ LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
+ link_app.$${shlib_target}
+
+sreq.o: req.c
+ $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @set -e; for i in $(EXE); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ done;
+ @set -e; for i in $(SCRIPTS); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ done
+ @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+links:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @if [ -z "$(THIS)" ]; then \
+ $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+ else \
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+ fi
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+ rm -f req
+
+$(DLIBSSL):
+ (cd ..; $(MAKE) DIRS=ssl all)
+
+$(DLIBCRYPTO):
+ (cd ..; $(MAKE) DIRS=crypto all)
+
+$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+ $(RM) $(EXE)
+ shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ elif [ -n "$(FIPSCANLIB)" ]; then \
+ FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ fi; \
+ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
+ [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ link_app.$${shlib_target}
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (cd ..; \
+ OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
+ $(PERL) tools/c_rehash certs) \
+ fi
+
+progs.h: progs.pl
+ $(PERL) progs.pl $(E_EXE) >progs.h
+ $(RM) $(PROGRAM).o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
+apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
+apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
+apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
+ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
+cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
+crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dh.o: ../include/openssl/x509v3.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+dsaparam.o: dsaparam.c
+ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ec.o: ../include/openssl/err.h ../include/openssl/evp.h
+ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ec.o: ../include/openssl/x509v3.h apps.h ec.c
+ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ecparam.o: ecparam.c
+enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+engine.o: ../include/openssl/engine.h ../include/openssl/err.h
+engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
+engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+engine.o: ../include/openssl/x509v3.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
+errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+gendh.o: gendh.c
+gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
+ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs12.o: pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs8.o: pkcs8.c
+prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
+prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+prime.o: ../include/openssl/x509v3.h apps.h prime.c
+rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
+req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/fips.h
+req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/store.h
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_cb.o: s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_client.o: s_apps.h s_client.c timeouts.h
+s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
+s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
+sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+smime.o: ../include/openssl/x509v3.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+speed.o: speed.c testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+version.o: ../include/openssl/evp.h ../include/openssl/fips.h
+version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+version.o: ../include/openssl/x509v3.h apps.h version.c
+x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
Added: vendor-crypto/openssl/dist/apps/app_rand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/app_rand.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/app_rand.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,218 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+ {
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
+#ifdef OPENSSL_SYS_WINDOWS
+ BIO_printf(bio_e,"Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e," done\n");
+#endif
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ else if (RAND_egd(file) > 0)
+ {
+ /* we try if the given filename is an EGD socket.
+ if it is, we don't write anything back to the file. */
+ egdsocket = 1;
+ return 1;
+ }
+ if (file == NULL || !RAND_load_file(file, -1))
+ {
+ if (RAND_status() == 0)
+ {
+ if (!dont_warn)
+ {
+ BIO_printf(bio_e,"unable to load 'random state'\n");
+ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e,"with much random data.\n");
+ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ {
+ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ }
+ }
+ return 0;
+ }
+ }
+ seeded = 1;
+ return 1;
+ }
+
+long app_RAND_load_files(char *name)
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+ int egd;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ egd=RAND_egd(n);
+ if (egd > 0)
+ tot+=egd;
+ else
+ tot+=RAND_load_file(n,-1);
+ if (last) break;
+ }
+ if (tot > 512)
+ app_RAND_allow_write_file();
+ return(tot);
+ }
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+ {
+ char buffer[200];
+
+ if (egdsocket || !seeded)
+ /* If we did not manage to read the seed file,
+ * we should not write a low-entropy seed file back --
+ * it would suppress a crucial warning the next time
+ * we want to use it. */
+ return 0;
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ if (file == NULL || !RAND_write_file(file))
+ {
+ BIO_printf(bio_e,"unable to write 'random state'\n");
+ return 0;
+ }
+ return 1;
+ }
+
+void app_RAND_allow_write_file(void)
+ {
+ seeded = 1;
+ }
Added: vendor-crypto/openssl/dist/apps/apps.c
===================================================================
--- vendor-crypto/openssl/dist/apps/apps.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/apps.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2587 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_JPAKE
+#include <openssl/jpake.h>
+#endif
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+typedef struct {
+ const char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
+#endif
+
+int app_init(long mesgwin);
+#ifdef undef /* never finished - probably never will be :-) */
+int args_from_file(char *file, int *argc, char **argv[])
+ {
+ FILE *fp;
+ int num,i;
+ unsigned int len;
+ static char *buf=NULL;
+ static char **arg=NULL;
+ char *p;
+ struct stat stbuf;
+
+ if (stat(file,&stbuf) < 0) return(0);
+
+ fp=fopen(file,"r");
+ if (fp == NULL)
+ return(0);
+
+ *argc=0;
+ *argv=NULL;
+
+ len=(unsigned int)stbuf.st_size;
+ if (buf != NULL) OPENSSL_free(buf);
+ buf=(char *)OPENSSL_malloc(len+1);
+ if (buf == NULL) return(0);
+
+ len=fread(buf,1,len,fp);
+ if (len <= 1) return(0);
+ buf[len]='\0';
+
+ i=0;
+ for (p=buf; *p; p++)
+ if (*p == '\n') i++;
+ if (arg != NULL) OPENSSL_free(arg);
+ arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
+
+ *argv=arg;
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ if (!*p) break;
+ if (*p == '#') /* comment line */
+ {
+ while (*p && (*p != '\n')) p++;
+ continue;
+ }
+ /* else we have a line */
+ *(arg++)=p;
+ num++;
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ *(p++)='\0';
+ continue;
+ }
+ /* else it is a tab or space */
+ p++;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ p++;
+ continue;
+ }
+ *(arg++)=p++;
+ num++;
+ while (*p && (*p != '\n')) p++;
+ if (!*p) break;
+ /* else *p == '\n' */
+ *(p++)='\0';
+ }
+ *argc=num;
+ return(1);
+ }
+#endif
+
+int str2fmt(char *s)
+ {
+ if ((*s == 'D') || (*s == 'd'))
+ return(FORMAT_ASN1);
+ else if ((*s == 'T') || (*s == 't'))
+ return(FORMAT_TEXT);
+ else if ((*s == 'P') || (*s == 'p'))
+ return(FORMAT_PEM);
+ else if ((*s == 'N') || (*s == 'n'))
+ return(FORMAT_NETSCAPE);
+ else if ((*s == 'S') || (*s == 's'))
+ return(FORMAT_SMIME);
+ else if ((*s == '1')
+ || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
+ || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
+ return(FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return(FORMAT_ENGINE);
+ else
+ return(FORMAT_UNDEF);
+ }
+
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
+void program_name(char *in, char *out, int size)
+ {
+ int i,n;
+ char *p=NULL;
+
+ n=strlen(in);
+ /* find the last '/', '\' or ':' */
+ for (i=n-1; i>0; i--)
+ {
+ if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
+ {
+ p= &(in[i+1]);
+ break;
+ }
+ }
+ if (p == NULL)
+ p=in;
+ n=strlen(p);
+
+#if defined(OPENSSL_SYS_NETWARE)
+ /* strip off trailing .nlm if present. */
+ if ((n > 4) && (p[n-4] == '.') &&
+ ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
+ ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
+ ((p[n-1] == 'm') || (p[n-1] == 'M')))
+ n-=4;
+#else
+ /* strip off trailing .exe if present. */
+ if ((n > 4) && (p[n-4] == '.') &&
+ ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
+ ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
+ ((p[n-1] == 'e') || (p[n-1] == 'E')))
+ n-=4;
+#endif
+
+ if (n > size-1)
+ n=size-1;
+
+ for (i=0; i<n; i++)
+ {
+ if ((p[i] >= 'A') && (p[i] <= 'Z'))
+ out[i]=p[i]-'A'+'a';
+ else
+ out[i]=p[i];
+ }
+ out[n]='\0';
+ }
+#else
+#ifdef OPENSSL_SYS_VMS
+void program_name(char *in, char *out, int size)
+ {
+ char *p=in, *q;
+ char *chars=":]>";
+
+ while(*chars != '\0')
+ {
+ q=strrchr(p,*chars);
+ if (q > p)
+ p = q + 1;
+ chars++;
+ }
+
+ q=strrchr(p,'.');
+ if (q == NULL)
+ q = p + strlen(p);
+ strncpy(out,p,size-1);
+ if (q-p >= size)
+ {
+ out[size-1]='\0';
+ }
+ else
+ {
+ out[q-p]='\0';
+ }
+ }
+#else
+void program_name(char *in, char *out, int size)
+ {
+ char *p;
+
+ p=strrchr(in,'/');
+ if (p != NULL)
+ p++;
+ else
+ p=in;
+ BUF_strlcpy(out,p,size);
+ }
+#endif
+#endif
+
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+ {
+ int num,i;
+ char *p;
+
+ *argc=0;
+ *argv=NULL;
+
+ i=0;
+ if (arg->count == 0)
+ {
+ arg->count=20;
+ arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+ if (arg->data == NULL)
+ return 0;
+ }
+ for (i=0; i<arg->count; i++)
+ arg->data[i]=NULL;
+
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ /* first scan over white space */
+ if (!*p) break;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+
+ /* The start of something good :-) */
+ if (num >= arg->count)
+ {
+ char **tmp_p;
+ int tlen = arg->count + 20;
+ tmp_p = (char **)OPENSSL_realloc(arg->data,
+ sizeof(char *)*tlen);
+ if (tmp_p == NULL)
+ return 0;
+ arg->data = tmp_p;
+ arg->count = tlen;
+ /* initialize newly allocated data */
+ for (i = num; i < arg->count; i++)
+ arg->data[i] = NULL;
+ }
+ arg->data[num++]=p;
+
+ /* now look for the end of this */
+ if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
+ {
+ i= *(p++);
+ arg->data[num-1]++; /* jump over quote */
+ while (*p && (*p != i))
+ p++;
+ *p='\0';
+ }
+ else
+ {
+ while (*p && ((*p != ' ') &&
+ (*p != '\t') && (*p != '\n')))
+ p++;
+
+ if (*p == '\0')
+ p--;
+ else
+ *p='\0';
+ }
+ p++;
+ }
+ *argc=num;
+ *argv=arg->data;
+ return(1);
+ }
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+ {
+ return(1);
+ }
+#endif
+
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+ char *p;
+
+ p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
+ BIO_puts(out,"subject=");
+ BIO_puts(out,p);
+ OPENSSL_free(p);
+
+ p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+ BIO_puts(out,"\nissuer=");
+ BIO_puts(out,p);
+ BIO_puts(out,"\n");
+ OPENSSL_free(p);
+
+ return 0;
+}
+
+static int ui_open(UI *ui)
+ {
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+ }
+static int ui_read(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0')
+ {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+ }
+static int ui_write(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+ }
+static int ui_close(UI *ui)
+ {
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+ }
+int setup_ui_method(void)
+ {
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+ }
+void destroy_ui_method(void)
+ {
+ if(ui_method)
+ {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+ }
+int password_callback(char *buf, int bufsiz, int verify,
+ PW_CB_DATA *cb_tmp)
+ {
+ UI *ui = NULL;
+ int res = 0;
+ const char *prompt_info = NULL;
+ const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+ if (cb_data)
+ {
+ if (cb_data->password)
+ password = cb_data->password;
+ if (cb_data->prompt_info)
+ prompt_info = cb_data->prompt_info;
+ }
+
+ if (password)
+ {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
+
+ ui = UI_new_method(ui_method);
+ if (ui)
+ {
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase",
+ prompt_info);
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+ PW_MIN_LENGTH,bufsiz-1);
+ if (ok >= 0 && verify)
+ {
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+ PW_MIN_LENGTH,bufsiz-1, buf);
+ }
+ if (ok >= 0)
+ do
+ {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff)
+ {
+ OPENSSL_cleanse(buff,(unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1)
+ {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2)
+ {
+ BIO_printf(bio_err,"aborted!\n");
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ return res;
+ }
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+ int same;
+ if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
+ else same = 1;
+ if(arg1) {
+ *pass1 = app_get_pass(err, arg1, same);
+ if(!*pass1) return 0;
+ } else if(pass1) *pass1 = NULL;
+ if(arg2) {
+ *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ if(!*pass2) return 0;
+ } else if(pass2) *pass2 = NULL;
+ return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+ char *tmp, tpass[APP_PASS_LEN];
+ static BIO *pwdbio = NULL;
+ int i;
+ if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
+ if(!strncmp(arg, "env:", 4)) {
+ tmp = getenv(arg + 4);
+ if(!tmp) {
+ BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ return NULL;
+ }
+ return BUF_strdup(tmp);
+ }
+ if(!keepbio || !pwdbio) {
+ if(!strncmp(arg, "file:", 5)) {
+ pwdbio = BIO_new_file(arg + 5, "r");
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open file %s\n", arg + 5);
+ return NULL;
+ }
+ } else if(!strncmp(arg, "fd:", 3)) {
+ BIO *btmp;
+ i = atoi(arg + 3);
+ if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+ if((i < 0) || !pwdbio) {
+ BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ return NULL;
+ }
+ /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
+ btmp = BIO_new(BIO_f_buffer());
+ pwdbio = BIO_push(btmp, pwdbio);
+ } else if(!strcmp(arg, "stdin")) {
+ pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open BIO for stdin\n");
+ return NULL;
+ }
+ } else {
+ BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ return NULL;
+ }
+ }
+ i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+ if(keepbio != 1) {
+ BIO_free_all(pwdbio);
+ pwdbio = NULL;
+ }
+ if(i <= 0) {
+ BIO_printf(err, "Error reading password from BIO\n");
+ return NULL;
+ }
+ tmp = strchr(tpass, '\n');
+ if(tmp) *tmp = 0;
+ return BUF_strdup(tpass);
+}
+
+int add_oid_section(BIO *err, CONF *conf)
+{
+ char *p;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *cnf;
+ int i;
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
+ {
+ ERR_clear_error();
+ return 1;
+ }
+ if(!(sktmp = NCONF_get_section(conf, p))) {
+ BIO_printf(err, "problem loading oid section %s\n", p);
+ return 0;
+ }
+ for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+ cnf = sk_CONF_VALUE_value(sktmp, i);
+ if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+ BIO_printf(err, "problem creating object %s=%s\n",
+ cnf->name, cnf->value);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int load_pkcs12(BIO *err, BIO *in, const char *desc,
+ pem_password_cb *pem_cb, void *cb_data,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+ {
+ const char *pass;
+ char tpass[PEM_BUFSIZE];
+ int len, ret = 0;
+ PKCS12 *p12;
+ p12 = d2i_PKCS12_bio(in, NULL);
+ if (p12 == NULL)
+ {
+ BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
+ goto die;
+ }
+ /* See if an empty password will do */
+ if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+ pass = "";
+ else
+ {
+ if (!pem_cb)
+ pem_cb = (pem_password_cb *)password_callback;
+ len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+ if (len < 0)
+ {
+ BIO_printf(err, "Passpharse callback error for %s\n",
+ desc);
+ goto die;
+ }
+ if (len < PEM_BUFSIZE)
+ tpass[len] = 0;
+ if (!PKCS12_verify_mac(p12, tpass, len))
+ {
+ BIO_printf(err,
+ "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
+ goto die;
+ }
+ pass = tpass;
+ }
+ ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+ if (p12)
+ PKCS12_free(p12);
+ return ret;
+ }
+
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
+ {
+ ASN1_HEADER *ah=NULL;
+ BUF_MEM *buf=NULL;
+ X509 *x=NULL;
+ BIO *cert;
+
+ if ((cert=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (file == NULL)
+ {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+ }
+ else
+ {
+ if (BIO_read_filename(cert,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ }
+
+ if (format == FORMAT_ASN1)
+ x=d2i_X509_bio(cert,NULL);
+ else if (format == FORMAT_NETSCAPE)
+ {
+ const unsigned char *p,*op;
+ int size=0,i;
+
+ /* We sort of have to do it this way because it is sort of nice
+ * to read the header first and check it, then
+ * try to read the certificate */
+ buf=BUF_MEM_new();
+ for (;;)
+ {
+ if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+ goto end;
+ i=BIO_read(cert,&(buf->data[size]),1024*10);
+ size+=i;
+ if (i == 0) break;
+ if (i < 0)
+ {
+ perror("reading certificate");
+ goto end;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ op=p;
+
+ /* First load the header */
+ if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+ goto end;
+ if ((ah->header == NULL) || (ah->header->data == NULL) ||
+ (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
+ ah->header->length) != 0))
+ {
+ BIO_printf(err,"Error reading header on certificate\n");
+ goto end;
+ }
+ /* header is ok, so now read the object */
+ p=op;
+ ah->meth=X509_asn1_meth();
+ if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+ goto end;
+ x=(X509 *)ah->data;
+ ah->data=NULL;
+ }
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_X509_AUX(cert,NULL,
+ (pem_password_cb *)password_callback, NULL);
+ else if (format == FORMAT_PKCS12)
+ {
+ if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
+ NULL, &x, NULL))
+ goto end;
+ }
+ else {
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
+ goto end;
+ }
+end:
+ if (x == NULL)
+ {
+ BIO_printf(err,"unable to load certificate\n");
+ ERR_print_errors(err);
+ }
+ if (ah != NULL) ASN1_HEADER_free(ah);
+ if (cert != NULL) BIO_free(cert);
+ if (buf != NULL) BUF_MEM_free(buf);
+ return(x);
+ }
+
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
+ {
+ BIO *key=NULL;
+ EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
+ {
+ BIO_printf(err,"no keyfile specified\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(err,"no engine specified\n");
+ else
+ {
+ pkey = ENGINE_load_private_key(e, file,
+ ui_method, &cb_data);
+ if (!pkey)
+ {
+ BIO_printf(err,"cannot load %s from engine\n",key_descrip);
+ ERR_print_errors(err);
+ }
+ }
+ goto end;
+ }
+#endif
+ key=BIO_new(BIO_s_file());
+ if (key == NULL)
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin)
+ {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
+ }
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1)
+ {
+ pkey=d2i_PrivateKey_bio(key, NULL);
+ }
+ else if (format == FORMAT_PEM)
+ {
+ pkey=PEM_read_bio_PrivateKey(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
+ }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+ else if (format == FORMAT_PKCS12)
+ {
+ if (!load_pkcs12(err, key, key_descrip,
+ (pem_password_cb *)password_callback, &cb_data,
+ &pkey, NULL, NULL))
+ goto end;
+ }
+ else
+ {
+ BIO_printf(err,"bad input format specified for key file\n");
+ goto end;
+ }
+ end:
+ if (key != NULL) BIO_free(key);
+ if (pkey == NULL)
+ {
+ BIO_printf(err,"unable to load %s\n", key_descrip);
+ ERR_print_errors(err);
+ }
+ return(pkey);
+ }
+
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
+ {
+ BIO *key=NULL;
+ EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
+ {
+ BIO_printf(err,"no keyfile specified\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file,
+ ui_method, &cb_data);
+ goto end;
+ }
+#endif
+ key=BIO_new(BIO_s_file());
+ if (key == NULL)
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin)
+ {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
+ }
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1)
+ {
+ pkey=d2i_PUBKEY_bio(key, NULL);
+ }
+ else if (format == FORMAT_PEM)
+ {
+ pkey=PEM_read_bio_PUBKEY(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
+ }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+ else
+ {
+ BIO_printf(err,"bad input format specified for key file\n");
+ goto end;
+ }
+ end:
+ if (key != NULL) BIO_free(key);
+ if (pkey == NULL)
+ BIO_printf(err,"unable to load %s\n", key_descrip);
+ return(pkey);
+ }
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+ {
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf=BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;)
+ {
+ if (!BUF_MEM_grow_clean(buf,size+1024*10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024*10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0)
+ {
+ BIO_printf(err, "Error reading %s %s",
+ key_descrip, file);
+ goto error;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
+ {
+ BIO *certs;
+ int i;
+ STACK_OF(X509) *othercerts = NULL;
+ STACK_OF(X509_INFO) *allcerts = NULL;
+ X509_INFO *xi;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if((certs = BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (file == NULL)
+ BIO_set_fp(certs,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(certs,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ }
+
+ if (format == FORMAT_PEM)
+ {
+ othercerts = sk_X509_new_null();
+ if(!othercerts)
+ {
+ sk_X509_free(othercerts);
+ othercerts = NULL;
+ goto end;
+ }
+ allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+ (pem_password_cb *)password_callback, &cb_data);
+ for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+ {
+ xi = sk_X509_INFO_value (allcerts, i);
+ if (xi->x509)
+ {
+ sk_X509_push(othercerts, xi->x509);
+ xi->x509 = NULL;
+ }
+ }
+ goto end;
+ }
+ else {
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
+ goto end;
+ }
+end:
+ if (othercerts == NULL)
+ {
+ BIO_printf(err,"unable to load certificates\n");
+ ERR_print_errors(err);
+ }
+ if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+ if (certs != NULL) BIO_free(certs);
+ return(othercerts);
+ }
+
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+ X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL cert_tbl[] = {
+ { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ { "ca_default", X509_FLAG_CA, 0xffffffffl},
+ { "no_header", X509_FLAG_NO_HEADER, 0},
+ { "no_version", X509_FLAG_NO_VERSION, 0},
+ { "no_serial", X509_FLAG_NO_SERIAL, 0},
+ { "no_signame", X509_FLAG_NO_SIGNAME, 0},
+ { "no_validity", X509_FLAG_NO_VALIDITY, 0},
+ { "no_subject", X509_FLAG_NO_SUBJECT, 0},
+ { "no_issuer", X509_FLAG_NO_ISSUER, 0},
+ { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ { "no_aux", X509_FLAG_NO_AUX, 0},
+ { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL ex_tbl[] = {
+ { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+ { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+ { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+ { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+ { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+ { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+ { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+ { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+ { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+ { "compat", XN_FLAG_COMPAT, 0xffffffffL},
+ { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+ { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+ { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+ { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+ { "dn_rev", XN_FLAG_DN_REV, 0},
+ { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+ { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+ { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ { "align", XN_FLAG_FN_ALIGN, 0},
+ { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+ { "space_eq", XN_FLAG_SPC_EQ, 0},
+ { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+ { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+ { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
+ { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+ { NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+ if (!strcasecmp(arg, "none"))
+ *copy_type = EXT_COPY_NONE;
+ else if (!strcasecmp(arg, "copy"))
+ *copy_type = EXT_COPY_ADD;
+ else if (!strcasecmp(arg, "copyall"))
+ *copy_type = EXT_COPY_ALL;
+ else
+ return 0;
+ return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ext, *tmpext;
+ ASN1_OBJECT *obj;
+ int i, idx, ret = 0;
+ if (!x || !req || (copy_type == EXT_COPY_NONE))
+ return 1;
+ exts = X509_REQ_get_extensions(req);
+
+ for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ext = sk_X509_EXTENSION_value(exts, i);
+ obj = X509_EXTENSION_get_object(ext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ /* Does extension exist? */
+ if (idx != -1) {
+ /* If normal copy don't override existing extension */
+ if (copy_type == EXT_COPY_ADD)
+ continue;
+ /* Delete all extensions of same type */
+ do {
+ tmpext = X509_get_ext(x, idx);
+ X509_delete_ext(x, idx);
+ X509_EXTENSION_free(tmpext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ } while (idx != -1);
+ }
+ if (!X509_add_ext(x, ext, -1))
+ goto end;
+ }
+
+ ret = 1;
+
+ end:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+ return ret;
+}
+
+
+
+
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *val;
+ int i, ret = 1;
+ if(!arg) return 0;
+ vals = X509V3_parse_list(arg);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ val = sk_CONF_VALUE_value(vals, i);
+ if (!set_table_opts(flags, val->name, in_tbl))
+ ret = 0;
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
+ c = arg[0];
+
+ if(c == '-') {
+ c = 0;
+ arg++;
+ } else if (c == '+') {
+ c = 1;
+ arg++;
+ } else c = 1;
+
+ for(ptbl = in_tbl; ptbl->name; ptbl++) {
+ if(!strcasecmp(arg, ptbl->name)) {
+ *flags &= ~ptbl->mask;
+ if(c) *flags |= ptbl->flag;
+ else *flags &= ~ptbl->flag;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
+{
+ char *buf;
+ char mline = 0;
+ int indent = 0;
+
+ if(title) BIO_puts(out, title);
+ if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mline = 1;
+ indent = 4;
+ }
+ if(lflags == XN_FLAG_COMPAT) {
+ buf = X509_NAME_oneline(nm, 0, 0);
+ BIO_puts(out, buf);
+ BIO_puts(out, "\n");
+ OPENSSL_free(buf);
+ } else {
+ if(mline) BIO_puts(out, "\n");
+ X509_NAME_print_ex(out, nm, indent, lflags);
+ BIO_puts(out, "\n");
+ }
+}
+
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if(!(store = X509_STORE_new())) goto end;
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = ENGINE_by_id("dynamic");
+ if (e)
+ {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+ {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+ }
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = NULL;
+
+ if (engine)
+ {
+ if(strcmp(engine, "auto") == 0)
+ {
+ BIO_printf(err,"enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if((e = ENGINE_by_id(engine)) == NULL
+ && (e = try_load_engine(err, engine, debug)) == NULL)
+ {
+ BIO_printf(err,"invalid engine \"%s\"\n", engine);
+ ERR_print_errors(err);
+ return NULL;
+ }
+ if (debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, err, 0);
+ }
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(err,"can't use that engine\n");
+ ERR_print_errors(err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+ }
+#endif
+
+int load_config(BIO *err, CONF *cnf)
+ {
+ if (!cnf)
+ cnf = config;
+ if (!cnf)
+ return 1;
+
+ OPENSSL_load_builtin_modules();
+
+ if (CONF_modules_load(cnf, NULL, 0) <= 0)
+ {
+ BIO_printf(err, "Error configuring OpenSSL\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ return 1;
+ }
+
+char *make_config_name()
+ {
+ const char *t=X509_get_default_cert_area();
+ size_t len;
+ char *p;
+
+ len=strlen(t)+strlen(OPENSSL_CONF)+2;
+ p=OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
+ BUF_strlcpy(p,t,len);
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(p,"/",len);
+#endif
+ BUF_strlcat(p,OPENSSL_CONF,len);
+
+ return p;
+ }
+
+static unsigned long index_serial_hash(const char **a)
+ {
+ const char *n;
+
+ n=a[DB_serial];
+ while (*n == '0') n++;
+ return(lh_strhash(n));
+ }
+
+static int index_serial_cmp(const char **a, const char **b)
+ {
+ const char *aa,*bb;
+
+ for (aa=a[DB_serial]; *aa == '0'; aa++);
+ for (bb=b[DB_serial]; *bb == '0'; bb++);
+ return(strcmp(aa,bb));
+ }
+
+static int index_name_qual(char **a)
+ { return(a[0][0] == 'V'); }
+
+static unsigned long index_name_hash(const char **a)
+ { return(lh_strhash(a[DB_name])); }
+
+int index_name_cmp(const char **a, const char **b)
+ { return(strcmp(a[DB_name],
+ b[DB_name])); }
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+#undef BSIZE
+#define BSIZE 256
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+ {
+ BIO *in=NULL;
+ BIGNUM *ret=NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai=NULL;
+
+ ai=ASN1_INTEGER_new();
+ if (ai == NULL) goto err;
+
+ if ((in=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in,serialfile) <= 0)
+ {
+ if (!create)
+ {
+ perror(serialfile);
+ goto err;
+ }
+ else
+ {
+ ret=BN_new();
+ if (ret == NULL || !rand_serial(ret, ai))
+ BIO_printf(bio_err, "Out of memory\n");
+ }
+ }
+ else
+ {
+ if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+ {
+ BIO_printf(bio_err,"unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret=ASN1_INTEGER_to_BN(ai,NULL);
+ if (ret == NULL)
+ {
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+ goto err;
+ }
+ }
+
+ if (ret && retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (in != NULL) BIO_free(in);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
+ {
+ char buf[1][BSIZE];
+ BIO *out = NULL;
+ int ret=0;
+ ASN1_INTEGER *ai=NULL;
+ int j;
+
+ if (suffix == NULL)
+ j = strlen(serialfile);
+ else
+ j = strlen(serialfile) + strlen(suffix) + 1;
+ if (j >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ if (suffix == NULL)
+ BUF_strlcpy(buf[0], serialfile, BSIZE);
+ else
+ {
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+#endif
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out,ai);
+ BIO_puts(out,"\n");
+ ret=1;
+ if (retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+err:
+ if (out != NULL) BIO_free_all(out);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(serialfile) + strlen(old_suffix);
+ j = strlen(serialfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 1 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ serialfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ serialfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ serialfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ serialfile, old_suffix);
+#endif
+ if (stat(serialfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ serialfile, buf[1]);
+#endif
+ if (rename(serialfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ serialfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],serialfile);
+#endif
+ if (rename(buf[0],serialfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],serialfile);
+ perror("reason");
+ rename(buf[1],serialfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+ {
+ BIGNUM *btmp;
+ int ret = 0;
+ if (b)
+ btmp = b;
+ else
+ btmp = BN_new();
+
+ if (!btmp)
+ return 0;
+
+ if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ goto error;
+ if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+ goto error;
+
+ ret = 1;
+
+ error:
+
+ if (!b)
+ BN_free(btmp);
+
+ return ret;
+ }
+
+CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+ {
+ CA_DB *retdb = NULL;
+ TXT_DB *tmpdb = NULL;
+ BIO *in = BIO_new(BIO_s_file());
+ CONF *dbattr_conf = NULL;
+ char buf[1][BSIZE];
+ long errorline= -1;
+
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
+ {
+ if (tmpdb != NULL) TXT_DB_free(tmpdb);
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+#else
+ BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+ dbattr_conf = NCONF_new(NULL);
+ if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
+ {
+ if (errorline > 0)
+ {
+ BIO_printf(bio_err,
+ "error on line %ld of db attribute file '%s'\n"
+ ,errorline,buf[0]);
+ goto err;
+ }
+ else
+ {
+ NCONF_free(dbattr_conf);
+ dbattr_conf = NULL;
+ }
+ }
+
+ if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
+ {
+ fprintf(stderr, "Out of memory\n");
+ goto err;
+ }
+
+ retdb->db = tmpdb;
+ tmpdb = NULL;
+ if (db_attr)
+ retdb->attributes = *db_attr;
+ else
+ {
+ retdb->attributes.unique_subject = 1;
+ }
+
+ if (dbattr_conf)
+ {
+ char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
+ if (p)
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+#endif
+ retdb->attributes.unique_subject = parse_yesno(p,1);
+ }
+ }
+
+ err:
+ if (dbattr_conf) NCONF_free(dbattr_conf);
+ if (tmpdb) TXT_DB_free(tmpdb);
+ if (in) BIO_free_all(in);
+ return retdb;
+ }
+
+int index_index(CA_DB *db)
+ {
+ if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp)))
+ {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+
+ if (db->attributes.unique_subject
+ && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp)))
+ {
+ BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+ return 1;
+ }
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+ {
+ char buf[3][BSIZE];
+ BIO *out = BIO_new(BIO_s_file());
+ int j;
+
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ j = strlen(dbfile) + strlen(suffix);
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ j=TXT_DB_write(out,db->db);
+ if (j <= 0) goto err;
+
+ BIO_free(out);
+
+ out = BIO_new(BIO_s_file());
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+ if (BIO_write_filename(out,buf[1]) <= 0)
+ {
+ perror(buf[2]);
+ BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
+ goto err;
+ }
+ BIO_printf(out,"unique_subject = %s\n",
+ db->attributes.unique_subject ? "yes" : "no");
+ BIO_free(out);
+
+ return 1;
+ err:
+ return 0;
+ }
+
+int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(dbfile) + strlen(old_suffix);
+ j = strlen(dbfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ dbfile, old_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
+ dbfile, old_suffix);
+#endif
+ if (stat(dbfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ dbfile, buf[1]);
+#endif
+ if (rename(dbfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],dbfile);
+#endif
+ if (rename(buf[0],dbfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],dbfile);
+ perror("reason");
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ if (stat(buf[4],&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[4],buf[3]);
+#endif
+ if (rename(buf[4],buf[3]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[4], buf[3]);
+ perror("reason");
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[2],buf[4]);
+#endif
+ if (rename(buf[2],buf[4]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[2],buf[4]);
+ perror("reason");
+ rename(buf[3],buf[4]);
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+void free_index(CA_DB *db)
+ {
+ if (db)
+ {
+ if (db->db) TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
+ }
+
+int parse_yesno(const char *str, int def)
+ {
+ int ret = def;
+ if (str)
+ {
+ switch (*str)
+ {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ case '0': /* 0 */
+ ret = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ case '1': /* 1 */
+ ret = 1;
+ break;
+ default:
+ ret = def;
+ break;
+ }
+ }
+ return ret;
+ }
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(char *subject, long chtype, int multirdn)
+ {
+ size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+ char *buf = OPENSSL_malloc(buflen);
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+ char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
+ int *mval = OPENSSL_malloc (max_ne * sizeof (int));
+
+ char *sp = subject, *bp = buf;
+ int i, ne_num = 0;
+
+ X509_NAME *n = NULL;
+ int nid;
+
+ if (!buf || !ne_types || !ne_values || !mval)
+ {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+ }
+
+ if (*subject != '/')
+ {
+ BIO_printf(bio_err, "Subject does not start with '/'.\n");
+ goto error;
+ }
+ sp++; /* skip leading / */
+
+ /* no multivalued RDN by default */
+ mval[ne_num] = 0;
+
+ while (*sp)
+ {
+ /* collect type */
+ ne_types[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\') /* is there anything to escape in the type...? */
+ {
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end of string\n");
+ goto error;
+ }
+ }
+ else if (*sp == '=')
+ {
+ sp++;
+ *bp++ = '\0';
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ if (!*sp)
+ {
+ BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+ goto error;
+ }
+ ne_values[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\')
+ {
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end of string\n");
+ goto error;
+ }
+ }
+ else if (*sp == '/')
+ {
+ sp++;
+ /* no multivalued RDN by default */
+ mval[ne_num+1] = 0;
+ break;
+ }
+ else if (*sp == '+' && multirdn)
+ {
+ /* a not escaped + signals a mutlivalued RDN */
+ sp++;
+ mval[ne_num+1] = -1;
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ *bp++ = '\0';
+ ne_num++;
+ }
+
+ if (!(n = X509_NAME_new()))
+ goto error;
+
+ for (i = 0; i < ne_num; i++)
+ {
+ if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+ {
+ BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!*ne_values[i])
+ {
+ BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
+ goto error;
+ }
+
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
+ OPENSSL_free(mval);
+ return n;
+
+error:
+ X509_NAME_free(n);
+ if (ne_values)
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
+ if (mval)
+ OPENSSL_free(mval);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
+}
+
+/* This code MUST COME AFTER anything that uses rename() */
+#ifdef OPENSSL_SYS_WIN32
+int WIN32_rename(const char *from, const char *to)
+ {
+#ifndef OPENSSL_SYS_WINCE
+ /* Windows rename gives an error if 'to' exists, so delete it
+ * first and ignore file not found errror
+ */
+ if((remove(to) != 0) && (errno != ENOENT))
+ return -1;
+#undef rename
+ return rename(from, to);
+#else
+ /* convert strings to UNICODE */
+ {
+ BOOL result = FALSE;
+ WCHAR* wfrom;
+ WCHAR* wto;
+ int i;
+ wfrom = malloc((strlen(from)+1)*2);
+ wto = malloc((strlen(to)+1)*2);
+ if (wfrom != NULL && wto != NULL)
+ {
+ for (i=0; i<(int)strlen(from)+1; i++)
+ wfrom[i] = (short)from[i];
+ for (i=0; i<(int)strlen(to)+1; i++)
+ wto[i] = (short)to[i];
+ result = MoveFile(wfrom, wto);
+ }
+ if (wfrom != NULL)
+ free(wfrom);
+ if (wto != NULL)
+ free(wto);
+ return result;
+ }
+#endif
+ }
+#endif
+
+int args_verify(char ***pargs, int *pargc,
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+ {
+ ASN1_OBJECT *otmp = NULL;
+ unsigned long flags = 0;
+ int i;
+ int purpose = 0;
+ char **oldargs = *pargs;
+ char *arg = **pargs, *argn = (*pargs)[1];
+ if (!strcmp(arg, "-policy"))
+ {
+ if (!argn)
+ *badarg = 1;
+ else
+ {
+ otmp = OBJ_txt2obj(argn, 0);
+ if (!otmp)
+ {
+ BIO_printf(err, "Invalid Policy \"%s\"\n",
+ argn);
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ }
+ else if (strcmp(arg,"-purpose") == 0)
+ {
+ X509_PURPOSE *xptmp;
+ if (!argn)
+ *badarg = 1;
+ else
+ {
+ i = X509_PURPOSE_get_by_sname(argn);
+ if(i < 0)
+ {
+ BIO_printf(err, "unrecognized purpose\n");
+ *badarg = 1;
+ }
+ else
+ {
+ xptmp = X509_PURPOSE_get0(i);
+ purpose = X509_PURPOSE_get_id(xptmp);
+ }
+ }
+ (*pargs)++;
+ }
+ else if (!strcmp(arg, "-ignore_critical"))
+ flags |= X509_V_FLAG_IGNORE_CRITICAL;
+ else if (!strcmp(arg, "-issuer_checks"))
+ flags |= X509_V_FLAG_CB_ISSUER_CHECK;
+ else if (!strcmp(arg, "-crl_check"))
+ flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp(arg, "-crl_check_all"))
+ flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ else if (!strcmp(arg, "-policy_check"))
+ flags |= X509_V_FLAG_POLICY_CHECK;
+ else if (!strcmp(arg, "-explicit_policy"))
+ flags |= X509_V_FLAG_EXPLICIT_POLICY;
+ else if (!strcmp(arg, "-x509_strict"))
+ flags |= X509_V_FLAG_X509_STRICT;
+ else if (!strcmp(arg, "-policy_print"))
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else
+ return 0;
+
+ if (*badarg)
+ {
+ if (*pm)
+ X509_VERIFY_PARAM_free(*pm);
+ *pm = NULL;
+ goto end;
+ }
+
+ if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
+ {
+ *badarg = 1;
+ goto end;
+ }
+
+ if (otmp)
+ X509_VERIFY_PARAM_add0_policy(*pm, otmp);
+ if (flags)
+ X509_VERIFY_PARAM_set_flags(*pm, flags);
+
+ if (purpose)
+ X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+ end:
+
+ (*pargs)++;
+
+ if (pargc)
+ *pargc -= *pargs - oldargs;
+
+ return 1;
+
+ }
+
+static void nodes_print(BIO *out, const char *name,
+ STACK_OF(X509_POLICY_NODE) *nodes)
+ {
+ X509_POLICY_NODE *node;
+ int i;
+ BIO_printf(out, "%s Policies:", name);
+ if (nodes)
+ {
+ BIO_puts(out, "\n");
+ for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
+ {
+ node = sk_X509_POLICY_NODE_value(nodes, i);
+ X509_POLICY_NODE_print(out, node, 2);
+ }
+ }
+ else
+ BIO_puts(out, " <empty>\n");
+ }
+
+void policies_print(BIO *out, X509_STORE_CTX *ctx)
+ {
+ X509_POLICY_TREE *tree;
+ int explicit_policy;
+ int free_out = 0;
+ if (out == NULL)
+ {
+ out = BIO_new_fp(stderr, BIO_NOCLOSE);
+ free_out = 1;
+ }
+ tree = X509_STORE_CTX_get0_policy_tree(ctx);
+ explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+ BIO_printf(out, "Require explicit Policy: %s\n",
+ explicit_policy ? "True" : "False");
+
+ nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
+ nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+ if (free_out)
+ BIO_free(out);
+ }
+
+#ifndef OPENSSL_NO_JPAKE
+
+static JPAKE_CTX *jpake_init(const char *us, const char *them,
+ const char *secret)
+ {
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *bnsecret = BN_new();
+ JPAKE_CTX *ctx;
+
+ /* Use a safe prime for p (that we found earlier) */
+ BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+ g = BN_new();
+ BN_set_word(g, 2);
+ q = BN_new();
+ BN_rshift1(q, p);
+
+ BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+
+ ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
+ BN_free(bnsecret);
+ BN_free(q);
+ BN_free(g);
+ BN_free(p);
+
+ return ctx;
+ }
+
+static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
+ {
+ BN_print(conn, p->gx);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.gr);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.b);
+ BIO_puts(conn, "\n");
+ }
+
+static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ JPAKE_STEP1_generate(&s1, ctx);
+ jpake_send_part(bconn, &s1.p1);
+ jpake_send_part(bconn, &s1.p2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP1_release(&s1);
+ }
+
+static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ JPAKE_STEP2_generate(&s2, ctx);
+ jpake_send_part(bconn, &s2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP2_release(&s2);
+ }
+
+static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP3A s3a;
+
+ JPAKE_STEP3A_init(&s3a);
+ JPAKE_STEP3A_generate(&s3a, ctx);
+ BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3A_release(&s3a);
+ }
+
+static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP3B s3b;
+
+ JPAKE_STEP3B_init(&s3b);
+ JPAKE_STEP3B_generate(&s3b, ctx);
+ BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3B_release(&s3b);
+ }
+
+static void readbn(BIGNUM **bn, BIO *bconn)
+ {
+ char buf[10240];
+ int l;
+
+ l = BIO_gets(bconn, buf, sizeof buf);
+ assert(l > 0);
+ assert(buf[l-1] == '\n');
+ buf[l-1] = '\0';
+ BN_hex2bn(bn, buf);
+ }
+
+static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
+ {
+ readbn(&p->gx, bconn);
+ readbn(&p->zkpx.gr, bconn);
+ readbn(&p->zkpx.b, bconn);
+ }
+
+static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ jpake_receive_part(&s1.p1, bconn);
+ jpake_receive_part(&s1.p2, bconn);
+ if(!JPAKE_STEP1_process(ctx, &s1))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP1_release(&s1);
+ }
+
+static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ jpake_receive_part(&s2, bconn);
+ if(!JPAKE_STEP2_process(ctx, &s2))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP2_release(&s2);
+ }
+
+static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP3A s3a;
+ int l;
+
+ JPAKE_STEP3A_init(&s3a);
+ l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
+ assert(l == sizeof s3a.hhk);
+ if(!JPAKE_STEP3A_process(ctx, &s3a))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3A_release(&s3a);
+ }
+
+static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP3B s3b;
+ int l;
+
+ JPAKE_STEP3B_init(&s3b);
+ l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
+ assert(l == sizeof s3b.hk);
+ if(!JPAKE_STEP3B_process(ctx, &s3b))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3B_release(&s3b);
+ }
+
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
+ {
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("client", "server", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step3a(bconn, ctx);
+ jpake_receive_step3b(ctx, bconn);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+ }
+
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
+ {
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("server", "client", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step3a(ctx, bconn);
+ jpake_send_step3b(bconn, ctx);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/apps/apps.h
===================================================================
--- vendor-crypto/openssl/dist/apps/apps.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/apps.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,367 @@
+/* apps/apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_APPS_H
+#define HEADER_APPS_H
+
+#include "e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_OCSP
+#include <openssl/ocsp.h>
+#endif
+#include <openssl/ossl_typ.h>
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+ * separated by LIST_SEPARATOR_CHAR
+ * (see e_os.h). The string is
+ * destroyed! */
+
+#ifdef OPENSSL_SYS_WIN32
+#define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(const char *oldname,const char *newname);
+#endif
+
+#ifndef MONOLITH
+
+#define MAIN(a,v) main(a,v)
+
+#ifndef NON_MAIN
+CONF *config=NULL;
+BIO *bio_err=NULL;
+int in_FIPS_mode=0;
+#else
+extern CONF *config;
+extern BIO *bio_err;
+extern int in_FIPS_mode;
+#endif
+
+#else
+
+#define MAIN(a,v) PROG(a,v)
+extern CONF *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+extern int in_FIPS_mode;
+
+#endif
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifdef SIGPIPE
+#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
+#else
+#define do_pipe_sig()
+#endif
+
+#if defined(MONOLITH) && !defined(OPENSSL_C)
+# define apps_startup() \
+ do_pipe_sig()
+# define apps_shutdown()
+#else
+# ifndef OPENSSL_NO_ENGINE
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
+# else
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
+# endif
+#endif
+
+#ifdef OPENSSL_SYSNAME_WIN32
+# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+#else
+# define openssl_fdset(a,b) FD_SET(a, b)
+#endif
+
+typedef struct args_st
+ {
+ char **data;
+ int count;
+ } ARGS;
+
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+ {
+ const void *password;
+ const char *prompt_info;
+ } PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+ PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in,char *out,int size);
+int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
+#endif
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+#ifndef OPENSSL_NO_ENGINE
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+#endif
+
+#ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port, int use_ssl,
+ int req_timeout);
+#endif
+
+int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique when active and not disabled */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+typedef struct db_attr_st
+ {
+ int unique_subject;
+ } DB_ATTR;
+typedef struct ca_db_st
+ {
+ DB_ATTR attributes;
+ TXT_DB *db;
+ } CA_DB;
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
+void free_index(CA_DB *db);
+int index_name_cmp(const char **a, const char **b);
+int parse_yesno(const char *str, int def);
+
+X509_NAME *parse_name(char *str, long chtype, int multirdn);
+int args_verify(char ***pargs, int *pargc,
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
+void policies_print(BIO *out, X509_STORE_CTX *ctx);
+#ifndef OPENSSL_NO_JPAKE
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
+#endif
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+#define FORMAT_NETSCAPE 4
+#define FORMAT_PKCS12 5
+#define FORMAT_SMIME 6
+#define FORMAT_ENGINE 7
+#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
+
+#define EXT_COPY_NONE 0
+#define EXT_COPY_ADD 1
+#define EXT_COPY_ALL 2
+
+#define NETSCAPE_CERT_HDR "certificate"
+
+#define APP_PASS_LEN 1024
+
+#define SERIAL_RAND_BITS 64
+
+#endif
Added: vendor-crypto/openssl/dist/apps/asn1pars.c
===================================================================
--- vendor-crypto/openssl/dist/apps/asn1pars.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/asn1pars.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,445 @@
+/* apps/asn1pars.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* A nice addition from Dr Stephen Henson <steve at openssl.org> to
+ * add the -strparse option which parses nested binary structures
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -in arg - input file - default stdin
+ * -i - indent the details by depth
+ * -offset - where in the file to start
+ * -length - how many bytes to use
+ * -oid file - extra oid description file
+ */
+
+#undef PROG
+#define PROG asn1parse_main
+
+int MAIN(int, char **);
+
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
+
+int MAIN(int argc, char **argv)
+ {
+ int i,badops=0,offset=0,ret=1,j;
+ unsigned int length=0;
+ long num,tmplen;
+ BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
+ int informat,indent=0, noout = 0, dump = 0;
+ char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
+ char *genstr=NULL, *genconf=NULL;
+ unsigned char *tmpbuf;
+ const unsigned char *ctmpbuf;
+ BUF_MEM *buf=NULL;
+ STACK *osk=NULL;
+ ASN1_TYPE *at=NULL;
+
+ informat=FORMAT_PEM;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ if ((osk=sk_new_null()) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto end;
+ }
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ derfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-i") == 0)
+ {
+ indent=1;
+ }
+ else if (strcmp(*argv,"-noout") == 0) noout = 1;
+ else if (strcmp(*argv,"-oid") == 0)
+ {
+ if (--argc < 1) goto bad;
+ oidfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-offset") == 0)
+ {
+ if (--argc < 1) goto bad;
+ offset= atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-length") == 0)
+ {
+ if (--argc < 1) goto bad;
+ length= atoi(*(++argv));
+ if (length == 0) goto bad;
+ }
+ else if (strcmp(*argv,"-dump") == 0)
+ {
+ dump= -1;
+ }
+ else if (strcmp(*argv,"-dlimit") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dump= atoi(*(++argv));
+ if (dump <= 0) goto bad;
+ }
+ else if (strcmp(*argv,"-strparse") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sk_push(osk,*(++argv));
+ }
+ else if (strcmp(*argv,"-genstr") == 0)
+ {
+ if (--argc < 1) goto bad;
+ genstr= *(++argv);
+ }
+ else if (strcmp(*argv,"-genconf") == 0)
+ {
+ if (--argc < 1) goto bad;
+ genconf= *(++argv);
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file (output format is always DER\n");
+ BIO_printf(bio_err," -noout arg don't produce any output\n");
+ BIO_printf(bio_err," -offset arg offset into file\n");
+ BIO_printf(bio_err," -length arg length of section in file\n");
+ BIO_printf(bio_err," -i indent entries\n");
+ BIO_printf(bio_err," -dump dump unknown data in hex form\n");
+ BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
+ BIO_printf(bio_err," -oid file file of extra oid definitions\n");
+ BIO_printf(bio_err," -strparse offset\n");
+ BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
+ BIO_printf(bio_err," ASN1 blob wrappings\n");
+ BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
+ BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+
+ if (oidfile != NULL)
+ {
+ if (BIO_read_filename(in,oidfile) <= 0)
+ {
+ BIO_printf(bio_err,"problems opening %s\n",oidfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ OBJ_create_objects(in);
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (derfile) {
+ if(!(derout = BIO_new_file(derfile, "wb"))) {
+ BIO_printf(bio_err,"problems opening %s\n",derfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((buf=BUF_MEM_new()) == NULL) goto end;
+ if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
+
+ if (genstr || genconf)
+ {
+ num = do_generate(bio_err, genstr, genconf, buf);
+ if (num < 0)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ else
+ {
+
+ if (informat == FORMAT_PEM)
+ {
+ BIO *tmp;
+
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ BIO_push(b64,in);
+ tmp=in;
+ in=b64;
+ b64=tmp;
+ }
+
+ num=0;
+ for (;;)
+ {
+ if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+ i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+ if (i <= 0) break;
+ num+=i;
+ }
+ }
+ str=buf->data;
+
+ /* If any structs to parse go through in sequence */
+
+ if (sk_num(osk))
+ {
+ tmpbuf=(unsigned char *)str;
+ tmplen=num;
+ for (i=0; i<sk_num(osk); i++)
+ {
+ ASN1_TYPE *atmp;
+ int typ;
+ j=atoi(sk_value(osk,i));
+ if (j == 0)
+ {
+ BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+ continue;
+ }
+ tmpbuf+=j;
+ tmplen-=j;
+ atmp = at;
+ ctmpbuf = tmpbuf;
+ at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
+ ASN1_TYPE_free(atmp);
+ if(!at)
+ {
+ BIO_printf(bio_err,"Error parsing structure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ typ = ASN1_TYPE_get(at);
+ if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_NULL))
+ {
+ BIO_printf(bio_err, "Can't parse %s type\n",
+ typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ /* hmm... this is a little evil but it works */
+ tmpbuf=at->value.asn1_string->data;
+ tmplen=at->value.asn1_string->length;
+ }
+ str=(char *)tmpbuf;
+ num=tmplen;
+ }
+
+ if (offset >= num)
+ {
+ BIO_printf(bio_err, "Error: offset too large\n");
+ goto end;
+ }
+
+ num -= offset;
+
+ if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
+ if(derout) {
+ if(BIO_write(derout, str + offset, length) != (int)length) {
+ BIO_printf(bio_err, "Error writing output\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (!noout &&
+ !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
+ indent,dump))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ BIO_free(derout);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (b64 != NULL) BIO_free(b64);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (buf != NULL) BUF_MEM_free(buf);
+ if (at != NULL) ASN1_TYPE_free(at);
+ if (osk != NULL) sk_free(osk);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
+ {
+ CONF *cnf = NULL;
+ int len;
+ long errline;
+ unsigned char *p;
+ ASN1_TYPE *atyp = NULL;
+
+ if (genconf)
+ {
+ cnf = NCONF_new(NULL);
+ if (!NCONF_load(cnf, genconf, &errline))
+ goto conferr;
+ if (!genstr)
+ genstr = NCONF_get_string(cnf, "default", "asn1");
+ if (!genstr)
+ {
+ BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
+ goto err;
+ }
+ }
+
+ atyp = ASN1_generate_nconf(genstr, cnf);
+ NCONF_free(cnf);
+ cnf = NULL;
+
+ if (!atyp)
+ return -1;
+
+ len = i2d_ASN1_TYPE(atyp, NULL);
+
+ if (len <= 0)
+ goto err;
+
+ if (!BUF_MEM_grow(buf,len))
+ goto err;
+
+ p=(unsigned char *)buf->data;
+
+ i2d_ASN1_TYPE(atyp, &p);
+
+ ASN1_TYPE_free(atyp);
+ return len;
+
+ conferr:
+
+ if (errline > 0)
+ BIO_printf(bio, "Error on line %ld of config file '%s'\n",
+ errline, genconf);
+ else
+ BIO_printf(bio, "Error loading config file '%s'\n", genconf);
+
+ err:
+ NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
+
+ return -1;
+
+ }
Added: vendor-crypto/openssl/dist/apps/ca-cert.srl
===================================================================
--- vendor-crypto/openssl/dist/apps/ca-cert.srl (rev 0)
+++ vendor-crypto/openssl/dist/apps/ca-cert.srl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+07
Added: vendor-crypto/openssl/dist/apps/ca-key.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/ca-key.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/ca-key.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/ca-req.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/ca-req.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/ca-req.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
+bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
+FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
+cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
+cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
+5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
+kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/ca.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ca.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/ca.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2998 @@
+/* apps/ca.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* The PPKI stuff has been donated by Jeff Barber <jeffb at issl.atl.hp.com> */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef OPENSSL_SYS_VMS
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
+# endif
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
+# include <sys/file.h>
+# endif
+#endif
+
+#include "apps.h"
+
+#ifndef W_OK
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#undef PROG
+#define PROG ca_main
+
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
+
+#define ENV_DEFAULT_CA "default_ca"
+
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
+
+#define ENV_DIR "dir"
+#define ENV_CERTS "certs"
+#define ENV_CRL_DIR "crl_dir"
+#define ENV_CA_DB "CA_DB"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_CRLNUMBER "crlnumber"
+#define ENV_CRL "crl"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_RANDFILE "RANDFILE"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_STARTDATE "default_startdate"
+#define ENV_DEFAULT_ENDDATE "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_CRLEXT "crl_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+#define ENV_NAMEOPT "name_opt"
+#define ENV_CERTOPT "cert_opt"
+#define ENV_EXTCOPY "copy_extensions"
+#define ENV_UNIQUE_SUBJECT "unique_subject"
+
+#define ENV_DATABASE "database"
+
+/* Additional revocation information types */
+
+#define REV_NONE 0 /* No addditional information */
+#define REV_CRL_REASON 1 /* Value is CRL reason code */
+#define REV_HOLD 2 /* Value is hold instruction */
+#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
+#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+
+static const char *ca_usage[]={
+"usage: ca args\n",
+"\n",
+" -verbose - Talk alot while doing things\n",
+" -config file - A config file\n",
+" -name arg - The particular CA definition to use\n",
+" -gencrl - Generate a new CRL\n",
+" -crldays days - Days is when the next CRL is due\n",
+" -crlhours hours - Hours is when the next CRL is due\n",
+" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
+" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
+" -days arg - number of days to certify the certificate for\n",
+" -md arg - md to use, one of md2, md5, sha or sha1\n",
+" -policy arg - The CA 'policy' to support\n",
+" -keyfile arg - private key file\n",
+" -keyform arg - private key file format (PEM or ENGINE)\n",
+" -key arg - key to decode the private key if it is encrypted\n",
+" -cert file - The CA certificate\n",
+" -selfsign - sign a certificate with the key associated with it\n",
+" -in file - The input PEM encoded certificate request(s)\n",
+" -out file - Where to put the output file(s)\n",
+" -outdir dir - Where to put output certificates\n",
+" -infiles .... - The last argument, requests to process\n",
+" -spkac file - File contains DN and signed public key and challenge\n",
+" -ss_cert file - File contains a self signed cert to sign\n",
+" -preserveDN - Don't re-order the DN\n",
+" -noemailDN - Don't add the EMAIL field into certificate' subject\n",
+" -batch - Don't ask questions\n",
+" -msie_hack - msie modifications to handle all those universal strings\n",
+" -revoke file - Revoke a certificate (given in file)\n",
+" -subj arg - Use arg instead of request's subject\n",
+" -utf8 - input characters are UTF8 (default ASCII)\n",
+" -multivalue-rdn - enable support for multivalued RDNs\n",
+" -extensions .. - Extension section (override value in config file)\n",
+" -extfile file - Configuration file with X509v3 extentions to add\n",
+" -crlexts .. - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
+" -engine e - use engine e, possibly a hardware device.\n",
+#endif
+" -status serial - Shows certificate status given the serial number\n",
+" -updatedb - Updates db for expired certificates\n",
+NULL
+};
+
+#ifdef EFENCE
+extern int EF_PROTECT_FREE;
+extern int EF_PROTECT_BELOW;
+extern int EF_ALIGNMENT;
+#endif
+
+static void lookup_fail(const char *name, const char *tag);
+static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
+ BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy,
+ ENGINE *e);
+static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, char *ext_sect,
+ CONF *conf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
+ int email_dn, char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy, int selfsign);
+static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
+static int check_time_format(const char *str);
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, const char *str);
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
+static char *section=NULL;
+
+static int preserve=0;
+static int msie_hack=0;
+
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char *key=NULL,*passargin=NULL;
+ int create_ser = 0;
+ int free_key = 0;
+ int total=0;
+ int total_done=0;
+ int badops=0;
+ int ret=1;
+ int email_dn=1;
+ int req=0;
+ int verbose=0;
+ int gencrl=0;
+ int dorevoke=0;
+ int doupdatedb=0;
+ long crldays=0;
+ long crlhours=0;
+ long errorline= -1;
+ char *configfile=NULL;
+ char *md=NULL;
+ char *policy=NULL;
+ char *keyfile=NULL;
+ char *certfile=NULL;
+ int keyform=FORMAT_PEM;
+ char *infile=NULL;
+ char *spkac_file=NULL;
+ char *ss_cert_file=NULL;
+ char *ser_status=NULL;
+ EVP_PKEY *pkey=NULL;
+ int output_der = 0;
+ char *outfile=NULL;
+ char *outdir=NULL;
+ char *serialfile=NULL;
+ char *crlnumberfile=NULL;
+ char *extensions=NULL;
+ char *extfile=NULL;
+ char *subj=NULL;
+ unsigned long chtype = MBSTRING_ASC;
+ int multirdn = 0;
+ char *tmp_email_dn=NULL;
+ char *crl_ext=NULL;
+ int rev_type = REV_NONE;
+ char *rev_arg = NULL;
+ BIGNUM *serial=NULL;
+ BIGNUM *crlnumber=NULL;
+ char *startdate=NULL;
+ char *enddate=NULL;
+ long days=0;
+ int batch=0;
+ int notext=0;
+ unsigned long nameopt = 0, certopt = 0;
+ int default_op = 1;
+ int ext_copy = EXT_COPY_NONE;
+ int selfsign = 0;
+ X509 *x509=NULL, *x509p = NULL;
+ X509 *x=NULL;
+ BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
+ char *dbfile=NULL;
+ CA_DB *db=NULL;
+ X509_CRL *crl=NULL;
+ X509_REVOKED *r=NULL;
+ ASN1_TIME *tmptm;
+ ASN1_INTEGER *tmpser;
+ char *f;
+ const char *p, **pp;
+ int i,j;
+ const EVP_MD *dgst=NULL;
+ STACK_OF(CONF_VALUE) *attribs=NULL;
+ STACK_OF(X509) *cert_sk=NULL;
+#undef BSIZE
+#define BSIZE 256
+ MS_STATIC char buf[3][BSIZE];
+ char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ char *tofree=NULL;
+ DB_ATTR db_attr;
+
+#ifdef EFENCE
+EF_PROTECT_FREE=1;
+EF_PROTECT_BELOW=1;
+EF_ALIGNMENT=0;
+#endif
+
+ apps_startup();
+
+ conf = NULL;
+ key = NULL;
+ section = NULL;
+
+ preserve=0;
+ msie_hack=0;
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-verbose") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-config") == 0)
+ {
+ if (--argc < 1) goto bad;
+ configfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-name") == 0)
+ {
+ if (--argc < 1) goto bad;
+ section= *(++argv);
+ }
+ else if (strcmp(*argv,"-subj") == 0)
+ {
+ if (--argc < 1) goto bad;
+ subj= *(++argv);
+ /* preserve=1; */
+ }
+ else if (strcmp(*argv,"-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv,"-create_serial") == 0)
+ create_ser = 1;
+ else if (strcmp(*argv,"-multivalue-rdn") == 0)
+ multirdn=1;
+ else if (strcmp(*argv,"-startdate") == 0)
+ {
+ if (--argc < 1) goto bad;
+ startdate= *(++argv);
+ }
+ else if (strcmp(*argv,"-enddate") == 0)
+ {
+ if (--argc < 1) goto bad;
+ enddate= *(++argv);
+ }
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days=atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-md") == 0)
+ {
+ if (--argc < 1) goto bad;
+ md= *(++argv);
+ }
+ else if (strcmp(*argv,"-policy") == 0)
+ {
+ if (--argc < 1) goto bad;
+ policy= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key= *(++argv);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ certfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-selfsign") == 0)
+ selfsign=1;
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-outdir") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outdir= *(++argv);
+ }
+ else if (strcmp(*argv,"-notext") == 0)
+ notext=1;
+ else if (strcmp(*argv,"-batch") == 0)
+ batch=1;
+ else if (strcmp(*argv,"-preserveDN") == 0)
+ preserve=1;
+ else if (strcmp(*argv,"-noemailDN") == 0)
+ email_dn=0;
+ else if (strcmp(*argv,"-gencrl") == 0)
+ gencrl=1;
+ else if (strcmp(*argv,"-msie_hack") == 0)
+ msie_hack=1;
+ else if (strcmp(*argv,"-crldays") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crldays= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-crlhours") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crlhours= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-infiles") == 0)
+ {
+ argc--;
+ argv++;
+ req=1;
+ break;
+ }
+ else if (strcmp(*argv, "-ss_cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ss_cert_file = *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv, "-spkac") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spkac_file = *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv,"-revoke") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ dorevoke=1;
+ }
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions= *(++argv);
+ }
+ else if (strcmp(*argv,"-extfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-status") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ser_status= *(++argv);
+ }
+ else if (strcmp(*argv,"-updatedb") == 0)
+ {
+ doupdatedb=1;
+ }
+ else if (strcmp(*argv,"-crlexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crl_ext= *(++argv);
+ }
+ else if (strcmp(*argv,"-crl_reason") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CRL_REASON;
+ }
+ else if (strcmp(*argv,"-crl_hold") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_HOLD;
+ }
+ else if (strcmp(*argv,"-crl_compromise") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_KEY_COMPROMISE;
+ }
+ else if (strcmp(*argv,"-crl_CA_compromise") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CA_COMPROMISE;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else
+ {
+bad:
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+ for (pp=ca_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ /*****************************************************************/
+ tofree=NULL;
+ if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+ if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
+ if (configfile == NULL)
+ {
+ const char *s=X509_get_default_cert_area();
+ size_t len;
+
+#ifdef OPENSSL_SYS_VMS
+ len = strlen(s)+sizeof(CONFIG_FILE);
+ tofree=OPENSSL_malloc(len);
+ strcpy(tofree,s);
+#else
+ len = strlen(s)+sizeof(CONFIG_FILE)+1;
+ tofree=OPENSSL_malloc(len);
+ BUF_strlcpy(tofree,s,len);
+ BUF_strlcat(tofree,"/",len);
+#endif
+ BUF_strlcat(tofree,CONFIG_FILE,len);
+ configfile=tofree;
+ }
+
+ BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf,configfile,&errorline) <= 0)
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err,"error loading the config file '%s'\n",
+ configfile);
+ else
+ BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+ ,errorline,configfile);
+ goto err;
+ }
+ if(tofree)
+ {
+ OPENSSL_free(tofree);
+ tofree = NULL;
+ }
+
+ if (!load_config(bio_err, conf))
+ goto err;
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ /* Lets get the config section we are using */
+ if (section == NULL)
+ {
+ section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ if (section == NULL)
+ {
+ lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
+ goto err;
+ }
+ }
+
+ if (conf != NULL)
+ {
+ p=NCONF_get_string(conf,NULL,"oid_file");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL)
+ {
+ BIO *oid_bio;
+
+ oid_bio=BIO_new_file(p,"r");
+ if (oid_bio == NULL)
+ {
+ /*
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ ERR_clear_error();
+ }
+ else
+ {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ if (!add_oid_section(bio_err,conf))
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+
+ f = NCONF_get_string(conf, section, STRING_MASK);
+ if (!f)
+ ERR_clear_error();
+
+ if(f && !ASN1_STRING_set_default_mask_asc(f)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+ goto err;
+ }
+
+ if (chtype != MBSTRING_UTF8){
+ f = NCONF_get_string(conf, section, UTF8_IN);
+ if (!f)
+ ERR_clear_error();
+ else if (!strcmp(f, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+ db_attr.unique_subject = 1;
+ p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+ if (p)
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
+#endif
+ db_attr.unique_subject = parse_yesno(p,1);
+ }
+ else
+ ERR_clear_error();
+#ifdef RL_DEBUG
+ if (!p)
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
+ db_attr.unique_subject);
+#endif
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ Sout=BIO_new(BIO_s_file());
+ Cout=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* report status of cert with serial number given on command line */
+ if (ser_status)
+ {
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ {
+ lookup_fail(section,ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile,&db_attr);
+ if (db == NULL) goto err;
+
+ if (!index_index(db)) goto err;
+
+ if (get_certificate_status(ser_status,db) != 1)
+ BIO_printf(bio_err,"Error verifying serial %s!\n",
+ ser_status);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitely need a private key, so let's get it */
+
+ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
+ section,ENV_PRIVATE_KEY)) == NULL))
+ {
+ lookup_fail(section,ENV_PRIVATE_KEY);
+ goto err;
+ }
+ if (!key)
+ {
+ free_key = 1;
+ if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
+ {
+ BIO_printf(bio_err,"Error getting password\n");
+ goto err;
+ }
+ }
+ pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
+ "CA private key");
+ if (key) OPENSSL_cleanse(key,strlen(key));
+ if (pkey == NULL)
+ {
+ /* load_key() has already printed an appropriate message */
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we need a certificate */
+ if (!selfsign || spkac_file || ss_cert_file || gencrl)
+ {
+ if ((certfile == NULL)
+ && ((certfile=NCONF_get_string(conf,
+ section,ENV_CERTIFICATE)) == NULL))
+ {
+ lookup_fail(section,ENV_CERTIFICATE);
+ goto err;
+ }
+ x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+ "CA certificate");
+ if (x509 == NULL)
+ goto err;
+
+ if (!X509_check_private_key(x509,pkey))
+ {
+ BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+ goto err;
+ }
+ }
+ if (!selfsign) x509p = x509;
+
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ preserve=1;
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ msie_hack=1;
+
+ f=NCONF_get_string(conf,section,ENV_NAMEOPT);
+
+ if (f)
+ {
+ if (!set_name_ex(&nameopt, f))
+ {
+ BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ }
+ else
+ ERR_clear_error();
+
+ f=NCONF_get_string(conf,section,ENV_CERTOPT);
+
+ if (f)
+ {
+ if (!set_cert_ex(&certopt, f))
+ {
+ BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ }
+ else
+ ERR_clear_error();
+
+ f=NCONF_get_string(conf,section,ENV_EXTCOPY);
+
+ if (f)
+ {
+ if (!set_ext_copy(&ext_copy, f))
+ {
+ BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+ goto err;
+ }
+ }
+ else
+ ERR_clear_error();
+
+ /*****************************************************************/
+ /* lookup where to write new certificates */
+ if ((outdir == NULL) && (req))
+ {
+ struct stat sb;
+
+ if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ == NULL)
+ {
+ BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ /* outdir is a directory spec, but access() for VMS demands a
+ filename. In any case, stat(), below, will catch the problem
+ if outdir is not a directory spec, and the fopen() or open()
+ will catch an error if there is no write access.
+
+ Presumably, this problem could also be solved by using the DEC
+ C routines to convert the directory syntax to Unixly, and give
+ that to access(). However, time's too short to do that just
+ now.
+ */
+ if (access(outdir,R_OK|W_OK|X_OK) != 0)
+ {
+ BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+
+ if (stat(outdir,&sb) != 0)
+ {
+ BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+#ifdef S_ISDIR
+ if (!S_ISDIR(sb.st_mode))
+ {
+ BIO_printf(bio_err,"%s need to be a directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+#endif
+#endif
+ }
+
+ /*****************************************************************/
+ /* we need to load the database file */
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ {
+ lookup_fail(section,ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL) goto err;
+
+ /* Lets check some fields */
+ for (i=0; i<sk_num(db->db->data); i++)
+ {
+ pp=(const char **)sk_value(db->db->data,i);
+ if ((pp[DB_type][0] != DB_TYPE_REV) &&
+ (pp[DB_rev_date][0] != '\0'))
+ {
+ BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
+ goto err;
+ }
+ if ((pp[DB_type][0] == DB_TYPE_REV) &&
+ !make_revoked(NULL, pp[DB_rev_date]))
+ {
+ BIO_printf(bio_err," in entry %d\n", i+1);
+ goto err;
+ }
+ if (!check_time_format(pp[DB_exp_date]))
+ {
+ BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
+ goto err;
+ }
+ p=pp[DB_serial];
+ j=strlen(p);
+ if (*p == '-')
+ {
+ p++;
+ j--;
+ }
+ if ((j&1) || (j < 2))
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
+ goto err;
+ }
+ while (*p)
+ {
+ if (!( ((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f'))) )
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
+ goto err;
+ }
+ p++;
+ }
+ }
+ if (verbose)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ TXT_DB_write(out,db->db);
+ BIO_printf(bio_err,"%d entries loaded from the database\n",
+ db->db->data->num);
+ BIO_printf(bio_err,"generating index\n");
+ }
+
+ if (!index_index(db)) goto err;
+
+ /*****************************************************************/
+ /* Update the db file for expired certificates */
+ if (doupdatedb)
+ {
+ if (verbose)
+ BIO_printf(bio_err, "Updating %s ...\n",
+ dbfile);
+
+ i = do_updatedb(db);
+ if (i == -1)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ else if (i == 0)
+ {
+ if (verbose) BIO_printf(bio_err,
+ "No entries found to mark expired\n");
+ }
+ else
+ {
+ if (!save_index(dbfile,"new",db)) goto err;
+
+ if (!rotate_index(dbfile,"new","old")) goto err;
+
+ if (verbose) BIO_printf(bio_err,
+ "Done. %d entries marked as expired\n",i);
+ }
+ }
+
+ /*****************************************************************/
+ /* Read extentions config file */
+ if (extfile)
+ {
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf,extfile,&errorline) <= 0)
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
+ errorline,extfile);
+ ret = 1;
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
+
+ /* We can have sections in the ext file */
+ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
+ extensions = "default";
+ }
+
+ /*****************************************************************/
+ if (req || gencrl)
+ {
+ if (outfile != NULL)
+ {
+ if (BIO_write_filename(Sout,outfile) <= 0)
+ {
+ perror(outfile);
+ goto err;
+ }
+ }
+ else
+ {
+ BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ Sout = BIO_push(tmpbio, Sout);
+ }
+#endif
+ }
+ }
+
+ if ((md == NULL) && ((md=NCONF_get_string(conf,
+ section,ENV_DEFAULT_MD)) == NULL))
+ {
+ lookup_fail(section,ENV_DEFAULT_MD);
+ goto err;
+ }
+
+ if ((dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto err;
+ }
+
+ if (req)
+ {
+ if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
+ section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
+ {
+ if(strcmp(tmp_email_dn,"no") == 0)
+ email_dn=0;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"message digest is %s\n",
+ OBJ_nid2ln(dgst->type));
+ if ((policy == NULL) && ((policy=NCONF_get_string(conf,
+ section,ENV_POLICY)) == NULL))
+ {
+ lookup_fail(section,ENV_POLICY);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"policy is %s\n",policy);
+
+ if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
+ == NULL)
+ {
+ lookup_fail(section,ENV_SERIAL);
+ goto err;
+ }
+
+ if (!extconf)
+ {
+ /* no '-extfile' option, so we look for extensions
+ * in the main configuration file */
+ if (!extensions)
+ {
+ extensions=NCONF_get_string(conf,section,
+ ENV_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions)
+ {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
+ NULL))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ ret = 1;
+ goto err;
+ }
+ }
+ }
+
+ if (startdate == NULL)
+ {
+ startdate=NCONF_get_string(conf,section,
+ ENV_DEFAULT_STARTDATE);
+ if (startdate == NULL)
+ ERR_clear_error();
+ }
+ if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+ {
+ BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+ if (startdate == NULL) startdate="today";
+
+ if (enddate == NULL)
+ {
+ enddate=NCONF_get_string(conf,section,
+ ENV_DEFAULT_ENDDATE);
+ if (enddate == NULL)
+ ERR_clear_error();
+ }
+ if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+ {
+ BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+
+ if (days == 0)
+ {
+ if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
+ }
+ if (!enddate && (days == 0))
+ {
+ BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
+ goto err;
+ }
+
+ if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading serial number\n");
+ goto err;
+ }
+ if (verbose)
+ {
+ if (BN_is_zero(serial))
+ BIO_printf(bio_err,"next serial number is 00\n");
+ else
+ {
+ if ((f=BN_bn2hex(serial)) == NULL) goto err;
+ BIO_printf(bio_err,"next serial number is %s\n",f);
+ OPENSSL_free(f);
+ }
+ }
+
+ if ((attribs=NCONF_get_section(conf,policy)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
+ goto err;
+ }
+
+ if ((cert_sk=sk_X509_new_null()) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ if (spkac_file != NULL)
+ {
+ total++;
+ j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
+ serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
+ conf,verbose,certopt,nameopt,default_op,ext_copy);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_X509_push(cert_sk,x))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ if (outfile)
+ {
+ output_der = 1;
+ batch = 1;
+ }
+ }
+ }
+ if (ss_cert_file != NULL)
+ {
+ total++;
+ j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
+ db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy, e);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_X509_push(cert_sk,x))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ if (infile != NULL)
+ {
+ total++;
+ j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
+ serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy, selfsign);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_X509_push(cert_sk,x))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ for (i=0; i<argc; i++)
+ {
+ total++;
+ j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
+ serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy, selfsign);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_X509_push(cert_sk,x))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ /* we have a stack of newly certified certificates
+ * and a data base and serial number that need
+ * updating */
+
+ if (sk_X509_num(cert_sk) > 0)
+ {
+ if (!batch)
+ {
+ BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
+ (void)BIO_flush(bio_err);
+ buf[0][0]='\0';
+ if (!fgets(buf[0],10,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
+ ret=0;
+ goto err;
+ }
+ if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
+ ret=0;
+ goto err;
+ }
+ }
+
+ BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
+
+ if (!save_serial(serialfile,"new",serial,NULL)) goto err;
+
+ if (!save_index(dbfile, "new", db)) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"writing new certificates\n");
+ for (i=0; i<sk_X509_num(cert_sk); i++)
+ {
+ int k;
+ char *n;
+
+ x=sk_X509_value(cert_sk,i);
+
+ j=x->cert_info->serialNumber->length;
+ p=(const char *)x->cert_info->serialNumber->data;
+
+ if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+ {
+ BIO_printf(bio_err,"certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2],outdir);
+
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(buf[2],"/",sizeof(buf[2]));
+#endif
+
+ n=(char *)&(buf[2][strlen(buf[2])]);
+ if (j > 0)
+ {
+ for (k=0; k<j; k++)
+ {
+ if (n >= &(buf[2][sizeof(buf[2])]))
+ break;
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X",(unsigned char)*(p++));
+ n+=2;
+ }
+ }
+ else
+ {
+ *(n++)='0';
+ *(n++)='0';
+ }
+ *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
+ *n='\0';
+ if (verbose)
+ BIO_printf(bio_err,"writing %s\n",buf[2]);
+
+ if (BIO_write_filename(Cout,buf[2]) <= 0)
+ {
+ perror(buf[2]);
+ goto err;
+ }
+ write_new_certificate(Cout,x, 0, notext);
+ write_new_certificate(Sout,x, output_der, notext);
+ }
+
+ if (sk_X509_num(cert_sk))
+ {
+ /* Rename the database and the serial file */
+ if (!rotate_serial(serialfile,"new","old")) goto err;
+
+ if (!rotate_index(dbfile,"new","old")) goto err;
+
+ BIO_printf(bio_err,"Data Base Updated\n");
+ }
+ }
+
+ /*****************************************************************/
+ if (gencrl)
+ {
+ int crl_v2 = 0;
+ if (!crl_ext)
+ {
+ crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
+ if (!crl_ext)
+ ERR_clear_error();
+ }
+ if (crl_ext)
+ {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
+ {
+ BIO_printf(bio_err,
+ "Error Loading CRL extension section %s\n",
+ crl_ext);
+ ret = 1;
+ goto err;
+ }
+ }
+
+ if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
+ != NULL)
+ if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading CRL number\n");
+ goto err;
+ }
+
+ if (!crldays && !crlhours)
+ {
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
+ }
+ if ((crldays == 0) && (crlhours == 0))
+ {
+ BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+ goto err;
+ }
+
+ if (verbose) BIO_printf(bio_err,"making CRL\n");
+ if ((crl=X509_CRL_new()) == NULL) goto err;
+ if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
+
+ tmptm = ASN1_TIME_new();
+ if (!tmptm) goto err;
+ X509_gmtime_adj(tmptm,0);
+ X509_CRL_set_lastUpdate(crl, tmptm);
+ X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+ X509_CRL_set_nextUpdate(crl, tmptm);
+
+ ASN1_TIME_free(tmptm);
+
+ for (i=0; i<sk_num(db->db->data); i++)
+ {
+ pp=(const char **)sk_value(db->db->data,i);
+ if (pp[DB_type][0] == DB_TYPE_REV)
+ {
+ if ((r=X509_REVOKED_new()) == NULL) goto err;
+ j = make_revoked(r, pp[DB_rev_date]);
+ if (!j) goto err;
+ if (j == 2) crl_v2 = 1;
+ if (!BN_hex2bn(&serial, pp[DB_serial]))
+ goto err;
+ tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+ BN_free(serial);
+ serial = NULL;
+ if (!tmpser)
+ goto err;
+ X509_REVOKED_set_serialNumber(r, tmpser);
+ ASN1_INTEGER_free(tmpser);
+ X509_CRL_add0_revoked(crl,r);
+ }
+ }
+
+ /* sort the data so it will be written in serial
+ * number order */
+ X509_CRL_sort(crl);
+
+ /* we now have a CRL */
+ if (verbose) BIO_printf(bio_err,"signing CRL\n");
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst=EVP_dss1();
+ else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ dgst=EVP_ecdsa();
+#endif
+
+ /* Add any extensions asked for */
+
+ if (crl_ext || crlnumberfile != NULL)
+ {
+ X509V3_CTX crlctx;
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_nconf(&crlctx, conf);
+
+ if (crl_ext)
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+ crl_ext, crl)) goto err;
+ if (crlnumberfile != NULL)
+ {
+ tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+ if (!tmpser) goto err;
+ X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
+ ASN1_INTEGER_free(tmpser);
+ crl_v2 = 1;
+ if (!BN_add_word(crlnumber,1)) goto err;
+ }
+ }
+ if (crl_ext || crl_v2)
+ {
+ if (!X509_CRL_set_version(crl, 1))
+ goto err; /* version 2 CRL */
+ }
+
+
+ if (crlnumberfile != NULL) /* we have a CRL number that need updating */
+ if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
+
+ if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
+
+ PEM_write_bio_X509_CRL(Sout,crl);
+
+ if (crlnumberfile != NULL) /* Rename the crlnumber file */
+ if (!rotate_serial(crlnumberfile,"new","old")) goto err;
+
+ }
+ /*****************************************************************/
+ if (dorevoke)
+ {
+ if (infile == NULL)
+ {
+ BIO_printf(bio_err,"no input files\n");
+ goto err;
+ }
+ else
+ {
+ X509 *revcert;
+ revcert=load_cert(bio_err, infile, FORMAT_PEM,
+ NULL, e, infile);
+ if (revcert == NULL)
+ goto err;
+ j=do_revoke(revcert,db, rev_type, rev_arg);
+ if (j <= 0) goto err;
+ X509_free(revcert);
+
+ if (!save_index(dbfile, "new", db)) goto err;
+
+ if (!rotate_index(dbfile, "new", "old")) goto err;
+
+ BIO_printf(bio_err,"Data Base Updated\n");
+ }
+ }
+ /*****************************************************************/
+ ret=0;
+err:
+ if(tofree)
+ OPENSSL_free(tofree);
+ BIO_free_all(Cout);
+ BIO_free_all(Sout);
+ BIO_free_all(out);
+ BIO_free_all(in);
+
+ if (cert_sk)
+ sk_X509_pop_free(cert_sk,X509_free);
+
+ if (ret) ERR_print_errors(bio_err);
+ app_RAND_write_file(randfile, bio_err);
+ if (free_key && key)
+ OPENSSL_free(key);
+ BN_free(serial);
+ free_index(db);
+ EVP_PKEY_free(pkey);
+ if (x509) X509_free(x509);
+ X509_CRL_free(crl);
+ NCONF_free(conf);
+ NCONF_free(extconf);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static void lookup_fail(const char *name, const char *tag)
+ {
+ BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
+ }
+
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy, int selfsign)
+ {
+ X509_REQ *req=NULL;
+ BIO *in=NULL;
+ EVP_PKEY *pktmp=NULL;
+ int ok= -1,i;
+
+ in=BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto err;
+ }
+ if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"Error reading certificate request in %s\n",
+ infile);
+ goto err;
+ }
+ if (verbose)
+ X509_REQ_print(bio_err,req);
+
+ BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+ if (selfsign && !X509_REQ_check_private_key(req,pkey))
+ {
+ BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
+ ok=0;
+ goto err;
+ }
+ if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto err;
+ }
+ i=X509_REQ_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (i == 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
+ startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
+ certopt, nameopt, default_op, ext_copy, selfsign);
+
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (in != NULL) BIO_free(in);
+ return(ok);
+ }
+
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy, ENGINE *e)
+ {
+ X509 *req=NULL;
+ X509_REQ *rreq=NULL;
+ EVP_PKEY *pktmp=NULL;
+ int ok= -1,i;
+
+ if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ goto err;
+ if (verbose)
+ X509_print(bio_err,req);
+
+ BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+ if ((pktmp=X509_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto err;
+ }
+ i=X509_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature did not match the certificate\n");
+ goto err;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
+ goto err;
+
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+ days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
+ ext_copy, 0);
+
+err:
+ if (rreq != NULL) X509_REQ_free(rreq);
+ if (req != NULL) X509_free(req);
+ return(ok);
+ }
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn,
+ int email_dn, char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy, int selfsign)
+ {
+ X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
+ ASN1_UTCTIME *tm,*tmptm;
+ ASN1_STRING *str,*str2;
+ ASN1_OBJECT *obj;
+ X509 *ret=NULL;
+ X509_CINF *ci;
+ X509_NAME_ENTRY *ne;
+ X509_NAME_ENTRY *tne,*push;
+ EVP_PKEY *pktmp;
+ int ok= -1,i,j,last,nid;
+ const char *p;
+ CONF_VALUE *cv;
+ char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+ char buf[25];
+
+ tmptm=ASN1_UTCTIME_new();
+ if (tmptm == NULL)
+ {
+ BIO_printf(bio_err,"malloc error\n");
+ return(0);
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+
+ if (subj)
+ {
+ X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+ if (!n)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ X509_REQ_set_subject_name(req,n);
+ req->req_info->enc.modified = 1;
+ X509_NAME_free(n);
+ }
+
+ if (default_op)
+ BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
+
+ name=X509_REQ_get_subject_name(req);
+ for (i=0; i<X509_NAME_entry_count(name); i++)
+ {
+ ne= X509_NAME_get_entry(name,i);
+ str=X509_NAME_ENTRY_get_data(ne);
+ obj=X509_NAME_ENTRY_get_object(ne);
+
+ if (msie_hack)
+ {
+ /* assume all type should be strings */
+ nid=OBJ_obj2nid(ne->object);
+
+ if (str->type == V_ASN1_UNIVERSALSTRING)
+ ASN1_UNIVERSALSTRING_to_string(str);
+
+ if ((str->type == V_ASN1_IA5STRING) &&
+ (nid != NID_pkcs9_emailAddress))
+ str->type=V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_emailAddress) &&
+ (str->type == V_ASN1_PRINTABLESTRING))
+ str->type=V_ASN1_IA5STRING;
+ }
+
+ /* If no EMAIL is wanted in the subject */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+ continue;
+
+ /* check some things */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+ (str->type != V_ASN1_IA5STRING))
+ {
+ BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
+ goto err;
+ }
+ if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
+ {
+ j=ASN1_PRINTABLE_type(str->data,str->length);
+ if ( ((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING)))
+ {
+ BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
+ }
+
+ if (default_op)
+ old_entry_print(bio_err, obj, str);
+ }
+
+ /* Ok, now we check the 'policy' stuff. */
+ if ((subject=X509_NAME_new()) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+
+ /* take a copy of the issuer name before we mess with it. */
+ if (selfsign)
+ CAname=X509_NAME_dup(name);
+ else
+ CAname=X509_NAME_dup(x509->cert_info->subject);
+ if (CAname == NULL) goto err;
+ str=str2=NULL;
+
+ for (i=0; i<sk_CONF_VALUE_num(policy); i++)
+ {
+ cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
+ if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
+ {
+ BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
+ goto err;
+ }
+ obj=OBJ_nid2obj(j);
+
+ last= -1;
+ for (;;)
+ {
+ /* lookup the object in the supplied name list */
+ j=X509_NAME_get_index_by_OBJ(name,obj,last);
+ if (j < 0)
+ {
+ if (last != -1) break;
+ tne=NULL;
+ }
+ else
+ {
+ tne=X509_NAME_get_entry(name,j);
+ }
+ last=j;
+
+ /* depending on the 'policy', decide what to do. */
+ push=NULL;
+ if (strcmp(cv->value,"optional") == 0)
+ {
+ if (tne != NULL)
+ push=tne;
+ }
+ else if (strcmp(cv->value,"supplied") == 0)
+ {
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
+ goto err;
+ }
+ else
+ push=tne;
+ }
+ else if (strcmp(cv->value,"match") == 0)
+ {
+ int last2;
+
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
+ goto err;
+ }
+
+ last2= -1;
+
+again2:
+ j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
+ if ((j < 0) && (last2 == -1))
+ {
+ BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
+ goto err;
+ }
+ if (j >= 0)
+ {
+ push=X509_NAME_get_entry(CAname,j);
+ str=X509_NAME_ENTRY_get_data(tne);
+ str2=X509_NAME_ENTRY_get_data(push);
+ last2=j;
+ if (ASN1_STRING_cmp(str,str2) != 0)
+ goto again2;
+ }
+ if (j < 0)
+ {
+ BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
+ goto err;
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
+ goto err;
+ }
+
+ if (push != NULL)
+ {
+ if (!X509_NAME_add_entry(subject,push, -1, 0))
+ {
+ if (push != NULL)
+ X509_NAME_ENTRY_free(push);
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ }
+ if (j < 0) break;
+ }
+ }
+
+ if (preserve)
+ {
+ X509_NAME_free(subject);
+ /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+ subject=X509_NAME_dup(name);
+ if (subject == NULL) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+ /* and add it later on because of the method extensions are added (altName) */
+
+ if (email_dn)
+ dn_subject = subject;
+ else
+ {
+ X509_NAME_ENTRY *tmpne;
+ /* Its best to dup the subject DN and then delete any email
+ * addresses because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject)))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ while((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress, -1)) >= 0)
+ {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(serial);
+ if (row[DB_serial] == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+
+ if (db->attributes.unique_subject)
+ {
+ rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ }
+ if (rrow == NULL)
+ {
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err," check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p="Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p="Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p="Valid";
+ else
+ p="\ninvalid type, Data base error\n";
+ BIO_printf(bio_err,"Type :%s\n",p);;
+ if (rrow[DB_type][0] == 'R')
+ {
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Was revoked on:%s\n",p);
+ }
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Expires on :%s\n",p);
+ p=rrow[DB_serial]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Serial Number :%s\n",p);
+ p=rrow[DB_file]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"File name :%s\n",p);
+ p=rrow[DB_name]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Subject Name :%s\n",p);
+ ok= -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
+ /* We are now totally happy, lets make and sign the certificate */
+ if (verbose)
+ BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+
+ if ((ret=X509_new()) == NULL) goto err;
+ ci=ret->cert_info;
+
+#ifdef X509_V3
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret,2)) goto err;
+#endif
+
+ if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
+ goto err;
+ if (selfsign)
+ {
+ if (!X509_set_issuer_name(ret,subject))
+ goto err;
+ }
+ else
+ {
+ if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
+ goto err;
+ }
+
+ if (strcmp(startdate,"today") == 0)
+ X509_gmtime_adj(X509_get_notBefore(ret),0);
+ else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+
+ if (enddate == NULL)
+ X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+ else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+
+ if (!X509_set_subject_name(ret,subject)) goto err;
+
+ pktmp=X509_REQ_get_pubkey(req);
+ i = X509_set_pubkey(ret,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i) goto err;
+
+ /* Lets add the extensions, if there are any */
+ if (ext_sect)
+ {
+ X509V3_CTX ctx;
+ if (ci->version == NULL)
+ if ((ci->version=ASN1_INTEGER_new()) == NULL)
+ goto err;
+ ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
+
+ /* Free the current entries if any, there should not
+ * be any I believe */
+ if (ci->extensions != NULL)
+ sk_X509_EXTENSION_pop_free(ci->extensions,
+ X509_EXTENSION_free);
+
+ ci->extensions = NULL;
+
+ /* Initialize the context structure */
+ if (selfsign)
+ X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
+ else
+ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+
+ if (extconf)
+ {
+ if (verbose)
+ BIO_printf(bio_err, "Extra configuration file found\n");
+
+ /* Use the extconf configuration db LHASH */
+ X509V3_set_nconf(&ctx, extconf);
+
+ /* Test the structure (needed?) */
+ /* X509V3_set_ctx_test(&ctx); */
+
+ /* Adds exts contained in the configuration file */
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
+ {
+ BIO_printf(bio_err,
+ "ERROR: adding extensions in section %s\n",
+ ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "Successfully added extensions from file.\n");
+ }
+ else if (ext_sect)
+ {
+ /* We found extensions to be set from config file */
+ X509V3_set_nconf(&ctx, lconf);
+
+ if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
+ {
+ BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully added extensions from config\n");
+ }
+ }
+
+ /* Copy extensions from request (if any) */
+
+ if (!copy_extensions(ret, req, ext_copy))
+ {
+ BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /* Set the right value for the noemailDN option */
+ if( email_dn == 0 )
+ {
+ if (!X509_set_subject_name(ret,dn_subject)) goto err;
+ }
+
+ if (!default_op)
+ {
+ BIO_printf(bio_err, "Certificate Details:\n");
+ /* Never print signature details because signature not present */
+ certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+ X509_print_ex(bio_err, ret, nameopt, certopt);
+ }
+
+ BIO_printf(bio_err,"Certificate is to be certified until ");
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
+ if (days) BIO_printf(bio_err," (%ld days)",days);
+ BIO_printf(bio_err, "\n");
+
+ if (!batch)
+ {
+
+ BIO_printf(bio_err,"Sign the certificate? [y/n]:");
+ (void)BIO_flush(bio_err);
+ buf[0]='\0';
+ if (!fgets(buf,sizeof(buf)-1,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+ ok=0;
+ goto err;
+ }
+ if (!((buf[0] == 'y') || (buf[0] == 'Y')))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
+ ok=0;
+ goto err;
+ }
+ }
+
+
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
+ pktmp=X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp,pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ dgst = EVP_ecdsa();
+ pktmp = X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+
+
+ if (!X509_sign(ret,pkey,dgst))
+ goto err;
+
+ /* We now just add it to the database */
+ row[DB_type]=(char *)OPENSSL_malloc(2);
+
+ tm=X509_get_notAfter(ret);
+ row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
+ memcpy(row[DB_exp_date],tm->data,tm->length);
+ row[DB_exp_date][tm->length]='\0';
+
+ row[DB_rev_date]=NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file]=(char *)OPENSSL_malloc(8);
+ row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL) || (row[DB_name] == NULL))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ BUF_strlcpy(row[DB_file],"unknown",8);
+ row[DB_type][0]='V';
+ row[DB_type][1]='\0';
+
+ if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ irow[i]=row[i];
+ row[i]=NULL;
+ }
+ irow[DB_NUMBER]=NULL;
+
+ if (!TXT_DB_insert(db->db,irow))
+ {
+ BIO_printf(bio_err,"failed to update database\n");
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+ goto err;
+ }
+ ok=1;
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ if (row[i] != NULL) OPENSSL_free(row[i]);
+
+ if (CAname != NULL)
+ X509_NAME_free(CAname);
+ if (subject != NULL)
+ X509_NAME_free(subject);
+ if ((dn_subject != NULL) && !email_dn)
+ X509_NAME_free(dn_subject);
+ if (tmptm != NULL)
+ ASN1_UTCTIME_free(tmptm);
+ if (ok <= 0)
+ {
+ if (ret != NULL) X509_free(ret);
+ ret=NULL;
+ }
+ else
+ *xret=ret;
+ return(ok);
+ }
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
+ {
+
+ if (output_der)
+ {
+ (void)i2d_X509_bio(bp,x);
+ return;
+ }
+#if 0
+ /* ??? Not needed since X509_print prints all this stuff anyway */
+ f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+ BIO_printf(bp,"issuer :%s\n",f);
+
+ f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ BIO_printf(bp,"subject:%s\n",f);
+
+ BIO_puts(bp,"serial :");
+ i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
+ BIO_puts(bp,"\n\n");
+#endif
+ if (!notext)X509_print(bp,x);
+ PEM_write_bio_X509(bp,x);
+ }
+
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+ long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy)
+ {
+ STACK_OF(CONF_VALUE) *sk=NULL;
+ LHASH *parms=NULL;
+ X509_REQ *req=NULL;
+ CONF_VALUE *cv=NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ X509_REQ_INFO *ri;
+ char *type,*buf;
+ EVP_PKEY *pktmp=NULL;
+ X509_NAME *n=NULL;
+ X509_NAME_ENTRY *ne=NULL;
+ int ok= -1,i,j;
+ long errline;
+ int nid;
+
+ /*
+ * Load input file into a hash table. (This is just an easy
+ * way to read and parse the file, then put it into a convenient
+ * STACK format).
+ */
+ parms=CONF_load(NULL,infile,&errline);
+ if (parms == NULL)
+ {
+ BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ sk=CONF_get_section(parms, "default");
+ if (sk_CONF_VALUE_num(sk) == 0)
+ {
+ BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+ CONF_free(parms);
+ goto err;
+ }
+
+ /*
+ * Now create a dummy X509 request structure. We don't actually
+ * have an X509 request, but we have many of the components
+ * (a public key, various DN components). The idea is that we
+ * put these components into the right X509 request structure
+ * and we can use the same code as if you had a real X509 request.
+ */
+ req=X509_REQ_new();
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*
+ * Build up the subject name set.
+ */
+ ri=req->req_info;
+ n = ri->subject;
+
+ for (i = 0; ; i++)
+ {
+ if (sk_CONF_VALUE_num(sk) <= i) break;
+
+ cv=sk_CONF_VALUE_value(sk,i);
+ type=cv->name;
+ /* Skip past any leading X. X: X, etc to allow for
+ * multiple instances
+ */
+ for (buf = cv->name; *buf ; buf++)
+ if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
+ {
+ buf++;
+ if (*buf) type = buf;
+ break;
+ }
+
+ buf=cv->value;
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ {
+ if (strcmp(type, "SPKAC") == 0)
+ {
+ spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, 0))
+ goto err;
+ }
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
+ infile);
+ goto err;
+ }
+
+ /*
+ * Now extract the key from the SPKI structure.
+ */
+
+ BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
+
+ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking SPKAC public key\n");
+ goto err;
+ }
+
+ j = NETSCAPE_SPKI_verify(spki, pktmp);
+ if (j <= 0)
+ {
+ BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"Signature ok\n");
+
+ X509_REQ_set_pubkey(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+ days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
+ ext_copy, 0);
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (parms != NULL) CONF_free(parms);
+ if (spki != NULL) NETSCAPE_SPKI_free(spki);
+ if (ne != NULL) X509_NAME_ENTRY_free(ne);
+
+ return(ok);
+ }
+
+static int check_time_format(const char *str)
+ {
+ ASN1_TIME tm;
+
+ tm.data=(unsigned char *)str;
+ tm.length=strlen(str);
+ tm.type=V_ASN1_UTCTIME;
+ if (ASN1_TIME_check(&tm))
+ return 1;
+ tm.type=V_ASN1_GENERALIZEDTIME;
+ return ASN1_TIME_check(&tm);
+ }
+
+static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+ {
+ ASN1_UTCTIME *tm=NULL;
+ char *row[DB_NUMBER],**rrow,**irow;
+ char *rev_str = NULL;
+ BIGNUM *bn = NULL;
+ int ok=-1,i;
+
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+ row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+ bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+ if (BN_is_zero(bn))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(bn);
+ BN_free(bn);
+ if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ /* We have to lookup by serial number because name lookup
+ * skips revoked certs
+ */
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+ if (rrow == NULL)
+ {
+ BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
+
+ /* We now just add it to the database */
+ row[DB_type]=(char *)OPENSSL_malloc(2);
+
+ tm=X509_get_notAfter(x509);
+ row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
+ memcpy(row[DB_exp_date],tm->data,tm->length);
+ row[DB_exp_date][tm->length]='\0';
+
+ row[DB_rev_date]=NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file]=(char *)OPENSSL_malloc(8);
+
+ /* row[DB_name] done already */
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ BUF_strlcpy(row[DB_file],"unknown",8);
+ row[DB_type][0]='V';
+ row[DB_type][1]='\0';
+
+ if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ irow[i]=row[i];
+ row[i]=NULL;
+ }
+ irow[DB_NUMBER]=NULL;
+
+ if (!TXT_DB_insert(db->db,irow))
+ {
+ BIO_printf(bio_err,"failed to update database\n");
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+ goto err;
+ }
+
+ /* Revoke Certificate */
+ ok = do_revoke(x509,db, type, value);
+
+ goto err;
+
+ }
+ else if (index_name_cmp((const char **)row,(const char **)rrow))
+ {
+ BIO_printf(bio_err,"ERROR:name does not match %s\n",
+ row[DB_name]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='R')
+ {
+ BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
+ row[DB_serial]);
+ goto err;
+ }
+ else
+ {
+ BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
+ rev_str = make_revocation_str(type, value);
+ if (!rev_str)
+ {
+ BIO_printf(bio_err, "Error in revocation arguments\n");
+ goto err;
+ }
+ rrow[DB_type][0]='R';
+ rrow[DB_type][1]='\0';
+ rrow[DB_rev_date] = rev_str;
+ }
+ ok=1;
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+ }
+ return(ok);
+ }
+
+static int get_certificate_status(const char *serial, CA_DB *db)
+ {
+ char *row[DB_NUMBER],**rrow;
+ int ok=-1,i;
+
+ /* Free Resources */
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+
+ /* Malloc needed char spaces */
+ row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
+ if (row[DB_serial] == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ if (strlen(serial) % 2)
+ {
+ /* Set the first char to 0 */;
+ row[DB_serial][0]='0';
+
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial]+1, serial, strlen(serial));
+ row[DB_serial][strlen(serial)+1]='\0';
+ }
+ else
+ {
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial], serial, strlen(serial));
+ row[DB_serial][strlen(serial)]='\0';
+ }
+
+ /* Make it Upper Case */
+ for (i=0; row[DB_serial][i] != '\0'; i++)
+ row[DB_serial][i] = toupper(row[DB_serial][i]);
+
+
+ ok=1;
+
+ /* Search for the certificate */
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+ if (rrow == NULL)
+ {
+ BIO_printf(bio_err,"Serial %s not present in db.\n",
+ row[DB_serial]);
+ ok=-1;
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='V')
+ {
+ BIO_printf(bio_err,"%s=Valid (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='R')
+ {
+ BIO_printf(bio_err,"%s=Revoked (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='E')
+ {
+ BIO_printf(bio_err,"%s=Expired (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='S')
+ {
+ BIO_printf(bio_err,"%s=Suspended (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else
+ {
+ BIO_printf(bio_err,"%s=Unknown (%c).\n",
+ row[DB_serial], rrow[DB_type][0]);
+ ok=-1;
+ }
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+ }
+ return(ok);
+ }
+
+static int do_updatedb (CA_DB *db)
+ {
+ ASN1_UTCTIME *a_tm = NULL;
+ int i, cnt = 0;
+ int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
+ char **rrow, *a_tm_s;
+
+ a_tm = ASN1_UTCTIME_new();
+
+ /* get actual time and make a string */
+ a_tm = X509_gmtime_adj(a_tm, 0);
+ a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
+ if (a_tm_s == NULL)
+ {
+ cnt = -1;
+ goto err;
+ }
+
+ memcpy(a_tm_s, a_tm->data, a_tm->length);
+ a_tm_s[a_tm->length] = '\0';
+
+ if (strncmp(a_tm_s, "49", 2) <= 0)
+ a_y2k = 1;
+ else
+ a_y2k = 0;
+
+ for (i = 0; i < sk_num(db->db->data); i++)
+ {
+ rrow = (char **) sk_value(db->db->data, i);
+
+ if (rrow[DB_type][0] == 'V')
+ {
+ /* ignore entries that are not valid */
+ if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+ db_y2k = 1;
+ else
+ db_y2k = 0;
+
+ if (db_y2k == a_y2k)
+ {
+ /* all on the same y2k side */
+ if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
+ {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n",
+ rrow[DB_serial]);
+ }
+ }
+ else if (db_y2k < a_y2k)
+ {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n",
+ rrow[DB_serial]);
+ }
+
+ }
+ }
+
+err:
+
+ ASN1_UTCTIME_free(a_tm);
+ OPENSSL_free(a_tm_s);
+
+ return (cnt);
+ }
+
+static const char *crl_reasons[] = {
+ /* CRL reason strings */
+ "unspecified",
+ "keyCompromise",
+ "CACompromise",
+ "affiliationChanged",
+ "superseded",
+ "cessationOfOperation",
+ "certificateHold",
+ "removeFromCRL",
+ /* Additional pseudo reasons */
+ "holdInstruction",
+ "keyTime",
+ "CAkeyTime"
+};
+
+#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
+
+/* Given revocation information convert to a DB string.
+ * The format of the string is:
+ * revtime[,reason,extra]. Where 'revtime' is the
+ * revocation time (the current time). 'reason' is the
+ * optional CRL reason and 'extra' is any additional
+ * argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+ {
+ char *other = NULL, *str;
+ const char *reason = NULL;
+ ASN1_OBJECT *otmp;
+ ASN1_UTCTIME *revtm = NULL;
+ int i;
+ switch (rev_type)
+ {
+ case REV_NONE:
+ break;
+
+ case REV_CRL_REASON:
+ for (i = 0; i < 8; i++)
+ {
+ if (!strcasecmp(rev_arg, crl_reasons[i]))
+ {
+ reason = crl_reasons[i];
+ break;
+ }
+ }
+ if (reason == NULL)
+ {
+ BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+ return NULL;
+ }
+ break;
+
+ case REV_HOLD:
+ /* Argument is an OID */
+
+ otmp = OBJ_txt2obj(rev_arg, 0);
+ ASN1_OBJECT_free(otmp);
+
+ if (otmp == NULL)
+ {
+ BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+ return NULL;
+ }
+
+ reason = "holdInstruction";
+ other = rev_arg;
+ break;
+
+ case REV_KEY_COMPROMISE:
+ case REV_CA_COMPROMISE:
+
+ /* Argument is the key compromise time */
+ if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
+ {
+ BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
+ return NULL;
+ }
+ other = rev_arg;
+ if (rev_type == REV_KEY_COMPROMISE)
+ reason = "keyTime";
+ else
+ reason = "CAkeyTime";
+
+ break;
+
+ }
+
+ revtm = X509_gmtime_adj(NULL, 0);
+
+ if (!revtm)
+ return NULL;
+
+ i = revtm->length + 1;
+
+ if (reason) i += strlen(reason) + 1;
+ if (other) i += strlen(other) + 1;
+
+ str = OPENSSL_malloc(i);
+
+ if (!str) return NULL;
+
+ BUF_strlcpy(str, (char *)revtm->data, i);
+ if (reason)
+ {
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, reason, i);
+ }
+ if (other)
+ {
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, other, i);
+ }
+ ASN1_UTCTIME_free(revtm);
+ return str;
+ }
+
+/* Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+
+int make_revoked(X509_REVOKED *rev, const char *str)
+ {
+ char *tmp = NULL;
+ int reason_code = -1;
+ int i, ret = 0;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ ASN1_ENUMERATED *rtmp = NULL;
+
+ ASN1_TIME *revDate = NULL;
+
+ i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+ if (i == 0)
+ goto err;
+
+ if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+ goto err;
+
+ if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
+ {
+ rtmp = ASN1_ENUMERATED_new();
+ if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+ goto err;
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+ goto err;
+ }
+
+ if (rev && comp_time)
+ {
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
+ goto err;
+ }
+ if (rev && hold)
+ {
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
+ goto err;
+ }
+
+ if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+ ret = 2;
+ else ret = 1;
+
+ err:
+
+ if (tmp) OPENSSL_free(tmp);
+ ASN1_OBJECT_free(hold);
+ ASN1_GENERALIZEDTIME_free(comp_time);
+ ASN1_ENUMERATED_free(rtmp);
+ ASN1_TIME_free(revDate);
+
+ return ret;
+ }
+
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+ {
+ char buf[25],*pbuf, *p;
+ int j;
+ j=i2a_ASN1_OBJECT(bp,obj);
+ pbuf=buf;
+ for (j=22-j; j>0; j--)
+ *(pbuf++)=' ';
+ *(pbuf++)=':';
+ *(pbuf++)='\0';
+ BIO_puts(bp,buf);
+
+ if (str->type == V_ASN1_PRINTABLESTRING)
+ BIO_printf(bp,"PRINTABLE:'");
+ else if (str->type == V_ASN1_T61STRING)
+ BIO_printf(bp,"T61STRING:'");
+ else if (str->type == V_ASN1_IA5STRING)
+ BIO_printf(bp,"IA5STRING:'");
+ else if (str->type == V_ASN1_UNIVERSALSTRING)
+ BIO_printf(bp,"UNIVERSALSTRING:'");
+ else
+ BIO_printf(bp,"ASN.1 %2d:'",str->type);
+
+ p=(char *)str->data;
+ for (j=str->length; j>0; j--)
+ {
+#ifdef CHARSET_EBCDIC
+ if ((*p >= 0x20) && (*p <= 0x7e))
+ BIO_printf(bp,"%c",os_toebcdic[*p]);
+#else
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bp,"%c",*p);
+#endif
+ else if (*p & 0x80)
+ BIO_printf(bp,"\\0x%02X",*p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bp,"^?");
+#ifdef CHARSET_EBCDIC
+ else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
+#else
+ else BIO_printf(bp,"^%c",*p+'@');
+#endif
+ p++;
+ }
+ BIO_printf(bp,"'\n");
+ return 1;
+ }
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+ {
+ char *tmp = NULL;
+ char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+ int reason_code = -1;
+ int ret = 0;
+ unsigned int i;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ tmp = BUF_strdup(str);
+
+ p = strchr(tmp, ',');
+
+ rtime_str = tmp;
+
+ if (p)
+ {
+ *p = '\0';
+ p++;
+ reason_str = p;
+ p = strchr(p, ',');
+ if (p)
+ {
+ *p = '\0';
+ arg_str = p + 1;
+ }
+ }
+
+ if (prevtm)
+ {
+ *prevtm = ASN1_UTCTIME_new();
+ if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
+ {
+ BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+ goto err;
+ }
+ }
+ if (reason_str)
+ {
+ for (i = 0; i < NUM_REASONS; i++)
+ {
+ if(!strcasecmp(reason_str, crl_reasons[i]))
+ {
+ reason_code = i;
+ break;
+ }
+ }
+ if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
+ {
+ BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+ goto err;
+ }
+
+ if (reason_code == 7)
+ reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+ else if (reason_code == 8) /* Hold instruction */
+ {
+ if (!arg_str)
+ {
+ BIO_printf(bio_err, "missing hold instruction\n");
+ goto err;
+ }
+ reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+ hold = OBJ_txt2obj(arg_str, 0);
+
+ if (!hold)
+ {
+ BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+ goto err;
+ }
+ if (phold) *phold = hold;
+ }
+ else if ((reason_code == 9) || (reason_code == 10))
+ {
+ if (!arg_str)
+ {
+ BIO_printf(bio_err, "missing compromised time\n");
+ goto err;
+ }
+ comp_time = ASN1_GENERALIZEDTIME_new();
+ if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
+ {
+ BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+ goto err;
+ }
+ if (reason_code == 9)
+ reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+ else
+ reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+ }
+ }
+
+ if (preason) *preason = reason_code;
+ if (pinvtm) *pinvtm = comp_time;
+ else ASN1_GENERALIZEDTIME_free(comp_time);
+
+ ret = 1;
+
+ err:
+
+ if (tmp) OPENSSL_free(tmp);
+ if (!phold) ASN1_OBJECT_free(hold);
+ if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
+
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/apps/cert.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/cert.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/cert.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/ciphers.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ciphers.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/ciphers.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,208 @@
+/* apps/ciphers.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG ciphers_main
+
+static const char *ciphers_usage[]={
+"usage: ciphers args\n",
+" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -ssl2 - SSL2 mode\n",
+" -ssl3 - SSL3 mode\n",
+" -tls1 - TLS1 mode\n",
+NULL
+};
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret=1,i;
+ int verbose=0;
+ const char **pp;
+ const char *p;
+ int badops=0;
+ SSL_CTX *ctx=NULL;
+ SSL *ssl=NULL;
+ char *ciphers=NULL;
+ SSL_METHOD *meth=NULL;
+ STACK_OF(SSL_CIPHER) *sk;
+ char buf[512];
+ BIO *STDout=NULL;
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_server_method();
+#elif !defined(OPENSSL_NO_SSL3)
+ meth=SSLv3_server_method();
+#elif !defined(OPENSSL_NO_SSL2)
+ meth=SSLv2_server_method();
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ STDout = BIO_push(tmpbio, STDout);
+ }
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-v") == 0)
+ verbose=1;
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ meth=SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ meth=SSLv3_client_method();
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv,"-tls1") == 0)
+ meth=TLSv1_client_method();
+#endif
+ else if ((strncmp(*argv,"-h",2) == 0) ||
+ (strcmp(*argv,"-?") == 0))
+ {
+ badops=1;
+ break;
+ }
+ else
+ {
+ ciphers= *argv;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+ for (pp=ciphers_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+ OpenSSL_add_ssl_algorithms();
+
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL) goto err;
+ if (ciphers != NULL) {
+ if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
+ BIO_printf(bio_err, "Error in cipher list\n");
+ goto err;
+ }
+ }
+ ssl=SSL_new(ctx);
+ if (ssl == NULL) goto err;
+
+
+ if (!verbose)
+ {
+ for (i=0; ; i++)
+ {
+ p=SSL_get_cipher_list(ssl,i);
+ if (p == NULL) break;
+ if (i != 0) BIO_printf(STDout,":");
+ BIO_printf(STDout,"%s",p);
+ }
+ BIO_printf(STDout,"\n");
+ }
+ else
+ {
+ sk=SSL_get_ciphers(ssl);
+
+ for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ {
+ BIO_puts(STDout,SSL_CIPHER_description(
+ sk_SSL_CIPHER_value(sk,i),
+ buf,sizeof buf));
+ }
+ }
+
+ ret=0;
+ if (0)
+ {
+err:
+ SSL_load_error_strings();
+ ERR_print_errors(bio_err);
+ }
+end:
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (ssl != NULL) SSL_free(ssl);
+ if (STDout != NULL) BIO_free_all(STDout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
Added: vendor-crypto/openssl/dist/apps/client.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/client.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/client.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
+MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
+Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
+XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
+NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
+UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
+9TKwhS4GlwbtCfxSKQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/cms.c
===================================================================
--- vendor-crypto/openssl/dist/apps/cms.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/cms.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1351 @@
+/* apps/cms.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+
+#undef PROG
+#define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from);
+
+#define SMIME_OP 0x10
+#define SMIME_IP 0x20
+#define SMIME_SIGNERS 0x40
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT (2 | SMIME_IP)
+#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY (4 | SMIME_IP)
+#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_DATAOUT (7 | SMIME_IP)
+#define SMIME_DATA_CREATE (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
+#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS (11 | SMIME_IP)
+#define SMIME_COMPRESS (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ STACK *sksigners = NULL, *skkeys = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+ char *certsoutfile = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ CMS_ContentInfo *cms = NULL, *rcms = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+ int badarg = 0;
+ int flags = CMS_DETACHED;
+ int rr_print = 0, rr_allorfirst = -1;
+ STACK *rr_to = NULL, *rr_from = NULL;
+ CMS_ReceiptRequest *rr = NULL;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ const EVP_MD *sign_md = NULL;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ unsigned char *secret_key = NULL, *secret_keyid = NULL;
+ size_t secret_keylen = 0, secret_keyidlen = 0;
+
+ ASN1_OBJECT *econtent_type = NULL;
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp (*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-sign_receipt"))
+ operation = SMIME_SIGN_RECEIPT;
+ else if (!strcmp (*args, "-resign"))
+ operation = SMIME_RESIGN;
+ else if (!strcmp (*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp(*args,"-verify_receipt"))
+ {
+ operation = SMIME_VERIFY_RECEIPT;
+ if (!args[1])
+ goto argerr;
+ args++;
+ rctfile = *args;
+ }
+ else if (!strcmp (*args, "-cmsout"))
+ operation = SMIME_CMSOUT;
+ else if (!strcmp (*args, "-data_out"))
+ operation = SMIME_DATAOUT;
+ else if (!strcmp (*args, "-data_create"))
+ operation = SMIME_DATA_CREATE;
+ else if (!strcmp (*args, "-digest_verify"))
+ operation = SMIME_DIGEST_VERIFY;
+ else if (!strcmp (*args, "-digest_create"))
+ operation = SMIME_DIGEST_CREATE;
+ else if (!strcmp (*args, "-compress"))
+ operation = SMIME_COMPRESS;
+ else if (!strcmp (*args, "-uncompress"))
+ operation = SMIME_UNCOMPRESS;
+ else if (!strcmp (*args, "-EncryptedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
+ else if (!strcmp (*args, "-EncryptedData_encrypt"))
+ operation = SMIME_ENCRYPTED_ENCRYPT;
+#ifndef OPENSSL_NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp (*args, "-debug_decrypt"))
+ flags |= CMS_DEBUG_DECRYPT;
+ else if (!strcmp (*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= CMS_NOINTERN;
+ else if (!strcmp (*args, "-noverify")
+ || !strcmp (*args, "-no_signer_cert_verify"))
+ flags |= CMS_NO_SIGNER_CERT_VERIFY;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= CMS_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= CMS_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~CMS_DETACHED;
+ else if (!strcmp (*args, "-nosmimecap"))
+ flags |= CMS_NOSMIMECAP;
+ else if (!strcmp (*args, "-binary"))
+ flags |= CMS_BINARY;
+ else if (!strcmp (*args, "-keyid"))
+ flags |= CMS_USE_KEYID;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= CMS_NOSIGS;
+ else if (!strcmp (*args, "-no_content_verify"))
+ flags |= CMS_NO_CONTENT_VERIFY;
+ else if (!strcmp (*args, "-no_attr_verify"))
+ flags |= CMS_NO_ATTR_VERIFY;
+ else if (!strcmp (*args, "-stream"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-indef"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-noindef"))
+ flags &= ~CMS_STREAM;
+ else if (!strcmp (*args, "-nooldmime"))
+ flags |= CMS_NOOLDMIMETYPE;
+ else if (!strcmp (*args, "-crlfeol"))
+ flags |= CMS_CRLFEOL;
+ else if (!strcmp (*args, "-receipt_request_print"))
+ rr_print = 1;
+ else if (!strcmp (*args, "-receipt_request_all"))
+ rr_allorfirst = 0;
+ else if (!strcmp (*args, "-receipt_request_first"))
+ rr_allorfirst = 1;
+ else if (!strcmp(*args,"-receipt_request_from"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_from)
+ rr_from = sk_new_null();
+ sk_push(rr_from, *args);
+ }
+ else if (!strcmp(*args,"-receipt_request_to"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_to)
+ rr_to = sk_new_null();
+ sk_push(rr_to, *args);
+ }
+ else if (!strcmp(*args,"-secretkey"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, <mp);
+ if (!secret_key)
+ {
+ BIO_printf(bio_err, "Invalid key %s\n", *args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-secretkeyid"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_keyid = string_to_hex(*args, <mp);
+ if (!secret_keyid)
+ {
+ BIO_printf(bio_err, "Invalid id %s\n", *args);
+ goto argerr;
+ }
+ secret_keyidlen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-econtent_type"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ econtent_type = OBJ_txt2obj(*args, 0);
+ if (!econtent_type)
+ {
+ BIO_printf(bio_err, "Invalid OID %s\n", *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp(*args,"-rand"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ inrand = *args;
+ need_rand = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args,"-engine"))
+ {
+ if (!args[1])
+ goto argerr;
+ engine = *++args;
+ }
+#endif
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1])
+ goto argerr;
+ passargin = *++args;
+ }
+ else if (!strcmp (*args, "-to"))
+ {
+ if (!args[1])
+ goto argerr;
+ to = *++args;
+ }
+ else if (!strcmp (*args, "-from"))
+ {
+ if (!args[1])
+ goto argerr;
+ from = *++args;
+ }
+ else if (!strcmp (*args, "-subject"))
+ {
+ if (!args[1])
+ goto argerr;
+ subject = *++args;
+ }
+ else if (!strcmp (*args, "-signer"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -signer argument add signer to list */
+
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!keyfile)
+ keyfile = signerfile;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ keyfile = NULL;
+ }
+ signerfile = *++args;
+ }
+ else if (!strcmp (*args, "-recip"))
+ {
+ if (!args[1])
+ goto argerr;
+ recipfile = *++args;
+ }
+ else if (!strcmp (*args, "-certsout"))
+ {
+ if (!args[1])
+ goto argerr;
+ certsoutfile = *++args;
+ }
+ else if (!strcmp (*args, "-md"))
+ {
+ if (!args[1])
+ goto argerr;
+ sign_md = EVP_get_digestbyname(*++args);
+ if (sign_md == NULL)
+ {
+ BIO_printf(bio_err, "Unknown digest %s\n",
+ *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp (*args, "-inkey"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -inkey arument add signer to list */
+ if (keyfile)
+ {
+ if (!signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ signerfile = NULL;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ }
+ keyfile = *++args;
+ }
+ else if (!strcmp (*args, "-keyform"))
+ {
+ if (!args[1])
+ goto argerr;
+ keyform = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-rctform"))
+ {
+ if (!args[1])
+ goto argerr;
+ rctformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-certfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ certfile = *++args;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ CAfile = *++args;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (!args[1])
+ goto argerr;
+ CApath = *++args;
+ }
+ else if (!strcmp (*args, "-in"))
+ {
+ if (!args[1])
+ goto argerr;
+ infile = *++args;
+ }
+ else if (!strcmp (*args, "-inform"))
+ {
+ if (!args[1])
+ goto argerr;
+ informat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-outform"))
+ {
+ if (!args[1])
+ goto argerr;
+ outformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (!args[1])
+ goto argerr;
+ outfile = *++args;
+ }
+ else if (!strcmp (*args, "-content"))
+ {
+ if (!args[1])
+ goto argerr;
+ contfile = *++args;
+ }
+ else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+ badarg = 1;
+ args++;
+ }
+
+ if (((rr_allorfirst != -1) || rr_from) && !rr_to)
+ {
+ BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+ goto argerr;
+ }
+
+ if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
+ {
+ BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+ goto argerr;
+ }
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+ {
+ BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+ goto argerr;
+ }
+
+ if (operation & SMIME_SIGNERS)
+ {
+ if (keyfile && !signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ /* Check to see if any final signer needs to be appended */
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!skkeys)
+ skkeys = sk_new_null();
+ if (!keyfile)
+ keyfile = signerfile;
+ sk_push(skkeys, keyfile);
+ }
+ if (!sksigners)
+ {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ signerfile = NULL;
+ keyfile = NULL;
+ need_rand = 1;
+ }
+
+ else if (operation == SMIME_DECRYPT)
+ {
+ if (!recipfile && !keyfile && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ if (!*args && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ }
+ else if (!operation)
+ badarg = 1;
+
+ if (badarg)
+ {
+ argerr:
+ BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-cmsout output CMS structure\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-certsout file certificate output file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-keyid use subject key identifier\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (!(operation & SMIME_SIGNERS))
+ flags &= ~CMS_DETACHED;
+
+ if (operation & SMIME_OP)
+ {
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ outmode = "wb";
+ }
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT)
+ {
+ if (!cipher)
+ {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+
+ if (secret_key && !secret_keyid)
+ {
+ BIO_printf(bio_err, "No sectre key id\n");
+ goto end;
+ }
+
+ if (*args)
+ encerts = sk_X509_new_null();
+ while (*args)
+ {
+ if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file")))
+ goto end;
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (certfile)
+ {
+ if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT))
+ {
+ if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_SIGN_RECEIPT)
+ {
+ if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
+ e, "receipt signer certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT)
+ {
+ if (!keyfile)
+ keyfile = recipfile;
+ }
+ else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
+ {
+ if (!keyfile)
+ keyfile = signerfile;
+ }
+ else keyfile = NULL;
+
+ if (keyfile)
+ {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file(infile, inmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_SMIME)
+ cms = SMIME_read_CMS(in, &indata);
+ else if (informat == FORMAT_PEM)
+ cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ cms = d2i_CMS_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for CMS file\n");
+ goto end;
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile)
+ {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb")))
+ {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ if (certsoutfile)
+ {
+ STACK_OF(X509) *allcerts;
+ allcerts = CMS_get1_certs(cms);
+ if (!save_certs(certsoutfile, allcerts))
+ {
+ BIO_printf(bio_err,
+ "Error writing certs to %s\n",
+ certsoutfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_pop_free(allcerts, X509_free);
+ }
+ }
+
+ if (rctfile)
+ {
+ char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+ if (!(rctin = BIO_new_file(rctfile, rctmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open receipt file %s\n", rctfile);
+ goto end;
+ }
+
+ if (rctformat == FORMAT_SMIME)
+ rcms = SMIME_read_CMS(rctin, NULL);
+ else if (rctformat == FORMAT_PEM)
+ rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+ else if (rctformat == FORMAT_ASN1)
+ rcms = d2i_CMS_bio(rctin, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for receipt\n");
+ goto end;
+ }
+
+ if (!rcms)
+ {
+ BIO_printf(bio_err, "Error reading receipt\n");
+ goto end;
+ }
+ }
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file(outfile, outmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
+ {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, cms_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+
+ ret = 3;
+
+ if (operation == SMIME_DATA_CREATE)
+ {
+ cms = CMS_data_create(in, flags);
+ }
+ else if (operation == SMIME_DIGEST_CREATE)
+ {
+ cms = CMS_digest_create(in, sign_md, flags);
+ }
+ else if (operation == SMIME_COMPRESS)
+ {
+ cms = CMS_compress(in, -1, flags);
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ flags |= CMS_PARTIAL;
+ cms = CMS_encrypt(encerts, in, cipher, flags);
+ if (!cms)
+ goto end;
+ if (secret_key)
+ {
+ if (!CMS_add0_recipient_key(cms, NID_undef,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
+ goto end;
+ /* NULL these because call absorbs them */
+ secret_key = NULL;
+ secret_keyid = NULL;
+ }
+ if (!(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+ {
+ cms = CMS_EncryptedData_encrypt(in, cipher,
+ secret_key, secret_keylen,
+ flags);
+
+ }
+ else if (operation == SMIME_SIGN_RECEIPT)
+ {
+ CMS_ContentInfo *srcms = NULL;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ sis = CMS_get0_SignerInfos(cms);
+ if (!sis)
+ goto end;
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ srcms = CMS_sign_receipt(si, signer, key, other, flags);
+ if (!srcms)
+ goto end;
+ CMS_ContentInfo_free(cms);
+ cms = srcms;
+ }
+ else if (operation & SMIME_SIGNERS)
+ {
+ int i;
+ /* If detached data content we enable streaming if
+ * S/MIME output format.
+ */
+ if (operation == SMIME_SIGN)
+ {
+
+ if (flags & CMS_DETACHED)
+ {
+ if (outformat == FORMAT_SMIME)
+ flags |= CMS_STREAM;
+ }
+ flags |= CMS_PARTIAL;
+ cms = CMS_sign(NULL, NULL, other, in, flags);
+ if (!cms)
+ goto end;
+ if (econtent_type)
+ CMS_set1_eContentType(cms, econtent_type);
+
+ if (rr_to)
+ {
+ rr = make_receipt_request(rr_to, rr_allorfirst,
+ rr_from);
+ if (!rr)
+ {
+ BIO_puts(bio_err,
+ "Signed Receipt Request Creation Error\n");
+ goto end;
+ }
+ }
+ }
+ else
+ flags |= CMS_REUSE_DIGEST;
+ for (i = 0; i < sk_num(sksigners); i++)
+ {
+ CMS_SignerInfo *si;
+ signerfile = sk_value(sksigners, i);
+ keyfile = sk_value(skkeys, i);
+ signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate");
+ if (!signer)
+ goto end;
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+ if (!si)
+ goto end;
+ if (rr && !CMS_add1_ReceiptRequest(si, rr))
+ goto end;
+ X509_free(signer);
+ signer = NULL;
+ EVP_PKEY_free(key);
+ key = NULL;
+ }
+ /* If not streaming or resigning finalize structure */
+ if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error creating CMS structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
+ if (flags & CMS_DEBUG_DECRYPT)
+ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+ if (secret_key)
+ {
+ if (!CMS_decrypt_set1_key(cms,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using secret key\n");
+ goto end;
+ }
+ }
+
+ if (key)
+ {
+ if (!CMS_decrypt_set1_pkey(cms, key, recip))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using private key\n");
+ goto end;
+ }
+ }
+
+ if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
+ {
+ BIO_printf(bio_err, "Error decrypting CMS structure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_DATAOUT)
+ {
+ if (!CMS_data(cms, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_UNCOMPRESS)
+ {
+ if (!CMS_uncompress(cms, indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_DIGEST_VERIFY)
+ {
+ if (CMS_digest_verify(cms, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_DECRYPT)
+ {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+ indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_VERIFY)
+ {
+ if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ if (signerfile)
+ {
+ STACK_OF(X509) *signers;
+ signers = CMS_get0_signers(cms);
+ if (!save_certs(signerfile, signers))
+ {
+ BIO_printf(bio_err,
+ "Error writing signers to %s\n",
+ signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ }
+ if (rr_print)
+ receipt_request_print(bio_err, cms);
+
+ }
+ else if (operation == SMIME_VERIFY_RECEIPT)
+ {
+ if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else
+ {
+ if (outformat == FORMAT_SMIME)
+ {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (operation == SMIME_RESIGN)
+ ret = SMIME_write_CMS(out, cms, indata, flags);
+ else
+ ret = SMIME_write_CMS(out, cms, in, flags);
+ }
+ else if (outformat == FORMAT_PEM)
+ ret = PEM_write_bio_CMS(out, cms);
+ else if (outformat == FORMAT_ASN1)
+ ret = i2d_CMS_bio(out,cms);
+ else
+ {
+ BIO_printf(bio_err, "Bad output format for CMS file\n");
+ goto end;
+ }
+ if (ret <= 0)
+ {
+ ret = 6;
+ goto end;
+ }
+ }
+ ret = 0;
+end:
+ if (ret)
+ ERR_print_errors(bio_err);
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (sksigners)
+ sk_free(sksigners);
+ if (skkeys)
+ sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
+ if (secret_keyid)
+ OPENSSL_free(secret_keyid);
+ if (econtent_type)
+ ASN1_OBJECT_free(econtent_type);
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rr_to)
+ sk_free(rr_to);
+ if (rr_from)
+ sk_free(rr_from);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(rcms);
+ BIO_free(rctin);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin) OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+ {
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp) return 0;
+ for(i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+ }
+
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+ {
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+ }
+
+static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+ {
+ STACK_OF(GENERAL_NAME) *gens;
+ GENERAL_NAME *gen;
+ int i, j;
+ for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
+ {
+ gens = sk_GENERAL_NAMES_value(gns, i);
+ for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
+ {
+ gen = sk_GENERAL_NAME_value(gens, j);
+ BIO_puts(out, " ");
+ GENERAL_NAME_print(out, gen);
+ BIO_puts(out, "\n");
+ }
+ }
+ return;
+ }
+
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+ {
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ CMS_ReceiptRequest *rr;
+ int allorfirst;
+ STACK_OF(GENERAL_NAMES) *rto, *rlist;
+ ASN1_STRING *scid;
+ int i, rv;
+ sis = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sis, i);
+ rv = CMS_get1_ReceiptRequest(si, &rr);
+ BIO_printf(bio_err, "Signer %d:\n", i + 1);
+ if (rv == 0)
+ BIO_puts(bio_err, " No Receipt Request\n");
+ else if (rv < 0)
+ {
+ BIO_puts(bio_err, " Receipt Request Parse Error\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ {
+ char *id;
+ int idlen;
+ CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+ &rlist, &rto);
+ BIO_puts(out, " Signed Content ID:\n");
+ idlen = ASN1_STRING_length(scid);
+ id = (char *)ASN1_STRING_data(scid);
+ BIO_dump_indent(out, id, idlen, 4);
+ BIO_puts(out, " Receipts From");
+ if (rlist)
+ {
+ BIO_puts(out, " List:\n");
+ gnames_stack_print(out, rlist);
+ }
+ else if (allorfirst == 1)
+ BIO_puts(out, ": First Tier\n");
+ else if (allorfirst == 0)
+ BIO_puts(out, ": All\n");
+ else
+ BIO_printf(out, " Unknown (%d)\n", allorfirst);
+ BIO_puts(out, " Receipts To:\n");
+ gnames_stack_print(out, rto);
+ }
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ }
+ }
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+ {
+ int i;
+ STACK_OF(GENERAL_NAMES) *ret;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ret = sk_GENERAL_NAMES_new_null();
+ if (!ret)
+ goto err;
+ for (i = 0; i < sk_num(ns); i++)
+ {
+ CONF_VALUE cnf;
+ cnf.name = "email";
+ cnf.value = sk_value(ns, i);
+ gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
+ if (!gen)
+ goto err;
+ gens = GENERAL_NAMES_new();
+ if (!gens)
+ goto err;
+ if (!sk_GENERAL_NAME_push(gens, gen))
+ goto err;
+ gen = NULL;
+ if (!sk_GENERAL_NAMES_push(ret, gens))
+ goto err;
+ gens = NULL;
+ }
+
+ return ret;
+
+ err:
+ if (ret)
+ sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+ if (gens)
+ GENERAL_NAMES_free(gens);
+ if (gen)
+ GENERAL_NAME_free(gen);
+ return NULL;
+ }
+
+
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from)
+ {
+ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ CMS_ReceiptRequest *rr;
+ rct_to = make_names_stack(rr_to);
+ if (!rct_to)
+ goto err;
+ if (rr_from)
+ {
+ rct_from = make_names_stack(rr_from);
+ if (!rct_from)
+ goto err;
+ }
+ else
+ rct_from = NULL;
+ rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+ rct_to);
+ return rr;
+ err:
+ return NULL;
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/apps/crl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/crl.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/crl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,446 @@
+/* apps/crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG crl_main
+
+#undef POSTFIX
+#define POSTFIX ".rvk"
+
+static const char *crl_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg - input format - default PEM (DER or PEM)\n",
+" -outform arg - output format - default PEM\n",
+" -text - print out a text format version\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -hash - print hash value\n",
+" -fingerprint - print the crl fingerprint\n",
+" -issuer - print issuer DN\n",
+" -lastupdate - lastUpdate field\n",
+" -nextupdate - nextUpdate field\n",
+" -crlnumber - print CRL number\n",
+" -noout - no CRL output\n",
+" -CAfile name - verify CRL using certificates in file \"name\"\n",
+" -CApath dir - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg - various certificate name options\n",
+NULL
+};
+
+static X509_CRL *load_crl(char *file, int format);
+static BIO *bio_out=NULL;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ unsigned long nmflag = 0;
+ X509_CRL *x=NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ int ret=1,i,num,badops=0;
+ BIO *out=NULL;
+ int informat,outformat;
+ char *infile=NULL,*outfile=NULL;
+ int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+ int fingerprint = 0, crlnumber = 0;
+ const char **pp;
+ X509_STORE *store = NULL;
+ X509_STORE_CTX ctx;
+ X509_LOOKUP *lookup = NULL;
+ X509_OBJECT xobj;
+ EVP_PKEY *pkey;
+ int do_ver = 0;
+ const EVP_MD *md_alg,*digest=EVP_sha1();
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ if (bio_out == NULL)
+ if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+ {
+ BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+ }
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+#ifdef undef
+ if (strcmp(*argv,"-p") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
+ }
+#endif
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath = *(++argv);
+ do_ver = 1;
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile = *(++argv);
+ do_ver = 1;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ do_ver = 1;
+ else if (strcmp(*argv,"-text") == 0)
+ text = 1;
+ else if (strcmp(*argv,"-hash") == 0)
+ hash= ++num;
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-issuer") == 0)
+ issuer= ++num;
+ else if (strcmp(*argv,"-lastupdate") == 0)
+ lastupdate= ++num;
+ else if (strcmp(*argv,"-nextupdate") == 0)
+ nextupdate= ++num;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else if (strcmp(*argv,"-fingerprint") == 0)
+ fingerprint= ++num;
+ else if (strcmp(*argv,"-crlnumber") == 0)
+ crlnumber= ++num;
+ else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+ {
+ /* ok */
+ digest=md_alg;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=crl_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x=load_crl(infile,informat);
+ if (x == NULL) { goto end; }
+
+ if(do_ver) {
+ store = X509_STORE_new();
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+ X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+ X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+ ERR_clear_error();
+
+ if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+ BIO_printf(bio_err,
+ "Error initialising X509 store\n");
+ goto end;
+ }
+
+ i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
+ X509_CRL_get_issuer(x), &xobj);
+ if(i <= 0) {
+ BIO_printf(bio_err,
+ "Error getting CRL issuer certificate\n");
+ goto end;
+ }
+ pkey = X509_get_pubkey(xobj.data.x509);
+ X509_OBJECT_free_contents(&xobj);
+ if(!pkey) {
+ BIO_printf(bio_err,
+ "Error getting CRL issuer public key\n");
+ goto end;
+ }
+ i = X509_CRL_verify(x, pkey);
+ EVP_PKEY_free(pkey);
+ if(i < 0) goto end;
+ if(i == 0) BIO_printf(bio_err, "verify failure\n");
+ else BIO_printf(bio_err, "verify OK\n");
+ }
+
+ if (num)
+ {
+ for (i=1; i<=num; i++)
+ {
+ if (issuer == i)
+ {
+ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
+ }
+ if (crlnumber == i)
+ {
+ ASN1_INTEGER *crlnum;
+ crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
+ NULL, NULL);
+ BIO_printf(bio_out,"crlNumber=");
+ if (crlnum)
+ {
+ i2a_ASN1_INTEGER(bio_out, crlnum);
+ ASN1_INTEGER_free(crlnum);
+ }
+ else
+ BIO_puts(bio_out, "<NONE>");
+ BIO_printf(bio_out,"\n");
+ }
+ if (hash == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash(X509_CRL_get_issuer(x)));
+ }
+ if (lastupdate == i)
+ {
+ BIO_printf(bio_out,"lastUpdate=");
+ ASN1_TIME_print(bio_out,
+ X509_CRL_get_lastUpdate(x));
+ BIO_printf(bio_out,"\n");
+ }
+ if (nextupdate == i)
+ {
+ BIO_printf(bio_out,"nextUpdate=");
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(bio_out,
+ X509_CRL_get_nextUpdate(x));
+ else
+ BIO_printf(bio_out,"NONE");
+ BIO_printf(bio_out,"\n");
+ }
+ if (fingerprint == i)
+ {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_CRL_digest(x,digest,md,&n))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ BIO_printf(bio_out,"%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
+ for (j=0; j<(int)n; j++)
+ {
+ BIO_printf(bio_out,"%02X%c",md[j],
+ (j+1 == (int)n)
+ ?'\n':':');
+ }
+ }
+ }
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text) X509_CRL_print(out, x);
+
+ if (noout)
+ {
+ ret = 0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=(int)i2d_X509_CRL_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509_CRL(out,x);
+ else
+ {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
+ ret=0;
+end:
+ BIO_free_all(out);
+ BIO_free_all(bio_out);
+ bio_out=NULL;
+ X509_CRL_free(x);
+ if(store) {
+ X509_STORE_CTX_cleanup(&ctx);
+ X509_STORE_free(store);
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static X509_CRL *load_crl(char *infile, int format)
+ {
+ X509_CRL *x=NULL;
+ BIO *in=NULL;
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x=d2i_X509_CRL_bio(in,NULL);
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+end:
+ BIO_free(in);
+ return(x);
+ }
+
Added: vendor-crypto/openssl/dist/apps/crl2p7.c
===================================================================
--- vendor-crypto/openssl/dist/apps/crl2p7.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/crl2p7.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,351 @@
+/* apps/crl2p7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This was written by Gordon Chaffee <chaffee at plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+#undef PROG
+#define PROG crl2pkcs7_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i,badops=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat;
+ char *infile,*outfile,*prog,*certfile;
+ PKCS7 *p7 = NULL;
+ PKCS7_SIGNED *p7s = NULL;
+ X509_CRL *crl=NULL;
+ STACK *certflst=NULL;
+ STACK_OF(X509_CRL) *crl_stack=NULL;
+ STACK_OF(X509) *cert_stack=NULL;
+ int ret=1,nocrl=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-nocrl") == 0)
+ {
+ nocrl=1;
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-certfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!certflst) certflst = sk_new_null();
+ if (!certflst)
+ goto end;
+ if (!sk_push(certflst,*(++argv)))
+ {
+ sk_free(certflst);
+ goto end;
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
+ BIO_printf(bio_err," (can be used more than once)\n");
+ BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
+ ret = 1;
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (!nocrl)
+ {
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ crl=d2i_X509_CRL_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (crl == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((p7=PKCS7_new()) == NULL) goto end;
+ if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
+ p7->type=OBJ_nid2obj(NID_pkcs7_signed);
+ p7->d.sign=p7s;
+ p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
+
+ if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+ if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
+ p7s->crl=crl_stack;
+ if (crl != NULL)
+ {
+ sk_X509_CRL_push(crl_stack,crl);
+ crl=NULL; /* now part of p7 for OPENSSL_freeing */
+ }
+
+ if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
+ p7s->cert=cert_stack;
+
+ if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+ certfile = sk_value(certflst, i);
+ if (add_certs_from_file(cert_stack,certfile) < 0)
+ {
+ BIO_printf(bio_err, "error loading certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ sk_free(certflst);
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=i2d_PKCS7_bio(out,p7);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_PKCS7(out,p7);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (p7 != NULL) PKCS7_free(p7);
+ if (crl != NULL) X509_CRL_free(crl);
+
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+/*
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ * Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ * number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+ {
+ struct stat st;
+ BIO *in=NULL;
+ int count=0;
+ int ret= -1;
+ STACK_OF(X509_INFO) *sk=NULL;
+ X509_INFO *xi;
+
+ if ((stat(certfile,&st) != 0))
+ {
+ BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+ {
+ BIO_printf(bio_err,"error opening the file, %s\n",certfile);
+ goto end;
+ }
+
+ /* This loads from a file, a stack of x509/crl/pkey sets */
+ sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
+ if (sk == NULL) {
+ BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+ goto end;
+ }
+
+ /* scan over it and pull out the CRL's */
+ while (sk_X509_INFO_num(sk))
+ {
+ xi=sk_X509_INFO_shift(sk);
+ if (xi->x509 != NULL)
+ {
+ sk_X509_push(stack,xi->x509);
+ xi->x509=NULL;
+ count++;
+ }
+ X509_INFO_free(xi);
+ }
+
+ ret=count;
+end:
+ /* never need to OPENSSL_free x */
+ if (in != NULL) BIO_free(in);
+ if (sk != NULL) sk_X509_INFO_free(sk);
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/apps/demoCA/cacert.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/demoCA/cacert.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/demoCA/cacert.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,14 @@
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/demoCA/index.txt
===================================================================
--- vendor-crypto/openssl/dist/apps/demoCA/index.txt (rev 0)
+++ vendor-crypto/openssl/dist/apps/demoCA/index.txt 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,39 @@
+R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young
+E 951009233205Z 02 certs/00000002 /CN=Duncan Young
+R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson
+V 980705233205Z 04 certs/00000004 /CN=Eric Young4
+V 980705233205Z 05 certs/00000004 /CN=Eric Young5
+V 980705233205Z 06 certs/00000004 /CN=Eric Young6
+V 980705233205Z 07 certs/00000004 /CN=Eric Young7
+V 980705233205Z 08 certs/00000004 /CN=Eric Young8
+V 980705233205Z 09 certs/00000004 /CN=Eric Young9
+V 980705233205Z 0A certs/00000004 /CN=Eric YoungA
+V 980705233205Z 0B certs/00000004 /CN=Eric YoungB
+V 980705233205Z 0C certs/00000004 /CN=Eric YoungC
+V 980705233205Z 0D certs/00000004 /CN=Eric YoungD
+V 980705233205Z 0E certs/00000004 /CN=Eric YoungE
+V 980705233205Z 0F certs/00000004 /CN=Eric YoungF
+V 980705233205Z 10 certs/00000004 /CN=Eric Young10
+V 980705233205Z 11 certs/00000004 /CN=Eric Young11
+V 980705233205Z 12 certs/00000004 /CN=Eric Young12
+V 980705233205Z 13 certs/00000004 /CN=Eric Young13
+V 980705233205Z 14 certs/00000004 /CN=Eric Young14
+V 980705233205Z 15 certs/00000004 /CN=Eric Young15
+V 980705233205Z 16 certs/00000004 /CN=Eric Young16
+V 980705233205Z 17 certs/00000004 /CN=Eric Young17
+V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay at mincom.oz.au
+V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay at mincom.oz.au
+V 970322074816Z 010E unknown /CN=Eric Young/Email=eay at mincom.oz.au
+V 970322075152Z 010F unknown /CN=Eric Young
+V 970322075906Z 0110 unknown /CN=Eric Youngg
+V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young
+V 970324221931Z 0112 unknown /CN=Fred
+V 970324224934Z 0113 unknown /C=AU/CN=eay
+V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
+V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test
+V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
+V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
+V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque at art.alcatel.fr
+V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister at cranfield.ac.uk
Added: vendor-crypto/openssl/dist/apps/demoCA/private/cakey.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/demoCA/private/cakey.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/demoCA/private/cakey.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,24 @@
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/demoCA/serial
===================================================================
--- vendor-crypto/openssl/dist/apps/demoCA/serial (rev 0)
+++ vendor-crypto/openssl/dist/apps/demoCA/serial 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+011E
Added: vendor-crypto/openssl/dist/apps/dgst.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dgst.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/dgst.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,552 @@
+/* apps/dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+#undef PROG
+#define PROG dgst_main
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ unsigned char *buf=NULL;
+ int i,err=1;
+ const EVP_MD *md=NULL,*m;
+ BIO *in=NULL,*inp;
+ BIO *bmd=NULL;
+ BIO *out = NULL;
+ const char *name;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE+1];
+ int separator=0;
+ int debug=0;
+ int keyform=FORMAT_PEM;
+ const char *outfile = NULL, *keyfile = NULL;
+ const char *sigfile = NULL, *randfile = NULL;
+ int out_bin = -1, want_pub = 0, do_verify = 0;
+ EVP_PKEY *sigkey = NULL;
+ unsigned char *sigbuf = NULL;
+ int siglen = 0;
+ unsigned int sig_flags = 0;
+ char *passargin = NULL, *passin = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ char *hmac_key=NULL;
+ int non_fips_allow = 0;
+
+ apps_startup();
+ERR_load_crypto_strings();
+ if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ /* first check the program name */
+ program_name(argv[0],pname,sizeof pname);
+
+ md=EVP_get_digestbyname(pname);
+
+ argc--;
+ argv++;
+ while (argc > 0)
+ {
+ if ((*argv)[0] != '-') break;
+ if (strcmp(*argv,"-c") == 0)
+ separator=1;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) break;
+ randfile=*(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) break;
+ outfile=*(++argv);
+ }
+ else if (strcmp(*argv,"-sign") == 0)
+ {
+ if (--argc < 1) break;
+ keyfile=*(++argv);
+ }
+ else if (!strcmp(*argv,"-passin"))
+ {
+ if (--argc < 1)
+ break;
+ passargin=*++argv;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+ if (--argc < 1) break;
+ keyfile=*(++argv);
+ want_pub = 1;
+ do_verify = 1;
+ }
+ else if (strcmp(*argv,"-prverify") == 0)
+ {
+ if (--argc < 1) break;
+ keyfile=*(++argv);
+ do_verify = 1;
+ }
+ else if (strcmp(*argv,"-x931") == 0)
+ sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
+ else if (strcmp(*argv,"-pss_saltlen") == 0)
+ {
+ int saltlen;
+ if (--argc < 1) break;
+ saltlen=atoi(*(++argv));
+ if (saltlen == -1)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
+ else if (saltlen == -2)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
+ else if (saltlen < -2 || saltlen >= 0xFFFE)
+ {
+ BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
+ goto end;
+ }
+ else
+ sig_flags = saltlen;
+ sig_flags <<= 16;
+ sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
+ }
+ else if (strcmp(*argv,"-signature") == 0)
+ {
+ if (--argc < 1) break;
+ sigfile=*(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) break;
+ keyform=str2fmt(*(++argv));
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) break;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-hex") == 0)
+ out_bin = 0;
+ else if (strcmp(*argv,"-binary") == 0)
+ out_bin = 1;
+ else if (strcmp(*argv,"-d") == 0)
+ debug=1;
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
+ else if (!strcmp(*argv,"-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
+ else if (!strcmp(*argv,"-hmac"))
+ {
+ if (--argc < 1)
+ break;
+ hmac_key=*++argv;
+ }
+ else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ md=m;
+ else
+ break;
+ argc--;
+ argv++;
+ }
+
+ if (md == NULL)
+ md=EVP_md5();
+
+ if(do_verify && !sigfile) {
+ BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
+ err = 1;
+ goto end;
+ }
+
+ if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+ {
+ BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+ BIO_printf(bio_err,"options are\n");
+ BIO_printf(bio_err,"-c to output the digest with separating colons\n");
+ BIO_printf(bio_err,"-d to output debug info\n");
+ BIO_printf(bio_err,"-hex output as hex dump\n");
+ BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
+ BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
+ BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
+ BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
+ BIO_printf(bio_err,"-signature file signature to verify\n");
+ BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
+
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
+ LN_md5,LN_md5);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_md4,LN_md4);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_md2,LN_md2);
+#ifndef OPENSSL_NO_SHA
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha1,LN_sha1);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha,LN_sha);
+#ifndef OPENSSL_NO_SHA256
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha224,LN_sha224);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha256,LN_sha256);
+#endif
+#ifndef OPENSSL_NO_SHA512
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha384,LN_sha384);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha512,LN_sha512);
+#endif
+#endif
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_mdc2,LN_mdc2);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_ripemd160,LN_ripemd160);
+ err=1;
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ in=BIO_new(BIO_s_file());
+ bmd=BIO_new(BIO_f_md());
+ if (debug)
+ {
+ BIO_set_callback(in,BIO_debug_callback);
+ /* needed for windows 3.1 */
+ BIO_set_callback_arg(in,(char *)bio_err);
+ }
+
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if ((in == NULL) || (bmd == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if(out_bin == -1) {
+ if(keyfile) out_bin = 1;
+ else out_bin = 0;
+ }
+
+ if(randfile)
+ app_RAND_load_file(randfile, bio_err, 0);
+
+ if(outfile) {
+ if(out_bin)
+ out = BIO_new_file(outfile, "wb");
+ else out = BIO_new_file(outfile, "w");
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if(!out) {
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "(stdout)");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if(keyfile)
+ {
+ if (want_pub)
+ sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
+ e, "key file");
+ else
+ sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
+ e, "key file");
+ if (!sigkey)
+ {
+ /* load_[pub]key() has already printed an appropriate
+ message */
+ goto end;
+ }
+ }
+
+ if(sigfile && sigkey) {
+ BIO *sigbio;
+ sigbio = BIO_new_file(sigfile, "rb");
+ siglen = EVP_PKEY_size(sigkey);
+ sigbuf = OPENSSL_malloc(siglen);
+ if(!sigbio) {
+ BIO_printf(bio_err, "Error opening signature file %s\n",
+ sigfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ siglen = BIO_read(sigbio, sigbuf, siglen);
+ BIO_free(sigbio);
+ if(siglen <= 0) {
+ BIO_printf(bio_err, "Error reading signature file %s\n",
+ sigfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (non_fips_allow)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+
+ if (sig_flags)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, sig_flags);
+ }
+
+ /* we use md as a filter, reading from 'in' */
+ if (!BIO_set_md(bmd,md))
+ {
+ BIO_printf(bio_err, "Error setting digest %s\n", pname);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ inp=BIO_push(bmd,in);
+
+ if (argc == 0)
+ {
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+ siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
+ }
+ else
+ {
+ name=OBJ_nid2sn(md->type);
+ err = 0;
+ for (i=0; i<argc; i++)
+ {
+ char *tmp,*tofree=NULL;
+ int r;
+
+ if (BIO_read_filename(in,argv[i]) <= 0)
+ {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ if(!out_bin)
+ {
+ size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
+ tmp=tofree=OPENSSL_malloc(len);
+ BIO_snprintf(tmp,len,"%s%s(%s)= ",
+ hmac_key ? "HMAC-" : "",name,argv[i]);
+ }
+ else
+ tmp="";
+ r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+ siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+ if(r)
+ err=r;
+ if(tofree)
+ OPENSSL_free(tofree);
+ (void)BIO_reset(bmd);
+ }
+ }
+end:
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,BUFSIZE);
+ OPENSSL_free(buf);
+ }
+ if (in != NULL) BIO_free(in);
+ if (passin)
+ OPENSSL_free(passin);
+ BIO_free_all(out);
+ EVP_PKEY_free(sigkey);
+ if(sigbuf) OPENSSL_free(sigbuf);
+ if (bmd != NULL) BIO_free(bmd);
+ apps_shutdown();
+ OPENSSL_EXIT(err);
+ }
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
+ {
+ unsigned int len;
+ int i;
+ EVP_MD_CTX *md_ctx;
+ HMAC_CTX hmac_ctx;
+
+ if (hmac_key)
+ {
+ EVP_MD *md;
+
+ BIO_get_md(bmd,&md);
+ HMAC_CTX_init(&hmac_ctx);
+ HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
+ BIO_get_md_ctx(bmd,&md_ctx);
+ BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
+ }
+ for (;;)
+ {
+ i=BIO_read(bp,(char *)buf,BUFSIZE);
+ if(i < 0)
+ {
+ BIO_printf(bio_err, "Read Error in %s\n",file);
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ if (i == 0) break;
+ }
+ if(sigin)
+ {
+ EVP_MD_CTX *ctx;
+ BIO_get_md_ctx(bp, &ctx);
+ i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
+ if(i > 0)
+ BIO_printf(out, "Verified OK\n");
+ else if(i == 0)
+ {
+ BIO_printf(out, "Verification Failure\n");
+ return 1;
+ }
+ else
+ {
+ BIO_printf(bio_err, "Error Verifying Data\n");
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ return 0;
+ }
+ if(key)
+ {
+ EVP_MD_CTX *ctx;
+ BIO_get_md_ctx(bp, &ctx);
+ if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
+ {
+ BIO_printf(bio_err, "Error Signing Data\n");
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ }
+ else if(hmac_key)
+ {
+ HMAC_Final(&hmac_ctx,buf,&len);
+ HMAC_CTX_cleanup(&hmac_ctx);
+ }
+ else
+ len=BIO_gets(bp,(char *)buf,BUFSIZE);
+
+ if(binout) BIO_write(out, buf, len);
+ else
+ {
+ BIO_write(out,title,strlen(title));
+ for (i=0; i<(int)len; i++)
+ {
+ if (sep && (i != 0))
+ BIO_printf(out, ":");
+ BIO_printf(out, "%02x",buf[i]);
+ }
+ BIO_printf(out, "\n");
+ }
+ if (hmac_key)
+ {
+ BIO_set_md_ctx(bmd,md_ctx);
+ }
+ return 0;
+ }
+
Added: vendor-crypto/openssl/dist/apps/dh.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dh.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/dh.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,349 @@
+/* apps/dh.c */
+/* obsoleted by dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_DH
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG dh_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DH *dh=NULL;
+ int i,badops=0,text=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,check=0,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_ENGINE
+ engine=NULL;
+#endif
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -check check the DH parameters\n");
+ BIO_printf(bio_err," -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -noout no output\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ dh=d2i_DHparams_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+ if (dh == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+
+
+ if (text)
+ {
+ DHparams_print(out,dh);
+#ifdef undef
+ printf("p=");
+ BN_print(stdout,dh->p);
+ printf("\ng=");
+ BN_print(stdout,dh->g);
+ printf("\n");
+ if (dh->length != 0)
+ printf("recommended private length=%ld\n",dh->length);
+#endif
+ }
+
+ if (check)
+ {
+ if (!DH_check(dh,&i))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C)
+ {
+ unsigned char *data;
+ int len,l,bits;
+
+ len=BN_num_bytes(dh->p);
+ bits=BN_num_bits(dh->p);
+ data=(unsigned char *)OPENSSL_malloc(len);
+ if (data == NULL)
+ {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ l=BN_bn2bin(dh->p,data);
+ printf("static unsigned char dh%d_p[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dh->g,data);
+ printf("static unsigned char dh%d_g[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DH *get_dh%d()\n\t{\n",bits);
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits,bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits,bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\treturn(NULL);\n");
+ printf("\treturn(dh);\n\t}\n");
+ OPENSSL_free(data);
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DHparams_bio(out,dh);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DHparams(out,dh);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (dh != NULL) DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+#endif
Added: vendor-crypto/openssl/dist/apps/dh1024.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dh1024.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dh1024.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,10 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
+jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
+ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
+-----END DH PARAMETERS-----
+
+These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
Added: vendor-crypto/openssl/dist/apps/dh2048.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dh2048.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dh2048.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,12 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
+89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
+T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
+zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
+Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
+CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
Added: vendor-crypto/openssl/dist/apps/dh4096.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dh4096.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dh4096.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,18 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
+l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
+Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
+Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
+VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
+alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
+sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
+ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
+OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
+AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
+KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
Added: vendor-crypto/openssl/dist/apps/dh512.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dh512.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dh512.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,9 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
+XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
+-----END DH PARAMETERS-----
+
+These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
Added: vendor-crypto/openssl/dist/apps/dhparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dhparam.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/dhparam.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,553 @@
+/* apps/dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_DH
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG dhparam_main
+
+#define DEFBITS 512
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -dsaparam - read or generate DSA parameters, convert to DH
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DH *dh=NULL;
+ int i,badops=0,text=0;
+#ifndef OPENSSL_NO_DSA
+ int dsaparam=0;
+#endif
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,check=0,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog;
+ char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ int num = 0, g = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+#ifndef OPENSSL_NO_DSA
+ else if (strcmp(*argv,"-dsaparam") == 0)
+ dsaparam=1;
+#endif
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-2") == 0)
+ g=2;
+ else if (strcmp(*argv,"-5") == 0)
+ g=5;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+#ifndef OPENSSL_NO_DSA
+ BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
+#endif
+ BIO_printf(bio_err," -check check the DH parameters\n");
+ BIO_printf(bio_err," -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
+ BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
+ BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," -noout no output\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (g && !num)
+ num = DEFBITS;
+
+#ifndef OPENSSL_NO_DSA
+ if (dsaparam)
+ {
+ if (g)
+ {
+ BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ /* DH parameters */
+ if (num && !g)
+ g = 2;
+ }
+
+ if(num) {
+
+ BN_GENCB cb;
+ BN_GENCB_set(&cb, dh_cb, bio_err);
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+#ifndef OPENSSL_NO_DSA
+ if (dsaparam)
+ {
+ DSA *dsa = DSA_new();
+
+ BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+ if(!dsa || !DSA_generate_parameters_ex(dsa, num,
+ NULL, 0, NULL, NULL, &cb))
+ {
+ if(dsa) DSA_free(dsa);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ dh = DH_new();
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ app_RAND_write_file(NULL, bio_err);
+ } else {
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_DSA
+ if (dsaparam)
+ {
+ DSA *dsa;
+
+ if (informat == FORMAT_ASN1)
+ dsa=d2i_DSAparams_bio(in,NULL);
+ else /* informat == FORMAT_PEM */
+ dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ if (informat == FORMAT_ASN1)
+ dh=d2i_DHparams_bio(in,NULL);
+ else /* informat == FORMAT_PEM */
+ dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+
+ if (dh == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ /* dh != NULL */
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+
+ if (text)
+ {
+ DHparams_print(out,dh);
+ }
+
+ if (check)
+ {
+ if (!DH_check(dh,&i))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C)
+ {
+ unsigned char *data;
+ int len,l,bits;
+
+ len=BN_num_bytes(dh->p);
+ bits=BN_num_bits(dh->p);
+ data=(unsigned char *)OPENSSL_malloc(len);
+ if (data == NULL)
+ {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ printf("#ifndef HEADER_DH_H\n"
+ "#include <openssl/dh.h>\n"
+ "#endif\n");
+ printf("DH *get_dh%d()\n\t{\n",bits);
+
+ l=BN_bn2bin(dh->p,data);
+ printf("\tstatic unsigned char dh%d_p[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ l=BN_bn2bin(dh->g,data);
+ printf("\tstatic unsigned char dh%d_g[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits,bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits,bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\t{ DH_free(dh); return(NULL); }\n");
+ if (dh->length)
+ printf("\tdh->length = %ld;\n", dh->length);
+ printf("\treturn(dh);\n\t}\n");
+ OPENSSL_free(data);
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DHparams_bio(out,dh);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DHparams(out,dh);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (dh != NULL) DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(cb->arg,&c,1);
+ (void)BIO_flush(cb->arg);
+#ifdef LINT
+ p=n;
+#endif
+ return 1;
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/apps/dsa-ca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa-ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsa-ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,40 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
Added: vendor-crypto/openssl/dist/apps/dsa-pca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa-pca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsa-pca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,46 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
Added: vendor-crypto/openssl/dist/apps/dsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsa.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,333 @@
+/* apps/dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#ifndef OPENSSL_NO_DSA
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+
+#undef PROG
+#define PROG dsa_main
+
+/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the DSA public key
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int ret=1;
+ DSA *dsa=NULL;
+ int i,badops=0;
+ const EVP_CIPHER *enc=NULL;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,text=0,noout=0;
+ int pubin = 0, pubout = 0;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ int modulus=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_ENGINE
+ engine=NULL;
+#endif
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if (strcmp(*argv,"-pubin") == 0)
+ pubin=1;
+ else if (strcmp(*argv,"-pubout") == 0)
+ pubout=1;
+ else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
+#endif
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the DSA public value\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ BIO_printf(bio_err,"read DSA key\n");
+ {
+ EVP_PKEY *pkey;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!DSA_print(out,dsa,0))
+ {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus)
+ {
+ fprintf(stdout,"Public Key=");
+ BN_print(out,dsa->pub_key);
+ fprintf(stdout,"\n");
+ }
+
+ if (noout) goto end;
+ BIO_printf(bio_err,"writing DSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
+ else i=i2d_DSAPrivateKey_bio(out,dsa);
+ } else if (outformat == FORMAT_PEM) {
+ if(pubin || pubout)
+ i=PEM_write_bio_DSA_PUBKEY(out,dsa);
+ else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+ NULL,0,NULL, passout);
+ } else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write private key\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ ret=0;
+end:
+ if(in != NULL) BIO_free(in);
+ if(out != NULL) BIO_free_all(out);
+ if(dsa != NULL) DSA_free(dsa);
+ if(passin) OPENSSL_free(passin);
+ if(passout) OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+#endif
Added: vendor-crypto/openssl/dist/apps/dsa1024.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa1024.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsa1024.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----
Added: vendor-crypto/openssl/dist/apps/dsa512.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa512.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsa512.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----
Added: vendor-crypto/openssl/dist/apps/dsap.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/dsap.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsap.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----
Added: vendor-crypto/openssl/dist/apps/dsaparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dsaparam.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/dsaparam.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,479 @@
+/* apps/dsaparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG dsaparam_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -noout
+ * -text
+ * -C
+ * -noout
+ * -genkey
+ * #ifdef GENCB_TEST
+ * -timebomb n - interrupt keygen after <n> seconds
+ * #endif
+ */
+
+#ifdef GENCB_TEST
+
+static int stop_keygen_flag = 0;
+
+static void timebomb_sigalarm(int foo)
+ {
+ stop_keygen_flag = 1;
+ }
+
+#endif
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DSA *dsa=NULL;
+ int i,badops=0,text=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog,*inrand=NULL;
+ int numbits= -1,num,genkey=0;
+ int need_rand=0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+#ifdef GENCB_TEST
+ int timebomb=0;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if(strcmp(*argv, "-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine = *(++argv);
+ }
+#endif
+#ifdef GENCB_TEST
+ else if(strcmp(*argv, "-timebomb") == 0)
+ {
+ if (--argc < 1) goto bad;
+ timebomb = atoi(*(++argv));
+ }
+#endif
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-genkey") == 0)
+ {
+ genkey=1;
+ need_rand=1;
+ }
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ need_rand=1;
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (sscanf(*argv,"%d",&num) == 1)
+ {
+ /* generate a key */
+ numbits=num;
+ need_rand=1;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -text print as text\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -noout no output\n");
+ BIO_printf(bio_err," -genkey generate a DSA key\n");
+ BIO_printf(bio_err," -rand files to use for random number input\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+#ifdef GENCB_TEST
+ BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
+#endif
+ BIO_printf(bio_err," number number of bits to use for generating private key\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ if (numbits > 0)
+ {
+ BN_GENCB cb;
+ BN_GENCB_set(&cb, dsa_cb, bio_err);
+ assert(need_rand);
+ dsa = DSA_new();
+ if(!dsa)
+ {
+ BIO_printf(bio_err,"Error allocating DSA object\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+ BIO_printf(bio_err,"This could take some time\n");
+#ifdef GENCB_TEST
+ if(timebomb > 0)
+ {
+ struct sigaction act;
+ act.sa_handler = timebomb_sigalarm;
+ act.sa_flags = 0;
+ BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
+ timebomb);
+ if(sigaction(SIGALRM, &act, NULL) != 0)
+ {
+ BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
+ goto end;
+ }
+ alarm(timebomb);
+ }
+#endif
+ if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
+ {
+#ifdef GENCB_TEST
+ if(stop_keygen_flag)
+ {
+ BIO_printf(bio_err,"DSA key generation time-stopped\n");
+ /* This is an asked-for behaviour! */
+ ret = 0;
+ goto end;
+ }
+#endif
+ BIO_printf(bio_err,"Error, DSA key generation failed\n");
+ goto end;
+ }
+ }
+ else if (informat == FORMAT_ASN1)
+ dsa=d2i_DSAparams_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (text)
+ {
+ DSAparams_print(out,dsa);
+ }
+
+ if (C)
+ {
+ unsigned char *data;
+ int l,len,bits_p;
+
+ len=BN_num_bytes(dsa->p);
+ bits_p=BN_num_bits(dsa->p);
+ data=(unsigned char *)OPENSSL_malloc(len+20);
+ if (data == NULL)
+ {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ l=BN_bn2bin(dsa->p,data);
+ printf("static unsigned char dsa%d_p[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dsa->q,data);
+ printf("static unsigned char dsa%d_q[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dsa->g,data);
+ printf("static unsigned char dsa%d_g[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DSA *get_dsa%d()\n\t{\n",bits_p);
+ printf("\tDSA *dsa;\n\n");
+ printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
+ printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
+ bits_p,bits_p);
+ printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
+ bits_p,bits_p);
+ printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
+ bits_p,bits_p);
+ printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+ printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
+ printf("\treturn(dsa);\n\t}\n");
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DSAparams_bio(out,dsa);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DSAparams(out,dsa);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (genkey)
+ {
+ DSA *dsakey;
+
+ assert(need_rand);
+ if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+ if (!DSA_generate_key(dsakey)) goto end;
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DSAPrivateKey_bio(out,dsakey);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ DSA_free(dsakey);
+ }
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (dsa != NULL) DSA_free(dsa);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(cb->arg,&c,1);
+ (void)BIO_flush(cb->arg);
+#ifdef LINT
+ p=n;
+#endif
+#ifdef GENCB_TEST
+ if(stop_keygen_flag)
+ return 0;
+#endif
+ return 1;
+ }
+#else /* !OPENSSL_NO_DSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/apps/ec.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ec.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/ec.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,400 @@
+/* apps/ec.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_EC
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG ec_main
+
+/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -text - print a text version
+ * -param_out - print the elliptic curve parameters
+ * -conv_form arg - specifies the point encoding form
+ * -param_enc arg - specifies the parameter encoding
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int ret = 1;
+ EC_KEY *eckey = NULL;
+ const EC_GROUP *group;
+ int i, badops = 0;
+ const EVP_CIPHER *enc = NULL;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, text=0, noout=0;
+ int pubin = 0, pubout = 0, param_out = 0;
+ char *infile, *outfile, *prog, *engine;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ engine = NULL;
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+ else if (strcmp(*argv, "-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-conv_form") == 0)
+ {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_form = 1;
+ if (strcmp(*argv, "compressed") == 0)
+ form = POINT_CONVERSION_COMPRESSED;
+ else if (strcmp(*argv, "uncompressed") == 0)
+ form = POINT_CONVERSION_UNCOMPRESSED;
+ else if (strcmp(*argv, "hybrid") == 0)
+ form = POINT_CONVERSION_HYBRID;
+ else
+ goto bad;
+ }
+ else if (strcmp(*argv, "-param_enc") == 0)
+ {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_asn1_flag = 1;
+ if (strcmp(*argv, "named_curve") == 0)
+ asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ else if (strcmp(*argv, "explicit") == 0)
+ asn1_flag = 0;
+ else
+ goto bad;
+ }
+ else if (strcmp(*argv, "-param_out") == 0)
+ param_out = 1;
+ else if (strcmp(*argv, "-pubin") == 0)
+ pubin=1;
+ else if (strcmp(*argv, "-pubout") == 0)
+ pubout=1;
+ else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+ {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - "
+ "DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - "
+ "DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -passin arg input file pass "
+ "phrase source\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -passout arg output file pass "
+ "phrase source\n");
+ BIO_printf(bio_err, " -engine e use engine e, "
+ "possibly a hardware device.\n");
+ BIO_printf(bio_err, " -des encrypt PEM output, "
+ "instead of 'des' every other \n"
+ " cipher "
+ "supported by OpenSSL can be used\n");
+ BIO_printf(bio_err, " -text print the key\n");
+ BIO_printf(bio_err, " -noout don't print key out\n");
+ BIO_printf(bio_err, " -param_out print the elliptic "
+ "curve parameters\n");
+ BIO_printf(bio_err, " -conv_form arg specifies the "
+ "point conversion form \n");
+ BIO_printf(bio_err, " possible values:"
+ " compressed\n");
+ BIO_printf(bio_err, " "
+ " uncompressed (default)\n");
+ BIO_printf(bio_err, " "
+ " hybrid\n");
+ BIO_printf(bio_err, " -param_enc arg specifies the way"
+ " the ec parameters are encoded\n");
+ BIO_printf(bio_err, " in the asn1 der "
+ "encoding\n");
+ BIO_printf(bio_err, " possible values:"
+ " named_curve (default)\n");
+ BIO_printf(bio_err," "
+ "explicit\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+ {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in, infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ BIO_printf(bio_err, "read EC key\n");
+ if (informat == FORMAT_ASN1)
+ {
+ if (pubin)
+ eckey = d2i_EC_PUBKEY_bio(in, NULL);
+ else
+ eckey = d2i_ECPrivateKey_bio(in, NULL);
+ }
+ else if (informat == FORMAT_PEM)
+ {
+ if (pubin)
+ eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
+ NULL);
+ else
+ eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
+ passin);
+ }
+ else
+ {
+ BIO_printf(bio_err, "bad input format specified for key\n");
+ goto end;
+ }
+ if (eckey == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out, outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ group = EC_KEY_get0_group(eckey);
+
+ if (new_form)
+ EC_KEY_set_conv_form(eckey, form);
+
+ if (new_asn1_flag)
+ EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+ if (text)
+ if (!EC_KEY_print(out, eckey, 0))
+ {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (noout)
+ {
+ ret = 0;
+ goto end;
+ }
+
+ BIO_printf(bio_err, "writing EC key\n");
+ if (outformat == FORMAT_ASN1)
+ {
+ if (param_out)
+ i = i2d_ECPKParameters_bio(out, group);
+ else if (pubin || pubout)
+ i = i2d_EC_PUBKEY_bio(out, eckey);
+ else
+ i = i2d_ECPrivateKey_bio(out, eckey);
+ }
+ else if (outformat == FORMAT_PEM)
+ {
+ if (param_out)
+ i = PEM_write_bio_ECPKParameters(out, group);
+ else if (pubin || pubout)
+ i = PEM_write_bio_EC_PUBKEY(out, eckey);
+ else
+ i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+ NULL, 0, NULL, passout);
+ }
+ else
+ {
+ BIO_printf(bio_err, "bad output format specified for "
+ "outfile\n");
+ goto end;
+ }
+
+ if (!i)
+ {
+ BIO_printf(bio_err, "unable to write private key\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ ret=0;
+end:
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free_all(out);
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#endif
Added: vendor-crypto/openssl/dist/apps/ecparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/ecparam.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,725 @@
+/* apps/ecparam.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_EC
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG ecparam_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -noout - do not print the ec parameter
+ * -text - print the ec parameters in text form
+ * -check - validate the ec parameters
+ * -C - print a 'C' function creating the parameters
+ * -name arg - use the ec parameters with 'short name' name
+ * -list_curves - prints a list of all currently available curve 'short names'
+ * -conv_form arg - specifies the point conversion form
+ * - possible values: compressed
+ * uncompressed (default)
+ * hybrid
+ * -param_enc arg - specifies the way the ec parameters are encoded
+ * in the asn1 der encoding
+ * possible values: named_curve (default)
+ * explicit
+ * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -genkey - generate ec key
+ * -rand file - files to use for random number input
+ * -engine e - use engine e, possibly a hardware device
+ */
+
+
+static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ EC_GROUP *group = NULL;
+ point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
+ char *curve_name = NULL, *inrand = NULL;
+ int list_curves = 0, no_seed = 0, check = 0,
+ badops = 0, text = 0, i, need_rand = 0, genkey = 0;
+ char *infile = NULL, *outfile = NULL, *prog;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, noout = 0, C = 0, ret = 1;
+ char *engine = NULL;
+
+ BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
+ *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+ unsigned char *buffer = NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-text") == 0)
+ text = 1;
+ else if (strcmp(*argv,"-C") == 0)
+ C = 1;
+ else if (strcmp(*argv,"-check") == 0)
+ check = 1;
+ else if (strcmp (*argv, "-name") == 0)
+ {
+ if (--argc < 1)
+ goto bad;
+ curve_name = *(++argv);
+ }
+ else if (strcmp(*argv, "-list_curves") == 0)
+ list_curves = 1;
+ else if (strcmp(*argv, "-conv_form") == 0)
+ {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_form = 1;
+ if (strcmp(*argv, "compressed") == 0)
+ form = POINT_CONVERSION_COMPRESSED;
+ else if (strcmp(*argv, "uncompressed") == 0)
+ form = POINT_CONVERSION_UNCOMPRESSED;
+ else if (strcmp(*argv, "hybrid") == 0)
+ form = POINT_CONVERSION_HYBRID;
+ else
+ goto bad;
+ }
+ else if (strcmp(*argv, "-param_enc") == 0)
+ {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_asn1_flag = 1;
+ if (strcmp(*argv, "named_curve") == 0)
+ asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ else if (strcmp(*argv, "explicit") == 0)
+ asn1_flag = 0;
+ else
+ goto bad;
+ }
+ else if (strcmp(*argv, "-no_seed") == 0)
+ no_seed = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-genkey") == 0)
+ {
+ genkey=1;
+ need_rand=1;
+ }
+ else if (strcmp(*argv, "-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ need_rand=1;
+ }
+ else if(strcmp(*argv, "-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine = *(++argv);
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - "
+ "default PEM (DER or PEM)\n");
+ BIO_printf(bio_err, " -outform arg output format - "
+ "default PEM\n");
+ BIO_printf(bio_err, " -in arg input file - "
+ "default stdin\n");
+ BIO_printf(bio_err, " -out arg output file - "
+ "default stdout\n");
+ BIO_printf(bio_err, " -noout do not print the "
+ "ec parameter\n");
+ BIO_printf(bio_err, " -text print the ec "
+ "parameters in text form\n");
+ BIO_printf(bio_err, " -check validate the ec "
+ "parameters\n");
+ BIO_printf(bio_err, " -C print a 'C' "
+ "function creating the parameters\n");
+ BIO_printf(bio_err, " -name arg use the "
+ "ec parameters with 'short name' name\n");
+ BIO_printf(bio_err, " -list_curves prints a list of "
+ "all currently available curve 'short names'\n");
+ BIO_printf(bio_err, " -conv_form arg specifies the "
+ "point conversion form \n");
+ BIO_printf(bio_err, " possible values:"
+ " compressed\n");
+ BIO_printf(bio_err, " "
+ " uncompressed (default)\n");
+ BIO_printf(bio_err, " "
+ " hybrid\n");
+ BIO_printf(bio_err, " -param_enc arg specifies the way"
+ " the ec parameters are encoded\n");
+ BIO_printf(bio_err, " in the asn1 der "
+ "encoding\n");
+ BIO_printf(bio_err, " possible values:"
+ " named_curve (default)\n");
+ BIO_printf(bio_err, " "
+ " explicit\n");
+ BIO_printf(bio_err, " -no_seed if 'explicit'"
+ " parameters are choosen do not"
+ " use the seed\n");
+ BIO_printf(bio_err, " -genkey generate ec"
+ " key\n");
+ BIO_printf(bio_err, " -rand file files to use for"
+ " random number input\n");
+ BIO_printf(bio_err, " -engine e use engine e, "
+ "possibly a hardware device\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (list_curves)
+ {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0;
+ size_t n = 0;
+
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
+
+ if (curves == NULL)
+ goto end;
+
+ if (!EC_get_builtin_curves(curves, crv_len))
+ {
+ OPENSSL_free(curves);
+ goto end;
+ }
+
+
+ for (n = 0; n < crv_len; n++)
+ {
+ const char *comment;
+ const char *sname;
+ comment = curves[n].comment;
+ sname = OBJ_nid2sn(curves[n].nid);
+ if (comment == NULL)
+ comment = "CURVE DESCRIPTION NOT AVAILABLE";
+ if (sname == NULL)
+ sname = "";
+
+ BIO_printf(out, " %-10s: ", sname);
+ BIO_printf(out, "%s\n", comment);
+ }
+
+ OPENSSL_free(curves);
+ ret = 0;
+ goto end;
+ }
+
+ if (curve_name != NULL)
+ {
+ int nid;
+
+ /* workaround for the SECG curve names secp192r1
+ * and secp256r1 (which are the same as the curves
+ * prime192v1 and prime256v1 defined in X9.62)
+ */
+ if (!strcmp(curve_name, "secp192r1"))
+ {
+ BIO_printf(bio_err, "using curve name prime192v1 "
+ "instead of secp192r1\n");
+ nid = NID_X9_62_prime192v1;
+ }
+ else if (!strcmp(curve_name, "secp256r1"))
+ {
+ BIO_printf(bio_err, "using curve name prime256v1 "
+ "instead of secp256r1\n");
+ nid = NID_X9_62_prime256v1;
+ }
+ else
+ nid = OBJ_sn2nid(curve_name);
+
+ if (nid == 0)
+ {
+ BIO_printf(bio_err, "unknown curve name (%s)\n",
+ curve_name);
+ goto end;
+ }
+
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ curve_name);
+ goto end;
+ }
+ EC_GROUP_set_asn1_flag(group, asn1_flag);
+ EC_GROUP_set_point_conversion_form(group, form);
+ }
+ else if (informat == FORMAT_ASN1)
+ {
+ group = d2i_ECPKParameters_bio(in, NULL);
+ }
+ else if (informat == FORMAT_PEM)
+ {
+ group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
+ }
+ else
+ {
+ BIO_printf(bio_err, "bad input format specified\n");
+ goto end;
+ }
+
+ if (group == NULL)
+ {
+ BIO_printf(bio_err,
+ "unable to load elliptic curve parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (new_form)
+ EC_GROUP_set_point_conversion_form(group, form);
+
+ if (new_asn1_flag)
+ EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+ if (no_seed)
+ {
+ EC_GROUP_set_seed(group, NULL, 0);
+ }
+
+ if (text)
+ {
+ if (!ECPKParameters_print(out, group, 0))
+ goto end;
+ }
+
+ if (check)
+ {
+ if (group == NULL)
+ BIO_printf(bio_err, "no elliptic curve parameters\n");
+ BIO_printf(bio_err, "checking elliptic curve parameters: ");
+ if (!EC_GROUP_check(group, NULL))
+ {
+ BIO_printf(bio_err, "failed\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ BIO_printf(bio_err, "ok\n");
+
+ }
+
+ if (C)
+ {
+ size_t buf_len = 0, tmp_len = 0;
+ const EC_POINT *point;
+ int is_prime, len = 0;
+ const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+ if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
+ (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
+ (ec_order = BN_new()) == NULL ||
+ (ec_cofactor = BN_new()) == NULL )
+ {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+
+ is_prime = (EC_METHOD_get_field_type(meth) ==
+ NID_X9_62_prime_field);
+
+ if (is_prime)
+ {
+ if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
+ ec_b, NULL))
+ goto end;
+ }
+ else
+ {
+ /* TODO */
+ goto end;
+ }
+
+ if ((point = EC_GROUP_get0_generator(group)) == NULL)
+ goto end;
+ if (!EC_POINT_point2bn(group, point,
+ EC_GROUP_get_point_conversion_form(group), ec_gen,
+ NULL))
+ goto end;
+ if (!EC_GROUP_get_order(group, ec_order, NULL))
+ goto end;
+ if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+ goto end;
+
+ if (!ec_p || !ec_a || !ec_b || !ec_gen ||
+ !ec_order || !ec_cofactor)
+ goto end;
+
+ len = BN_num_bits(ec_order);
+
+ if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+ buf_len = tmp_len;
+
+ buffer = (unsigned char *)OPENSSL_malloc(buf_len);
+
+ if (buffer == NULL)
+ {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+
+ ecparam_print_var(out, ec_p, "ec_p", len, buffer);
+ ecparam_print_var(out, ec_a, "ec_a", len, buffer);
+ ecparam_print_var(out, ec_b, "ec_b", len, buffer);
+ ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
+ ecparam_print_var(out, ec_order, "ec_order", len, buffer);
+ ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
+ buffer);
+
+ BIO_printf(out, "\n\n");
+
+ BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
+ BIO_printf(out, "\tint ok=0;\n");
+ BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
+ BIO_printf(out, "\tEC_POINT *point = NULL;\n");
+ BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
+ "*tmp_3 = NULL;\n\n");
+ BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
+ "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
+ "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
+ "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ if (is_prime)
+ {
+ BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
+ "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
+ "\n\t\tgoto err;\n\n");
+ }
+ else
+ {
+ /* TODO */
+ goto end;
+ }
+ BIO_printf(out, "\t/* build generator */\n");
+ BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
+ "sizeof(ec_gen_%d), tmp_1)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
+ "NULL, NULL);\n");
+ BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
+ BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
+ "sizeof(ec_order_%d), tmp_2)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
+ "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
+ " tmp_2, tmp_3))\n\t\tgoto err;\n");
+ BIO_printf(out, "\n\tok=1;\n");
+ BIO_printf(out, "err:\n");
+ BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
+ BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
+ BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
+ BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
+ BIO_printf(out, "\tif (!ok)\n");
+ BIO_printf(out, "\t\t{\n");
+ BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
+ BIO_printf(out, "\t\tgroup = NULL;\n");
+ BIO_printf(out, "\t\t}\n");
+ BIO_printf(out, "\treturn(group);\n\t}\n");
+ }
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_ECPKParameters_bio(out, group);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_ECPKParameters(out, group);
+ else
+ {
+ BIO_printf(bio_err,"bad output format specified for"
+ " outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err, "unable to write elliptic "
+ "curve parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ if (genkey)
+ {
+ EC_KEY *eckey = EC_KEY_new();
+
+ if (eckey == NULL)
+ goto end;
+
+ assert(need_rand);
+
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto end;
+
+ if (!EC_KEY_generate_key(eckey))
+ {
+ EC_KEY_free(eckey);
+ goto end;
+ }
+ if (outformat == FORMAT_ASN1)
+ i = i2d_ECPrivateKey_bio(out, eckey);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+ NULL, 0, NULL, NULL);
+ else
+ {
+ BIO_printf(bio_err, "bad output format specified "
+ "for outfile\n");
+ EC_KEY_free(eckey);
+ goto end;
+ }
+ EC_KEY_free(eckey);
+ }
+
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+
+ ret=0;
+end:
+ if (ec_p)
+ BN_free(ec_p);
+ if (ec_a)
+ BN_free(ec_a);
+ if (ec_b)
+ BN_free(ec_b);
+ if (ec_gen)
+ BN_free(ec_gen);
+ if (ec_order)
+ BN_free(ec_order);
+ if (ec_cofactor)
+ BN_free(ec_cofactor);
+ if (buffer)
+ OPENSSL_free(buffer);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (group != NULL)
+ EC_GROUP_free(group);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
+ int len, unsigned char *buffer)
+ {
+ BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
+ if (BN_is_zero(in))
+ BIO_printf(out, "\n\t0x00");
+ else
+ {
+ int i, l;
+
+ l = BN_bn2bin(in, buffer);
+ for (i=0; i<l-1; i++)
+ {
+ if ((i%12) == 0)
+ BIO_printf(out, "\n\t");
+ BIO_printf(out, "0x%02X,", buffer[i]);
+ }
+ if ((i%12) == 0)
+ BIO_printf(out, "\n\t");
+ BIO_printf(out, "0x%02X", buffer[i]);
+ }
+ BIO_printf(out, "\n\t};\n\n");
+ return 1;
+ }
+#endif
Added: vendor-crypto/openssl/dist/apps/enc.c
===================================================================
--- vendor-crypto/openssl/dist/apps/enc.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/enc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,695 @@
+/* apps/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#include <ctype.h>
+
+int set_hex(char *in,unsigned char *out,int size);
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE (512)
+#define BSIZE (8*1024)
+#define PROG enc_main
+
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
+ {
+ BIO *bio=bio_;
+ static int n;
+
+ if(!islower((unsigned char)*name->name))
+ return;
+
+ BIO_printf(bio,"-%-25s",name->name);
+ if(++n == 3)
+ {
+ BIO_printf(bio,"\n");
+ n=0;
+ }
+ else
+ BIO_printf(bio," ");
+ }
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ static const char magic[]="Salted__";
+ char mbuf[sizeof magic-1];
+ char *strbuf=NULL;
+ unsigned char *buff=NULL,*bufsize=NULL;
+ int bsize=BSIZE,verbose=0;
+ int ret=1,inl;
+ int nopad = 0;
+ unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
+ unsigned char salt[PKCS5_SALT_LEN];
+ char *str=NULL, *passarg = NULL, *pass = NULL;
+ char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
+ char *md=NULL;
+ int enc=1,printkey=0,i,base64=0;
+ int debug=0,olb64=0,nosalt=0;
+ const EVP_CIPHER *cipher=NULL,*c;
+ EVP_CIPHER_CTX *ctx = NULL;
+ char *inf=NULL,*outf=NULL;
+ BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE+1];
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ const EVP_MD *dgst=NULL;
+ int non_fips_allow = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ /* first check the program name */
+ program_name(argv[0],pname,sizeof pname);
+ if (strcmp(pname,"base64") == 0)
+ base64=1;
+
+ cipher=EVP_get_cipherbyname(pname);
+ if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+ {
+ BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
+ goto bad;
+ }
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-e") == 0)
+ enc=1;
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inf= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outf= *(++argv);
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-d") == 0)
+ enc=0;
+ else if (strcmp(*argv,"-p") == 0)
+ printkey=1;
+ else if (strcmp(*argv,"-v") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-nopad") == 0)
+ nopad=1;
+ else if (strcmp(*argv,"-salt") == 0)
+ nosalt=0;
+ else if (strcmp(*argv,"-nosalt") == 0)
+ nosalt=1;
+ else if (strcmp(*argv,"-debug") == 0)
+ debug=1;
+ else if (strcmp(*argv,"-P") == 0)
+ printkey=2;
+ else if (strcmp(*argv,"-A") == 0)
+ olb64=1;
+ else if (strcmp(*argv,"-a") == 0)
+ base64=1;
+ else if (strcmp(*argv,"-base64") == 0)
+ base64=1;
+ else if (strcmp(*argv,"-bufsize") == 0)
+ {
+ if (--argc < 1) goto bad;
+ bufsize=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-k") == 0)
+ {
+ if (--argc < 1) goto bad;
+ str= *(++argv);
+ }
+ else if (strcmp(*argv,"-kfile") == 0)
+ {
+ static char buf[128];
+ FILE *infile;
+ char *file;
+
+ if (--argc < 1) goto bad;
+ file= *(++argv);
+ infile=fopen(file,"r");
+ if (infile == NULL)
+ {
+ BIO_printf(bio_err,"unable to read key from '%s'\n",
+ file);
+ goto bad;
+ }
+ buf[0]='\0';
+ if (!fgets(buf,sizeof buf,infile))
+ {
+ BIO_printf(bio_err,"unable to read key from '%s'\n",
+ file);
+ goto bad;
+ }
+ fclose(infile);
+ i=strlen(buf);
+ if ((i > 0) &&
+ ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+ buf[--i]='\0';
+ if ((i > 0) &&
+ ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+ buf[--i]='\0';
+ if (i < 1)
+ {
+ BIO_printf(bio_err,"zero length password\n");
+ goto bad;
+ }
+ str=buf;
+ }
+ else if (strcmp(*argv,"-K") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hkey= *(++argv);
+ }
+ else if (strcmp(*argv,"-S") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hsalt= *(++argv);
+ }
+ else if (strcmp(*argv,"-iv") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hiv= *(++argv);
+ }
+ else if (strcmp(*argv,"-md") == 0)
+ {
+ if (--argc < 1) goto bad;
+ md= *(++argv);
+ }
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow = 1;
+ else if ((argv[0][0] == '-') &&
+ ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
+ {
+ cipher=c;
+ }
+ else if (strcmp(*argv,"-none") == 0)
+ cipher=NULL;
+ else
+ {
+ BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+ BIO_printf(bio_err,"options are\n");
+ BIO_printf(bio_err,"%-14s input file\n","-in <file>");
+ BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+ BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
+ BIO_printf(bio_err,"%-14s encrypt\n","-e");
+ BIO_printf(bio_err,"%-14s decrypt\n","-d");
+ BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
+ BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+ BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+ BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+ BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
+ BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+ BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+ BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
+#endif
+
+ BIO_printf(bio_err,"Cipher Types\n");
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+ show_ciphers,
+ bio_err);
+ BIO_printf(bio_err,"\n");
+
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto end;
+ }
+
+ if (dgst == NULL)
+ {
+ if (in_FIPS_mode)
+ dgst = EVP_sha1();
+ else
+ dgst = EVP_md5();
+ }
+
+ if (bufsize != NULL)
+ {
+ unsigned long n;
+
+ for (n=0; *bufsize; bufsize++)
+ {
+ i= *bufsize;
+ if ((i <= '9') && (i >= '0'))
+ n=n*10+i-'0';
+ else if (i == 'k')
+ {
+ n*=1024;
+ bufsize++;
+ break;
+ }
+ }
+ if (*bufsize != '\0')
+ {
+ BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+ goto end;
+ }
+
+ /* It must be large enough for a base64 encoded line */
+ if (base64 && n < 80) n=80;
+
+ bsize=(int)n;
+ if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+ }
+
+ strbuf=OPENSSL_malloc(SIZE);
+ buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+ if ((buff == NULL) || (strbuf == NULL))
+ {
+ BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (debug)
+ {
+ BIO_set_callback(in,BIO_debug_callback);
+ BIO_set_callback(out,BIO_debug_callback);
+ BIO_set_callback_arg(in,(char *)bio_err);
+ BIO_set_callback_arg(out,(char *)bio_err);
+ }
+
+ if (inf == NULL)
+ {
+ if (bufsize != NULL)
+ setvbuf(stdin, (char *)NULL, _IONBF, 0);
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ }
+ else
+ {
+ if (BIO_read_filename(in,inf) <= 0)
+ {
+ perror(inf);
+ goto end;
+ }
+ }
+
+ if(!str && passarg) {
+ if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+ str = pass;
+ }
+
+ if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
+ {
+ for (;;)
+ {
+ char buf[200];
+
+ BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc)?"encryption":"decryption");
+ strbuf[0]='\0';
+ i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
+ if (i == 0)
+ {
+ if (strbuf[0] == '\0')
+ {
+ ret=1;
+ goto end;
+ }
+ str=strbuf;
+ break;
+ }
+ if (i < 0)
+ {
+ BIO_printf(bio_err,"bad password read\n");
+ goto end;
+ }
+ }
+ }
+
+
+ if (outf == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ if (bufsize != NULL)
+ setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outf) <= 0)
+ {
+ perror(outf);
+ goto end;
+ }
+ }
+
+ rbio=in;
+ wbio=out;
+
+ if (base64)
+ {
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ if (debug)
+ {
+ BIO_set_callback(b64,BIO_debug_callback);
+ BIO_set_callback_arg(b64,(char *)bio_err);
+ }
+ if (olb64)
+ BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
+ if (enc)
+ wbio=BIO_push(b64,wbio);
+ else
+ rbio=BIO_push(b64,rbio);
+ }
+
+ if (cipher != NULL)
+ {
+ /* Note that str is NULL if a key was passed on the command
+ * line, so we get no salt in that case. Is this a bug?
+ */
+ if (str != NULL)
+ {
+ /* Salt handling: if encrypting generate a salt and
+ * write to output BIO. If decrypting read salt from
+ * input BIO.
+ */
+ unsigned char *sptr;
+ if(nosalt) sptr = NULL;
+ else {
+ if(enc) {
+ if(hsalt) {
+ if(!set_hex(hsalt,salt,sizeof salt)) {
+ BIO_printf(bio_err,
+ "invalid hex salt value\n");
+ goto end;
+ }
+ } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+ goto end;
+ /* If -P option then don't bother writing */
+ if((printkey != 2)
+ && (BIO_write(wbio,magic,
+ sizeof magic-1) != sizeof magic-1
+ || BIO_write(wbio,
+ (char *)salt,
+ sizeof salt) != sizeof salt)) {
+ BIO_printf(bio_err,"error writing output file\n");
+ goto end;
+ }
+ } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
+ || BIO_read(rbio,
+ (unsigned char *)salt,
+ sizeof salt) != sizeof salt) {
+ BIO_printf(bio_err,"error reading input file\n");
+ goto end;
+ } else if(memcmp(mbuf,magic,sizeof magic-1)) {
+ BIO_printf(bio_err,"bad magic number\n");
+ goto end;
+ }
+
+ sptr = salt;
+ }
+
+ EVP_BytesToKey(cipher,dgst,sptr,
+ (unsigned char *)str,
+ strlen(str),1,key,iv);
+ /* zero the complete buffer or the string
+ * passed from the command line
+ * bug picked up by
+ * Larry J. Hughes Jr. <hughes at indiana.edu> */
+ if (str == strbuf)
+ OPENSSL_cleanse(str,SIZE);
+ else
+ OPENSSL_cleanse(str,strlen(str));
+ }
+ if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+ {
+ BIO_printf(bio_err,"invalid hex iv value\n");
+ goto end;
+ }
+ if ((hiv == NULL) && (str == NULL)
+ && EVP_CIPHER_iv_length(cipher) != 0)
+ {
+ /* No IV was explicitly set and no IV was generated
+ * during EVP_BytesToKey. Hence the IV is undefined,
+ * making correct decryption impossible. */
+ BIO_printf(bio_err, "iv undefined\n");
+ goto end;
+ }
+ if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
+ {
+ BIO_printf(bio_err,"invalid hex key value\n");
+ goto end;
+ }
+
+ if ((benc=BIO_new(BIO_f_cipher())) == NULL)
+ goto end;
+
+ /* Since we may be changing parameters work on the encryption
+ * context rather than calling BIO_set_cipher().
+ */
+
+ BIO_get_cipher_ctx(benc, &ctx);
+
+ if (non_fips_allow)
+ EVP_CIPHER_CTX_set_flags(ctx,
+ EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
+ {
+ BIO_printf(bio_err, "Error setting cipher %s\n",
+ EVP_CIPHER_name(cipher));
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (nopad)
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
+ {
+ BIO_printf(bio_err, "Error setting cipher %s\n",
+ EVP_CIPHER_name(cipher));
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (debug)
+ {
+ BIO_set_callback(benc,BIO_debug_callback);
+ BIO_set_callback_arg(benc,(char *)bio_err);
+ }
+
+ if (printkey)
+ {
+ if (!nosalt)
+ {
+ printf("salt=");
+ for (i=0; i<(int)sizeof(salt); i++)
+ printf("%02X",salt[i]);
+ printf("\n");
+ }
+ if (cipher->key_len > 0)
+ {
+ printf("key=");
+ for (i=0; i<cipher->key_len; i++)
+ printf("%02X",key[i]);
+ printf("\n");
+ }
+ if (cipher->iv_len > 0)
+ {
+ printf("iv =");
+ for (i=0; i<cipher->iv_len; i++)
+ printf("%02X",iv[i]);
+ printf("\n");
+ }
+ if (printkey == 2)
+ {
+ ret=0;
+ goto end;
+ }
+ }
+ }
+
+ /* Only encrypt/decrypt as we write the file */
+ if (benc != NULL)
+ wbio=BIO_push(benc,wbio);
+
+ for (;;)
+ {
+ inl=BIO_read(rbio,(char *)buff,bsize);
+ if (inl <= 0) break;
+ if (BIO_write(wbio,(char *)buff,inl) != inl)
+ {
+ BIO_printf(bio_err,"error writing output file\n");
+ goto end;
+ }
+ }
+ if (!BIO_flush(wbio))
+ {
+ BIO_printf(bio_err,"bad decrypt\n");
+ goto end;
+ }
+
+ ret=0;
+ if (verbose)
+ {
+ BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
+ BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+ }
+end:
+ ERR_print_errors(bio_err);
+ if (strbuf != NULL) OPENSSL_free(strbuf);
+ if (buff != NULL) OPENSSL_free(buff);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (benc != NULL) BIO_free(benc);
+ if (b64 != NULL) BIO_free(b64);
+ if(pass) OPENSSL_free(pass);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+int set_hex(char *in, unsigned char *out, int size)
+ {
+ int i,n;
+ unsigned char j;
+
+ n=strlen(in);
+ if (n > (size*2))
+ {
+ BIO_printf(bio_err,"hex string is too long\n");
+ return(0);
+ }
+ memset(out,0,size);
+ for (i=0; i<n; i++)
+ {
+ j=(unsigned char)*in;
+ *(in++)='\0';
+ if (j == 0) break;
+ if ((j >= '0') && (j <= '9'))
+ j-='0';
+ else if ((j >= 'A') && (j <= 'F'))
+ j=j-'A'+10;
+ else if ((j >= 'a') && (j <= 'f'))
+ j=j-'a'+10;
+ else
+ {
+ BIO_printf(bio_err,"non-hex digit\n");
+ return(0);
+ }
+ if (i&1)
+ out[i/2]|=j;
+ else
+ out[i/2]=(j<<4);
+ }
+ return(1);
+ }
Added: vendor-crypto/openssl/dist/apps/engine.c
===================================================================
--- vendor-crypto/openssl/dist/apps/engine.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/engine.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,542 @@
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard at levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG engine_main
+
+static const char *engine_usage[]={
+"usage: engine opts [engine ...]\n",
+" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+" -vv will additionally display each command's description\n",
+" -vvv will also add the input flags for each command\n",
+" -vvvv will also show internal input flags\n",
+" -c - for each engine, also list the capabilities\n",
+" -t[t] - for each engine, check that they are really available\n",
+" -tt will display error trace for unavailable engines\n",
+" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
+" to load it (if -t is used)\n",
+" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+" (only used if -t is also provided)\n",
+" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+" line, or all supported ENGINEs if none are specified.\n",
+" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+" argument \"/lib/libdriver.so\".\n",
+NULL
+};
+
+static void identity(void *ptr)
+ {
+ return;
+ }
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+ {
+ int l = strlen(s);
+
+ if (*buf == NULL)
+ {
+ *size = step;
+ *buf = OPENSSL_malloc(*size);
+ if (*buf == NULL)
+ return 0;
+ **buf = '\0';
+ }
+
+ if (**buf != '\0')
+ l += 2; /* ", " */
+
+ if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+ {
+ *size += step;
+ *buf = OPENSSL_realloc(*buf, *size);
+ }
+
+ if (*buf == NULL)
+ return 0;
+
+ if (**buf != '\0')
+ BUF_strlcat(*buf, ", ", *size);
+ BUF_strlcat(*buf, s, *size);
+
+ return 1;
+ }
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+ {
+ int started = 0, err = 0;
+ /* Indent before displaying input flags */
+ BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+ if(flags == 0)
+ {
+ BIO_printf(bio_out, "<no flags>\n");
+ return 1;
+ }
+ /* If the object is internal, mark it in a way that shows instead of
+ * having it part of all the other flags, even if it really is. */
+ if(flags & ENGINE_CMD_FLAG_INTERNAL)
+ {
+ BIO_printf(bio_out, "[Internal] ");
+ }
+
+ if(flags & ENGINE_CMD_FLAG_NUMERIC)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NUMERIC");
+ started = 1;
+ }
+ /* Now we check that no combinations of the mutually exclusive NUMERIC,
+ * STRING, and NO_INPUT flags have been used. Future flags that can be
+ * OR'd together with these would need to added after these to preserve
+ * the testing logic. */
+ if(flags & ENGINE_CMD_FLAG_STRING)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "STRING");
+ started = 1;
+ }
+ if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NO_INPUT");
+ started = 1;
+ }
+ /* Check for unknown flags */
+ flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+ ~ENGINE_CMD_FLAG_STRING &
+ ~ENGINE_CMD_FLAG_NO_INPUT &
+ ~ENGINE_CMD_FLAG_INTERNAL;
+ if(flags)
+ {
+ if(started) BIO_printf(bio_out, "|");
+ BIO_printf(bio_out, "<0x%04X>", flags);
+ }
+ if(err)
+ BIO_printf(bio_out, " <illegal flags!>");
+ BIO_printf(bio_out, "\n");
+ return 1;
+ }
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
+ {
+ static const int line_wrap = 78;
+ int num;
+ int ret = 0;
+ char *name = NULL;
+ char *desc = NULL;
+ int flags;
+ int xpos = 0;
+ STACK *cmds = NULL;
+ if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+ ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+ 0, NULL, NULL)) <= 0))
+ {
+#if 0
+ BIO_printf(bio_out, "%s<no control commands>\n", indent);
+#endif
+ return 1;
+ }
+
+ cmds = sk_new_null();
+
+ if(!cmds)
+ goto err;
+ do {
+ int len;
+ /* Get the command input flags */
+ if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+ {
+ /* Get the command name */
+ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+ NULL, NULL)) <= 0)
+ goto err;
+ if((name = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+ NULL) <= 0)
+ goto err;
+ /* Get the command description */
+ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if(len > 0)
+ {
+ if((desc = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+ NULL) <= 0)
+ goto err;
+ }
+ /* Now decide on the output */
+ if(xpos == 0)
+ /* Do an indent */
+ xpos = BIO_puts(bio_out, indent);
+ else
+ /* Otherwise prepend a ", " */
+ xpos += BIO_printf(bio_out, ", ");
+ if(verbose == 1)
+ {
+ /* We're just listing names, comma-delimited */
+ if((xpos > (int)strlen(indent)) &&
+ (xpos + (int)strlen(name) > line_wrap))
+ {
+ BIO_printf(bio_out, "\n");
+ xpos = BIO_puts(bio_out, indent);
+ }
+ xpos += BIO_printf(bio_out, "%s", name);
+ }
+ else
+ {
+ /* We're listing names plus descriptions */
+ BIO_printf(bio_out, "%s: %s\n", name,
+ (desc == NULL) ? "<no description>" : desc);
+ /* ... and sometimes input flags */
+ if((verbose >= 3) && !util_flags(bio_out, flags,
+ indent))
+ goto err;
+ xpos = 0;
+ }
+ }
+ OPENSSL_free(name); name = NULL;
+ if(desc) { OPENSSL_free(desc); desc = NULL; }
+ /* Move to the next command */
+ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+ num, NULL, NULL);
+ } while(num > 0);
+ if(xpos > 0)
+ BIO_printf(bio_out, "\n");
+ ret = 1;
+err:
+ if(cmds) sk_pop_free(cmds, identity);
+ if(name) OPENSSL_free(name);
+ if(desc) OPENSSL_free(desc);
+ return ret;
+ }
+
+static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+ {
+ int loop, res, num = sk_num(cmds);
+ if(num < 0)
+ {
+ BIO_printf(bio_out, "[Error]: internal stack error\n");
+ return;
+ }
+ for(loop = 0; loop < num; loop++)
+ {
+ char buf[256];
+ const char *cmd, *arg;
+ cmd = sk_value(cmds, loop);
+ res = 1; /* assume success */
+ /* Check if this command has no ":arg" */
+ if((arg = strstr(cmd, ":")) == NULL)
+ {
+ if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+ res = 0;
+ }
+ else
+ {
+ if((int)(arg - cmd) > 254)
+ {
+ BIO_printf(bio_out,"[Error]: command name too long\n");
+ return;
+ }
+ memcpy(buf, cmd, (int)(arg - cmd));
+ buf[arg-cmd] = '\0';
+ arg++; /* Move past the ":" */
+ /* Call the command with the argument */
+ if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+ res = 0;
+ }
+ if(res)
+ BIO_printf(bio_out, "[Success]: %s\n", cmd);
+ else
+ {
+ BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+ ERR_print_errors(bio_out);
+ }
+ }
+ }
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret=1,i;
+ const char **pp;
+ int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
+ ENGINE *e;
+ STACK *engines = sk_new_null();
+ STACK *pre_cmds = sk_new_null();
+ STACK *post_cmds = sk_new_null();
+ int badops=1;
+ BIO *bio_out=NULL;
+ const char *indent = " ";
+
+ apps_startup();
+ SSL_load_error_strings();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strncmp(*argv,"-v",2) == 0)
+ {
+ if(strspn(*argv + 1, "v") < strlen(*argv + 1))
+ goto skip_arg_loop;
+ if((verbose=strlen(*argv + 1)) > 4)
+ goto skip_arg_loop;
+ }
+ else if (strcmp(*argv,"-c") == 0)
+ list_cap=1;
+ else if (strncmp(*argv,"-t",2) == 0)
+ {
+ test_avail=1;
+ if(strspn(*argv + 1, "t") < strlen(*argv + 1))
+ goto skip_arg_loop;
+ if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
+ goto skip_arg_loop;
+ }
+ else if (strcmp(*argv,"-pre") == 0)
+ {
+ argc--; argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
+ sk_push(pre_cmds,*argv);
+ }
+ else if (strcmp(*argv,"-post") == 0)
+ {
+ argc--; argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
+ sk_push(post_cmds,*argv);
+ }
+ else if ((strncmp(*argv,"-h",2) == 0) ||
+ (strcmp(*argv,"-?") == 0))
+ goto skip_arg_loop;
+ else
+ sk_push(engines,*argv);
+ argc--;
+ argv++;
+ }
+ /* Looks like everything went OK */
+ badops = 0;
+skip_arg_loop:
+
+ if (badops)
+ {
+ for (pp=engine_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+ if (sk_num(engines) == 0)
+ {
+ for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+ {
+ sk_push(engines,(char *)ENGINE_get_id(e));
+ }
+ }
+
+ for (i=0; i<sk_num(engines); i++)
+ {
+ const char *id = sk_value(engines,i);
+ if ((e = ENGINE_by_id(id)) != NULL)
+ {
+ const char *name = ENGINE_get_name(e);
+ /* Do "id" first, then "name". Easier to auto-parse. */
+ BIO_printf(bio_out, "(%s) %s\n", id, name);
+ util_do_cmds(e, pre_cmds, bio_out, indent);
+ if (strcmp(ENGINE_get_id(e), id) != 0)
+ {
+ BIO_printf(bio_out, "Loaded: (%s) %s\n",
+ ENGINE_get_id(e), ENGINE_get_name(e));
+ }
+ if (list_cap)
+ {
+ int cap_size = 256;
+ char *cap_buf = NULL;
+ int k,n;
+ const int *nids;
+ ENGINE_CIPHERS_PTR fn_c;
+ ENGINE_DIGESTS_PTR fn_d;
+
+ if (ENGINE_get_RSA(e) != NULL
+ && !append_buf(&cap_buf, "RSA",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DSA(e) != NULL
+ && !append_buf(&cap_buf, "DSA",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DH(e) != NULL
+ && !append_buf(&cap_buf, "DH",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_RAND(e) != NULL
+ && !append_buf(&cap_buf, "RAND",
+ &cap_size, 256))
+ goto end;
+
+ fn_c = ENGINE_get_ciphers(e);
+ if(!fn_c) goto skip_ciphers;
+ n = fn_c(e, NULL, &nids, 0);
+ for(k=0 ; k < n ; ++k)
+ if(!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
+ goto end;
+
+skip_ciphers:
+ fn_d = ENGINE_get_digests(e);
+ if(!fn_d) goto skip_digests;
+ n = fn_d(e, NULL, &nids, 0);
+ for(k=0 ; k < n ; ++k)
+ if(!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
+ goto end;
+
+skip_digests:
+ if (cap_buf && (*cap_buf != '\0'))
+ BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+ OPENSSL_free(cap_buf);
+ }
+ if(test_avail)
+ {
+ BIO_printf(bio_out, "%s", indent);
+ if (ENGINE_init(e))
+ {
+ BIO_printf(bio_out, "[ available ]\n");
+ util_do_cmds(e, post_cmds, bio_out, indent);
+ ENGINE_finish(e);
+ }
+ else
+ {
+ BIO_printf(bio_out, "[ unavailable ]\n");
+ if(test_avail_noise)
+ ERR_print_errors_fp(stdout);
+ ERR_clear_error();
+ }
+ }
+ if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+ goto end;
+ ENGINE_free(e);
+ }
+ else
+ ERR_print_errors(bio_err);
+ }
+
+ ret=0;
+end:
+
+ ERR_print_errors(bio_err);
+ sk_pop_free(engines, identity);
+ sk_pop_free(pre_cmds, identity);
+ sk_pop_free(post_cmds, identity);
+ if (bio_out != NULL) BIO_free_all(bio_out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+#else
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/apps/errstr.c
===================================================================
--- vendor-crypto/openssl/dist/apps/errstr.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/errstr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,126 @@
+/* apps/errstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG errstr_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i,ret=0;
+ char buf[256];
+ unsigned long l;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ SSL_load_error_strings();
+
+ if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
+ {
+ BIO *out=NULL;
+
+ out=BIO_new(BIO_s_file());
+ if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
+ {
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
+ lh_stats_bio((LHASH *)ERR_get_string_table(),out);
+ lh_node_usage_stats_bio((LHASH *)
+ ERR_get_string_table(),out);
+ }
+ if (out != NULL) BIO_free_all(out);
+ argc--;
+ argv++;
+ }
+
+ for (i=1; i<argc; i++)
+ {
+ if (sscanf(argv[i],"%lx",&l))
+ {
+ ERR_error_string_n(l, buf, sizeof buf);
+ printf("%s\n",buf);
+ }
+ else
+ {
+ printf("%s: bad error code\n",argv[i]);
+ printf("usage: errstr [-stats] <errno> ...\n");
+ ret++;
+ }
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
Added: vendor-crypto/openssl/dist/apps/gendh.c
===================================================================
--- vendor-crypto/openssl/dist/apps/gendh.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/gendh.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,235 @@
+/* apps/gendh.c */
+/* obsoleted by dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_DH
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#define DEFBITS 512
+#undef PROG
+#define PROG gendh_main
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ BN_GENCB cb;
+ DH *dh=NULL;
+ int ret=1,num=DEFBITS;
+ int g=2;
+ char *outfile=NULL;
+ char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ BIO *out=NULL;
+
+ apps_startup();
+
+ BN_GENCB_set(&cb, dh_cb, bio_err);
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-2") == 0)
+ g=2;
+ /* else if (strcmp(*argv,"-3") == 0)
+ g=3; */
+ else if (strcmp(*argv,"-5") == 0)
+ g=5;
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+ {
+bad:
+ BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
+ BIO_printf(bio_err," -out file - output the key to 'file\n");
+ BIO_printf(bio_err," -2 - use 2 as the generator value\n");
+ /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
+ BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+ BIO_printf(bio_err,"This is going to take a long time\n");
+
+ if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
+ goto end;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ if (!PEM_write_bio_DHparams(out,dh))
+ goto end;
+ ret=0;
+end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (out != NULL) BIO_free_all(out);
+ if (dh != NULL) DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(cb->arg,&c,1);
+ (void)BIO_flush(cb->arg);
+#ifdef LINT
+ p=n;
+#endif
+ return 1;
+ }
+#endif
Added: vendor-crypto/openssl/dist/apps/gendsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/gendsa.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/gendsa.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,285 @@
+/* apps/gendsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#ifndef OPENSSL_NO_DSA
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#define DEFBITS 512
+#undef PROG
+#define PROG gendsa_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DSA *dsa=NULL;
+ int ret=1;
+ char *outfile=NULL;
+ char *inrand=NULL,*dsaparams=NULL;
+ char *passargout = NULL, *passout = NULL;
+ BIO *out=NULL,*in=NULL;
+ const EVP_CIPHER *enc=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (strcmp(*argv,"-") == 0)
+ goto bad;
+#ifndef OPENSSL_NO_DES
+ else if (strcmp(*argv,"-des") == 0)
+ enc=EVP_des_cbc();
+ else if (strcmp(*argv,"-des3") == 0)
+ enc=EVP_des_ede3_cbc();
+#endif
+#ifndef OPENSSL_NO_IDEA
+ else if (strcmp(*argv,"-idea") == 0)
+ enc=EVP_idea_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv,"-seed") == 0)
+ enc=EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv,"-aes128") == 0)
+ enc=EVP_aes_128_cbc();
+ else if (strcmp(*argv,"-aes192") == 0)
+ enc=EVP_aes_192_cbc();
+ else if (strcmp(*argv,"-aes256") == 0)
+ enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (strcmp(*argv,"-camellia128") == 0)
+ enc=EVP_camellia_128_cbc();
+ else if (strcmp(*argv,"-camellia192") == 0)
+ enc=EVP_camellia_192_cbc();
+ else if (strcmp(*argv,"-camellia256") == 0)
+ enc=EVP_camellia_256_cbc();
+#endif
+ else if (**argv != '-' && dsaparams == NULL)
+ {
+ dsaparams = *argv;
+ }
+ else
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (dsaparams == NULL)
+ {
+bad:
+ BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
+ BIO_printf(bio_err," -out file - output the key to 'file'\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#endif
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," dsaparam-file\n");
+ BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
+ in=BIO_new(BIO_s_file());
+ if (!(BIO_read_filename(in,dsaparams)))
+ {
+ perror(dsaparams);
+ goto end;
+ }
+
+ if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameter file\n");
+ goto end;
+ }
+ BIO_free(in);
+ in = NULL;
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) goto end;
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+ BN_num_bits(dsa->p));
+ if (!DSA_generate_key(dsa)) goto end;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
+ goto end;
+ ret=0;
+end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ if (dsa != NULL) DSA_free(dsa);
+ if(passout) OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+#else /* !OPENSSL_NO_DSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/apps/genrsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/genrsa.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/genrsa.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,342 @@
+/* apps/genrsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_RSA
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+
+#define DEFBITS 512
+#undef PROG
+#define PROG genrsa_main
+
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ BN_GENCB cb;
+ int ret=1;
+ int i,num=DEFBITS;
+ long l;
+ int use_x931 = 0;
+ const EVP_CIPHER *enc=NULL;
+ unsigned long f4=RSA_F4;
+ char *outfile=NULL;
+ char *passargout = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ char *inrand=NULL;
+ BIO *out=NULL;
+ BIGNUM *bn = BN_new();
+ RSA *rsa = NULL;
+
+ if(!bn) goto err;
+
+ apps_startup();
+ BN_GENCB_set(&cb, genrsa_cb, bio_err);
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+ if ((out=BIO_new(BIO_s_file())) == NULL)
+ {
+ BIO_printf(bio_err,"unable to create BIO for output\n");
+ goto err;
+ }
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-3") == 0)
+ f4=3;
+ else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+ f4=RSA_F4;
+ else if (strcmp(*argv,"-x931") == 0)
+ use_x931 = 1;
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+#ifndef OPENSSL_NO_DES
+ else if (strcmp(*argv,"-des") == 0)
+ enc=EVP_des_cbc();
+ else if (strcmp(*argv,"-des3") == 0)
+ enc=EVP_des_ede3_cbc();
+#endif
+#ifndef OPENSSL_NO_IDEA
+ else if (strcmp(*argv,"-idea") == 0)
+ enc=EVP_idea_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv,"-seed") == 0)
+ enc=EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv,"-aes128") == 0)
+ enc=EVP_aes_128_cbc();
+ else if (strcmp(*argv,"-aes192") == 0)
+ enc=EVP_aes_192_cbc();
+ else if (strcmp(*argv,"-aes256") == 0)
+ enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (strcmp(*argv,"-camellia128") == 0)
+ enc=EVP_camellia_128_cbc();
+ else if (strcmp(*argv,"-camellia192") == 0)
+ enc=EVP_camellia_192_cbc();
+ else if (strcmp(*argv,"-camellia256") == 0)
+ enc=EVP_camellia_256_cbc();
+#endif
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+ else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+ {
+bad:
+ BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
+ BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf(bio_err," -out file output the key to 'file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
+ BIO_printf(bio_err," -3 use 3 for the E value\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto err;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
+ num);
+
+ rsa = RSA_new();
+ if (!rsa)
+ goto err;
+
+ if (use_x931)
+ {
+ BIGNUM *pubexp;
+ pubexp = BN_new();
+ if (!BN_set_word(pubexp, f4))
+ goto err;
+ if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
+ goto err;
+ BN_free(pubexp);
+ }
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ goto err;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ /* We need to do the following for when the base number size is <
+ * long, esp windows 3.1 :-(. */
+ l=0L;
+ for (i=0; i<rsa->e->top; i++)
+ {
+#ifndef SIXTY_FOUR_BIT
+ l<<=BN_BITS4;
+ l<<=BN_BITS4;
+#endif
+ l+=rsa->e->d[i];
+ }
+ BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
+ {
+ PW_CB_DATA cb_data;
+ cb_data.password = passout;
+ cb_data.prompt_info = outfile;
+ if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
+ (pem_password_cb *)password_callback,&cb_data))
+ goto err;
+ }
+
+ ret=0;
+err:
+ if (bn) BN_free(bn);
+ if (rsa) RSA_free(rsa);
+ if (out) BIO_free_all(out);
+ if(passout) OPENSSL_free(passout);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(cb->arg,&c,1);
+ (void)BIO_flush(cb->arg);
+#ifdef LINT
+ p=n;
+#endif
+ return 1;
+ }
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/apps/install.com
===================================================================
--- vendor-crypto/openssl/dist/apps/install.com (rev 0)
+++ vendor-crypto/openssl/dist/apps/install.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,65 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard at levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1 root of the directory tree
+$!
+$
+$ IF P1 .EQS. ""
+$ THEN
+$ WRITE SYS$OUTPUT "First argument missing."
+$ WRITE SYS$OUTPUT -
+ "Should be the directory where you want things installed."
+$ EXIT
+$ ENDIF
+$
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$ ARCH := VAX
+$ ELSE
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$ ENDIF
+$
+$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+ - "[000000." - "][" - "[" - "]"
+$ ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$ DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
+$
+$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$ IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLEXE:
+$
+$ EXE := openssl
+$
+$ EXE_DIR := [-.'ARCH'.EXE.APPS]
+$
+$ I = 0
+$ LOOP_EXE:
+$ E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
+$ I = I + 1
+$ IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$ SET NOON
+$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
+$ THEN
+$ COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
+$ SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
+$ ENDIF
+$ SET ON
+$ GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$ SET NOON
+$ COPY CA.COM WRK_SSLEXE:CA.COM/LOG
+$ SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
+$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
+$ SET ON
+$
+$ EXIT
Added: vendor-crypto/openssl/dist/apps/makeapps.com
===================================================================
--- vendor-crypto/openssl/dist/apps/makeapps.com (rev 0)
+++ vendor-crypto/openssl/dist/apps/makeapps.com 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,997 @@
+$!
+$! MAKEAPPS.COM
+$! Written By: Robert Byer
+$! Vice-President
+$! A-Com Computing, Inc.
+$! byer at mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard at levitte.org>
+$! Zoltan Arpadffy <zoli at polarhome.com>
+$!
+$! This command files compiles and creates all the various different
+$! "application" programs for the different types of encryption for OpenSSL.
+$! The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
+$! ALPHA, IA64 or VAX, depending on your machine architecture.
+$!
+$! It was written so it would try to determine what "C" compiler to
+$! use or you can specify which "C" compiler to use.
+$!
+$! Specify DEBUG or NODEBUG as P1 to compile with or without debugger
+$! information.
+$!
+$! Specify which compiler at P2 to try to compile under.
+$!
+$! VAXC For VAX C.
+$! DECC For DEC C.
+$! GNUC For GNU C.
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$! P3, if defined, sets a TCP/IP library to use, through one of the following
+$! keywords:
+$!
+$! UCX for UCX
+$! SOCKETSHR for SOCKETSHR+NETLIB
+$! TCPIP for TCPIP (post UCX)
+$!
+$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$! P5, if defined, sets a choice of programs to compile.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check What Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$!
+$! The Architecture Is VAX.
+$!
+$ ARCH := VAX
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! The Architecture Is Alpha, IA64 or whatever comes in the future.
+$!
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define what programs should be compiled
+$!
+$ PROGRAMS := OPENSSL
+$!
+$! Define The CRYPTO Library.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The SSL Library.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Check To See If The OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIRECTORY 'OBJ_DIR'
+$!
+$! End The OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If The EXE Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The EXE Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Application Files.
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the E_OBJ variable in Makefile as closely as possible, thereby
+$! making it fairly easy to verify that the lists are the same.
+$!
+$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
+ "CA,PKCS7,CRL2P7,CRL,"+-
+ "RSA,RSAUTL,DSA,DSAPARAM,EC,ECPARAM,"+-
+ "X509,GENRSA,GENDSA,S_SERVER,S_CLIENT,SPEED,"+-
+ "S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
+ "CIPHERS,NSEQ,PKCS12,PKCS8,SPKAC,SMIME,RAND,ENGINE,"+-
+ "OCSP,PRIME,CMS"
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+ TCPIP_PROGRAMS = ",OPENSSL,"
+$!
+$! Setup exceptional compilations
+$!
+$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
+$!
+$ PHASE := LIB
+$!
+$ RESTART:
+$!
+$! Define An App Counter And Set It To "0".
+$!
+$ APP_COUNTER = 0
+$!
+$! Top Of The App Loop.
+$!
+$ NEXT_APP:
+$!
+$! Make The Application File Name
+$!
+$ CURRENT_APP = F$EDIT(F$ELEMENT(APP_COUNTER,",",PROGRAMS),"TRIM")
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + CURRENT_APP + ".EXE"
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (CURRENT_APP.EQS.",")
+$ THEN
+$ IF (PHASE.EQS."LIB")
+$ THEN
+$ PHASE := APP
+$ GOTO RESTART
+$ ELSE
+$ GOTO APP_DONE
+$ ENDIF
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ APP_COUNTER = APP_COUNTER + 1
+$!
+$! Decide if we're building the object files or not.
+$!
+$ IF (PHASE.EQS."LIB")
+$ THEN
+$!
+$! Define A Library File Counter And Set It To "-1".
+$! -1 Means The Application File Name Is To Be Used.
+$!
+$ LIB_COUNTER = -1
+$!
+$! Create a .OPT file for the object files
+$!
+$ OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_LIB:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ IF LIB_COUNTER .GE. 0
+$ THEN
+$ FILE_NAME = F$EDIT(F$ELEMENT(LIB_COUNTER,",",LIB_'CURRENT_APP'),"TRIM")
+$ ELSE
+$ FILE_NAME = CURRENT_APP
+$ ENDIF
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",")
+$ THEN
+$ CLOSE OBJECTS
+$ GOTO NEXT_APP
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ LIB_COUNTER = LIB_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_LIB
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$! Tell The User That The File Dosen't Exist.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Exit The Build.
+$!
+$ GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ IF (PHASE.EQS."LIB")
+$ THEN
+$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
+$ ELSE
+$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_LIB
+$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
+$ THEN
+$ CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
+$ WRITE OBJECTS OBJECT_FILE
+$!
+$ GOTO NEXT_LIB
+$ ENDIF
+$!
+$! Check if this program works well without a TCPIP library
+$!
+$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - CURRENT_APP .NES. TCPIP_PROGRAMS
+$ THEN
+$ WRITE SYS$OUTPUT CURRENT_APP," needs a TCP/IP library. Can't link. Skipping..."
+$ GOTO NEXT_APP
+$ ENDIF
+$!
+$! Link The Program.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ ON WARNING THEN GOTO NEXT_APP
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$! Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+ 'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
+ 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+ 'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+ 'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
+ 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+ 'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_APP
+$!
+$! All Done With This File.
+$!
+$ APP_DONE:
+$ EXIT:
+$!
+$! All Done, Time To Clean Up And Exit.
+$!
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$! Check To See If We Already Have A VAX C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A VAX C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If We Already Have A GNU C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A GNU C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$! Check To See If We Already Have A DEC C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$ IF ARCH.EQS."VAX"
+$ THEN
+$!
+$! We Need A DEC C Linker Option File For VAX.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Create The non-VAX Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For non-VAX To Link Agianst
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$! End The DEC C Option File Check.
+$!
+$ ENDIF
+$!
+$! End The Option File Search.
+$!
+$ ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$ WRITE SYS$OUTPUT "We Can't Link Without It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$ WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NODEBUG")
+$ THEN
+$!
+$! P1 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$ DEBUGGER = "NODEBUG"
+$ TRACEBACK = "NOTRACEBACK"
+$ GCC_OPTIMIZE = "OPTIMIZE"
+$ CC_OPTIMIZE = "OPTIMIZE"
+$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Check To See If We Are To Compile With Debugger Information.
+$!
+$ IF (P1.EQS."DEBUG")
+$ THEN
+$!
+$! Compile With Debugger Information.
+$!
+$ DEBUGGER = "DEBUG"
+$ TRACEBACK = "TRACEBACK"
+$ GCC_OPTIMIZE = "NOOPTIMIZE"
+$ CC_OPTIMIZE = "NOOPTIMIZE"
+$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
+$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."")
+$ THEN
+$!
+$! O.K., The User Didn't Specify A Compiler, Let's Try To
+$! Find Out Which One To Use.
+$!
+$! Check To See If We Have GNU C.
+$!
+$ IF (F$TRNLNM("GNU_CC").NES."")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ P2 = "GNUC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Check To See If We Have VAXC Or DECC.
+$!
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ P2 = "DECC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ P2 = "VAXC"
+$!
+$! End The VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The DECC & VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P3.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$! Find out what socket library we have available
+$!
+$ IF F$PARSE("SOCKETSHR:") .NES. ""
+$ THEN
+$!
+$! We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$ P3 = "SOCKETSHR"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$! Else, let's look for something else
+$!
+$ ELSE
+$!
+$! Like UCX (the reason to do this before Multinet is that the UCX
+$! emulation is easier to use...)
+$!
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+ .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+ .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$ THEN
+$!
+$! Last resort: a UCX or UCX-compatible library
+$!
+$ P3 = "UCX"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$! That was all...
+$!
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "MONOLITH"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+ CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$! Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If The User Wanted DECC.
+$!
+$ IF (P2.EQS."DECC")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ COMPILER = "DECC"
+$!
+$! Tell The User We Are Using DECC.
+$!
+$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$! Use DECC...
+$!
+$ CC = "CC"
+$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+ THEN CC = "CC/DECC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+ "/NOLIST/PREFIX=ALL" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$!
+$! End DECC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use VAXC.
+$!
+$ IF (P2.EQS."VAXC")
+$ THEN
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ COMPILER = "VAXC"
+$!
+$! Tell The User We Are Using VAX C.
+$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$! Compile Using VAXC.
+$!
+$ CC = "CC"
+$ IF ARCH.NES."VAX"
+$ THEN
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
+$ EXIT
+$ ENDIF
+$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$ CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$! Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$!
+$! End VAXC Check
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use GNU C.
+$!
+$ IF (P2.EQS."GNUC")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ COMPILER = "GNUC"
+$!
+$! Tell The User We Are Using GNUC.
+$!
+$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$! Use GNU C...
+$!
+$ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Set up default defines
+$!
+$ CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
+$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
+$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
+ .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
+$ THEN
+$!
+$! Check to see if SOCKETSHR was chosen
+$!
+$ IF P3.EQS."SOCKETSHR"
+$ THEN
+$!
+$! Set the library to use SOCKETSHR
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$! Done with SOCKETSHR
+$!
+$ ENDIF
+$!
+$! Check to see if MULTINET was chosen
+$!
+$ IF P3.EQS."MULTINET"
+$ THEN
+$!
+$! Set the library to use UCX emulation.
+$!
+$ P3 = "UCX"
+$!
+$! Done with MULTINET
+$!
+$ ENDIF
+$!
+$! Check to see if UCX was chosen
+$!
+$ IF P3.EQS."UCX"
+$ THEN
+$!
+$! Set the library to use UCX.
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$ THEN
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$ ELSE
+$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$ ENDIF
+$!
+$! Done with UCX
+$!
+$ ENDIF
+$!
+$! Check to see if TCPIP (post UCX) was chosen
+$!
+$ IF P3.EQS."TCPIP"
+$ THEN
+$!
+$! Set the library to use TCPIP.
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Check to see if NONE was chosen
+$!
+$ IF P3.EQS."NONE"
+$ THEN
+$!
+$! Do not use TCPIP.
+$!
+$ TCPIP_LIB = ""
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Add TCP/IP type to CC definitions.
+$!
+$ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
+$!
+$! Print info
+$!
+$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
+$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
+$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$ IF CCDISABLEWARNINGS .NES. ""
+$ THEN
+$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$ ENDIF
+$ ELSE
+$ CCDISABLEWARNINGS = ""
+$ ENDIF
+$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$! Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By: Richard Levitte
+$! richard at levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$! Get The Version Of VMS We Are Using.
+$!
+$ ISSEVEN :=
+$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$! Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$ IF (TMP.GE.71)
+$ THEN
+$!
+$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$ ISSEVEN := ,PTHREAD_USE_D4
+$!
+$! End The VMS Version Check.
+$!
+$ ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the programs.
+$!
+$ IF P5 .NES. ""
+$ THEN
+$ PROGRAMS = P5
+$ ENDIF
+$!
+$! Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "APPS]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$ DEASSIGN OPENSSL
+$ ELSE
+$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
Added: vendor-crypto/openssl/dist/apps/md4.c
===================================================================
--- vendor-crypto/openssl/dist/apps/md4.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/md4.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+link ../crypto/md4/md4.c
\ No newline at end of file
Property changes on: vendor-crypto/openssl/dist/apps/md4.c
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Added: vendor-crypto/openssl/dist/apps/nseq.c
===================================================================
--- vendor-crypto/openssl/dist/apps/nseq.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/nseq.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,167 @@
+/* nseq.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG nseq_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ char **args, *infile = NULL, *outfile = NULL;
+ BIO *in = NULL, *out = NULL;
+ int toseq = 0;
+ X509 *x509 = NULL;
+ NETSCAPE_CERT_SEQUENCE *seq = NULL;
+ int i, ret = 1;
+ int badarg = 0;
+ if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ ERR_load_crypto_strings();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp (*args, "-toseq")) toseq = 1;
+ else if (!strcmp (*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else badarg = 1;
+ } else badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ BIO_printf (bio_err, "Netscape certificate sequence utility\n");
+ BIO_printf (bio_err, "Usage nseq [options]\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-toseq output NS Sequence file\n");
+ OPENSSL_EXIT(1);
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file (infile, "r"))) {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file (outfile, "w"))) {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (toseq) {
+ seq = NETSCAPE_CERT_SEQUENCE_new();
+ seq->certs = sk_X509_new_null();
+ while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ sk_X509_push(seq->certs,x509);
+
+ if(!sk_X509_num(seq->certs))
+ {
+ BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+ ret = 0;
+ goto end;
+ }
+
+ if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
+ BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ for(i = 0; i < sk_X509_num(seq->certs); i++) {
+ x509 = sk_X509_value(seq->certs, i);
+ dump_cert_text(out, x509);
+ PEM_write_bio_X509(out, x509);
+ }
+ ret = 0;
+end:
+ BIO_free(in);
+ BIO_free_all(out);
+ NETSCAPE_CERT_SEQUENCE_free(seq);
+
+ OPENSSL_EXIT(ret);
+}
+
Added: vendor-crypto/openssl/dist/apps/ocsp.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/ocsp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1356 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_OCSP
+#define USE_SOCKETS
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h" /* needs to be included before the openssl headers! */
+#include <openssl/e_os2.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK *names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout);
+
+#undef PROG
+#define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char **args;
+ char *host = NULL, *port = NULL, *path = "/";
+ char *thost = NULL, *tport = NULL, *tpath = NULL;
+ char *reqin = NULL, *respin = NULL;
+ char *reqout = NULL, *respout = NULL;
+ char *signfile = NULL, *keyfile = NULL;
+ char *rsignfile = NULL, *rkeyfile = NULL;
+ char *outfile = NULL;
+ int add_nonce = 1, noverify = 0, use_ssl = -1;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ X509 *issuer = NULL, *cert = NULL;
+ X509 *signer = NULL, *rsigner = NULL;
+ EVP_PKEY *key = NULL, *rkey = NULL;
+ BIO *acbio = NULL, *cbio = NULL;
+ BIO *derbio = NULL;
+ BIO *out = NULL;
+ int req_timeout = -1;
+ int req_text = 0, resp_text = 0;
+ long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+ char *CAfile = NULL, *CApath = NULL;
+ X509_STORE *store = NULL;
+ STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+ unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+ int ret = 1;
+ int accept_count = -1;
+ int badarg = 0;
+ int i;
+ int ignore_err = 0;
+ STACK *reqnames = NULL;
+ STACK_OF(OCSP_CERTID) *ids = NULL;
+
+ X509 *rca_cert = NULL;
+ char *ridx_filename = NULL;
+ char *rca_filename = NULL;
+ CA_DB *rdb = NULL;
+ int nmin = 0, ndays = -1;
+
+ if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+ args = argv + 1;
+ reqnames = sk_new_null();
+ ids = sk_OCSP_CERTID_new_null();
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp(*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-timeout"))
+ {
+ if (args[1])
+ {
+ args++;
+ req_timeout = atol(*args);
+ if (req_timeout < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal timeout value %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-url"))
+ {
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
+ if (args[1])
+ {
+ args++;
+ if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
+ {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ badarg = 1;
+ }
+ thost = host;
+ tport = port;
+ tpath = path;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-host"))
+ {
+ if (args[1])
+ {
+ args++;
+ host = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-port"))
+ {
+ if (args[1])
+ {
+ args++;
+ port = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-ignore_err"))
+ ignore_err = 1;
+ else if (!strcmp(*args, "-noverify"))
+ noverify = 1;
+ else if (!strcmp(*args, "-nonce"))
+ add_nonce = 2;
+ else if (!strcmp(*args, "-no_nonce"))
+ add_nonce = 0;
+ else if (!strcmp(*args, "-resp_no_certs"))
+ rflags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-resp_key_id"))
+ rflags |= OCSP_RESPID_KEY;
+ else if (!strcmp(*args, "-no_certs"))
+ sign_flags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-no_signature_verify"))
+ verify_flags |= OCSP_NOSIGS;
+ else if (!strcmp(*args, "-no_cert_verify"))
+ verify_flags |= OCSP_NOVERIFY;
+ else if (!strcmp(*args, "-no_chain"))
+ verify_flags |= OCSP_NOCHAIN;
+ else if (!strcmp(*args, "-no_cert_checks"))
+ verify_flags |= OCSP_NOCHECKS;
+ else if (!strcmp(*args, "-no_explicit"))
+ verify_flags |= OCSP_NOEXPLICIT;
+ else if (!strcmp(*args, "-trust_other"))
+ verify_flags |= OCSP_TRUSTOTHER;
+ else if (!strcmp(*args, "-no_intern"))
+ verify_flags |= OCSP_NOINTERN;
+ else if (!strcmp(*args, "-text"))
+ {
+ req_text = 1;
+ resp_text = 1;
+ }
+ else if (!strcmp(*args, "-req_text"))
+ req_text = 1;
+ else if (!strcmp(*args, "-resp_text"))
+ resp_text = 1;
+ else if (!strcmp(*args, "-reqin"))
+ {
+ if (args[1])
+ {
+ args++;
+ reqin = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-respin"))
+ {
+ if (args[1])
+ {
+ args++;
+ respin = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-signer"))
+ {
+ if (args[1])
+ {
+ args++;
+ signfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-VAfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ verify_certfile = *args;
+ verify_flags |= OCSP_TRUSTOTHER;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-sign_other"))
+ {
+ if (args[1])
+ {
+ args++;
+ sign_certfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-verify_other"))
+ {
+ if (args[1])
+ {
+ args++;
+ verify_certfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ CAfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (args[1])
+ {
+ args++;
+ CApath = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-validity_period"))
+ {
+ if (args[1])
+ {
+ args++;
+ nsec = atol(*args);
+ if (nsec < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal validity period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-status_age"))
+ {
+ if (args[1])
+ {
+ args++;
+ maxage = atol(*args);
+ if (maxage < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal validity age %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-signkey"))
+ {
+ if (args[1])
+ {
+ args++;
+ keyfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-reqout"))
+ {
+ if (args[1])
+ {
+ args++;
+ reqout = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-respout"))
+ {
+ if (args[1])
+ {
+ args++;
+ respout = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-path"))
+ {
+ if (args[1])
+ {
+ args++;
+ path = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-issuer"))
+ {
+ if (args[1])
+ {
+ args++;
+ X509_free(issuer);
+ issuer = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "issuer certificate");
+ if(!issuer) goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-cert"))
+ {
+ if (args[1])
+ {
+ args++;
+ X509_free(cert);
+ cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "certificate");
+ if(!cert) goto end;
+ if(!add_ocsp_cert(&req, cert, issuer, ids))
+ goto end;
+ if(!sk_push(reqnames, *args))
+ goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-serial"))
+ {
+ if (args[1])
+ {
+ args++;
+ if(!add_ocsp_serial(&req, *args, issuer, ids))
+ goto end;
+ if(!sk_push(reqnames, *args))
+ goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-index"))
+ {
+ if (args[1])
+ {
+ args++;
+ ridx_filename = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-CA"))
+ {
+ if (args[1])
+ {
+ args++;
+ rca_filename = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-nmin"))
+ {
+ if (args[1])
+ {
+ args++;
+ nmin = atol(*args);
+ if (nmin < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal update period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ if (ndays == -1)
+ ndays = 0;
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-nrequest"))
+ {
+ if (args[1])
+ {
+ args++;
+ accept_count = atol(*args);
+ if (accept_count < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal accept count %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-ndays"))
+ {
+ if (args[1])
+ {
+ args++;
+ ndays = atol(*args);
+ if (ndays < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal update period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rsigner"))
+ {
+ if (args[1])
+ {
+ args++;
+ rsignfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rkey"))
+ {
+ if (args[1])
+ {
+ args++;
+ rkeyfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rother"))
+ {
+ if (args[1])
+ {
+ args++;
+ rcertfile = *args;
+ }
+ else badarg = 1;
+ }
+ else badarg = 1;
+ args++;
+ }
+
+ /* Have we anything to do? */
+ if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
+
+ if (badarg)
+ {
+ BIO_printf (bio_err, "OCSP utility\n");
+ BIO_printf (bio_err, "Usage ocsp [options]\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-out file output filename\n");
+ BIO_printf (bio_err, "-issuer file issuer certificate\n");
+ BIO_printf (bio_err, "-cert file certificate to check\n");
+ BIO_printf (bio_err, "-serial n serial number to check\n");
+ BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
+ BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
+ BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
+ BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
+ BIO_printf (bio_err, "-req_text print text form of request\n");
+ BIO_printf (bio_err, "-resp_text print text form of response\n");
+ BIO_printf (bio_err, "-text print text form of request and response\n");
+ BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+ BIO_printf (bio_err, "-noverify don't verify response at all\n");
+ BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
+ BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
+ BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
+ BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
+ BIO_printf (bio_err, "-no_chain don't chain verify response\n");
+ BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf (bio_err, "-port num port to run responder on\n");
+ BIO_printf (bio_err, "-index file certificate status index file\n");
+ BIO_printf (bio_err, "-CA file CA certificate\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
+ BIO_printf (bio_err, "-rother file other certificates to include in response\n");
+ BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
+ BIO_printf (bio_err, "-ndays n number of days before next update\n");
+ BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
+ goto end;
+ }
+
+ if(outfile) out = BIO_new_file(outfile, "w");
+ else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if(!out)
+ {
+ BIO_printf(bio_err, "Error opening output file\n");
+ goto end;
+ }
+
+ if (!req && (add_nonce != 2)) add_nonce = 0;
+
+ if (!req && reqin)
+ {
+ derbio = BIO_new_file(reqin, "rb");
+ if (!derbio)
+ {
+ BIO_printf(bio_err, "Error Opening OCSP request file\n");
+ goto end;
+ }
+ req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+ BIO_free(derbio);
+ if(!req)
+ {
+ BIO_printf(bio_err, "Error reading OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (!req && port)
+ {
+ acbio = init_responder(port);
+ if (!acbio)
+ goto end;
+ }
+
+ if (rsignfile && !rdb)
+ {
+ if (!rkeyfile) rkeyfile = rsignfile;
+ rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+ NULL, e, "responder certificate");
+ if (!rsigner)
+ {
+ BIO_printf(bio_err, "Error loading responder certificate\n");
+ goto end;
+ }
+ rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+ NULL, e, "CA certificate");
+ if (rcertfile)
+ {
+ rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+ NULL, e, "responder other certificates");
+ if (!rother) goto end;
+ }
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ "responder private key");
+ if (!rkey)
+ goto end;
+ }
+ if(acbio)
+ BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+ redo_accept:
+
+ if (acbio)
+ {
+ if (!do_responder(&req, &cbio, acbio, port))
+ goto end;
+ if (!req)
+ {
+ resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ send_ocsp_response(cbio, resp);
+ goto done_resp;
+ }
+ }
+
+ if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
+ {
+ BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+ goto end;
+ }
+
+ if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
+
+ if (signfile)
+ {
+ if (!keyfile) keyfile = signfile;
+ signer = load_cert(bio_err, signfile, FORMAT_PEM,
+ NULL, e, "signer certificate");
+ if (!signer)
+ {
+ BIO_printf(bio_err, "Error loading signer certificate\n");
+ goto end;
+ }
+ if (sign_certfile)
+ {
+ sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+ NULL, e, "signer certificates");
+ if (!sign_other) goto end;
+ }
+ key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+ "signer private key");
+ if (!key)
+ goto end;
+ if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
+ {
+ BIO_printf(bio_err, "Error signing OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (req_text && req) OCSP_REQUEST_print(out, req, 0);
+
+ if (reqout)
+ {
+ derbio = BIO_new_file(reqout, "wb");
+ if(!derbio)
+ {
+ BIO_printf(bio_err, "Error opening file %s\n", reqout);
+ goto end;
+ }
+ i2d_OCSP_REQUEST_bio(derbio, req);
+ BIO_free(derbio);
+ }
+
+ if (ridx_filename && (!rkey || !rsigner || !rca_cert))
+ {
+ BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
+ goto end;
+ }
+
+ if (ridx_filename && !rdb)
+ {
+ rdb = load_index(ridx_filename, NULL);
+ if (!rdb) goto end;
+ if (!index_index(rdb)) goto end;
+ }
+
+ if (rdb)
+ {
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
+ if (cbio)
+ send_ocsp_response(cbio, resp);
+ }
+ else if (host)
+ {
+#ifndef OPENSSL_NO_SOCK
+ resp = process_responder(bio_err, req, host, path,
+ port, use_ssl, req_timeout);
+ if (!resp)
+ goto end;
+#else
+ BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
+ goto end;
+#endif
+ }
+ else if (respin)
+ {
+ derbio = BIO_new_file(respin, "rb");
+ if (!derbio)
+ {
+ BIO_printf(bio_err, "Error Opening OCSP response file\n");
+ goto end;
+ }
+ resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+ BIO_free(derbio);
+ if(!resp)
+ {
+ BIO_printf(bio_err, "Error reading OCSP response\n");
+ goto end;
+ }
+
+ }
+ else
+ {
+ ret = 0;
+ goto end;
+ }
+
+ done_resp:
+
+ if (respout)
+ {
+ derbio = BIO_new_file(respout, "wb");
+ if(!derbio)
+ {
+ BIO_printf(bio_err, "Error opening file %s\n", respout);
+ goto end;
+ }
+ i2d_OCSP_RESPONSE_bio(derbio, resp);
+ BIO_free(derbio);
+ }
+
+ i = OCSP_response_status(resp);
+
+ if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+ {
+ BIO_printf(out, "Responder Error: %s (%d)\n",
+ OCSP_response_status_str(i), i);
+ if (ignore_err)
+ goto redo_accept;
+ ret = 0;
+ goto end;
+ }
+
+ if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
+
+ /* If running as responder don't verify our own response */
+ if (cbio)
+ {
+ if (accept_count > 0)
+ accept_count--;
+ /* Redo if more connections needed */
+ if (accept_count)
+ {
+ BIO_free_all(cbio);
+ cbio = NULL;
+ OCSP_REQUEST_free(req);
+ req = NULL;
+ OCSP_RESPONSE_free(resp);
+ resp = NULL;
+ goto redo_accept;
+ }
+ goto end;
+ }
+
+ if (!store)
+ store = setup_verify(bio_err, CAfile, CApath);
+ if (!store)
+ goto end;
+ if (verify_certfile)
+ {
+ verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+ NULL, e, "validator certificate");
+ if (!verify_other) goto end;
+ }
+
+ bs = OCSP_response_get1_basic(resp);
+
+ if (!bs)
+ {
+ BIO_printf(bio_err, "Error parsing response\n");
+ goto end;
+ }
+
+ if (!noverify)
+ {
+ if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
+ {
+ if (i == -1)
+ BIO_printf(bio_err, "WARNING: no nonce in response\n");
+ else
+ {
+ BIO_printf(bio_err, "Nonce Verify error\n");
+ goto end;
+ }
+ }
+
+ i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+ if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
+
+ if(i <= 0)
+ {
+ BIO_printf(bio_err, "Response Verify Failure\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ BIO_printf(bio_err, "Response verify OK\n");
+
+ }
+
+ if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+ goto end;
+
+ ret = 0;
+
+end:
+ ERR_print_errors(bio_err);
+ X509_free(signer);
+ X509_STORE_free(store);
+ EVP_PKEY_free(key);
+ EVP_PKEY_free(rkey);
+ X509_free(issuer);
+ X509_free(cert);
+ X509_free(rsigner);
+ X509_free(rca_cert);
+ free_index(rdb);
+ BIO_free_all(cbio);
+ BIO_free_all(acbio);
+ BIO_free(out);
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ sk_free(reqnames);
+ sk_OCSP_CERTID_free(ids);
+ sk_X509_pop_free(sign_other, X509_free);
+ sk_X509_pop_free(verify_other, X509_free);
+
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
+
+ OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+ {
+ OCSP_CERTID *id;
+ if(!issuer)
+ {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if(!*req) *req = OCSP_REQUEST_new();
+ if(!*req) goto err;
+ id = OCSP_cert_to_id(NULL, cert, issuer);
+ if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+ if(!OCSP_request_add0_id(*req, id)) goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+ }
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+ {
+ OCSP_CERTID *id;
+ X509_NAME *iname;
+ ASN1_BIT_STRING *ikey;
+ ASN1_INTEGER *sno;
+ if(!issuer)
+ {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if(!*req) *req = OCSP_REQUEST_new();
+ if(!*req) goto err;
+ iname = X509_get_subject_name(issuer);
+ ikey = X509_get0_pubkey_bitstr(issuer);
+ sno = s2i_ASN1_INTEGER(NULL, serial);
+ if(!sno)
+ {
+ BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+ return 0;
+ }
+ id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+ ASN1_INTEGER_free(sno);
+ if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+ if(!OCSP_request_add0_id(*req, id)) goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+ }
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK *names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage)
+ {
+ OCSP_CERTID *id;
+ char *name;
+ int i;
+
+ int status, reason;
+
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+ return 1;
+
+ for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
+ {
+ id = sk_OCSP_CERTID_value(ids, i);
+ name = sk_value(names, i);
+ BIO_printf(out, "%s: ", name);
+
+ if(!OCSP_resp_find_status(bs, id, &status, &reason,
+ &rev, &thisupd, &nextupd))
+ {
+ BIO_puts(out, "ERROR: No Status found.\n");
+ continue;
+ }
+
+ /* Check validity: if invalid write to output BIO so we
+ * know which response this refers to.
+ */
+ if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
+ {
+ BIO_puts(out, "WARNING: Status times invalid.\n");
+ ERR_print_errors(out);
+ }
+ BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+ BIO_puts(out, "\tThis Update: ");
+ ASN1_GENERALIZEDTIME_print(out, thisupd);
+ BIO_puts(out, "\n");
+
+ if(nextupd)
+ {
+ BIO_puts(out, "\tNext Update: ");
+ ASN1_GENERALIZEDTIME_print(out, nextupd);
+ BIO_puts(out, "\n");
+ }
+
+ if (status != V_OCSP_CERTSTATUS_REVOKED)
+ continue;
+
+ if (reason != -1)
+ BIO_printf(out, "\tReason: %s\n",
+ OCSP_crl_reason_str(reason));
+
+ BIO_puts(out, "\tRevocation Time: ");
+ ASN1_GENERALIZEDTIME_print(out, rev);
+ BIO_puts(out, "\n");
+ }
+
+ return 1;
+ }
+
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays)
+ {
+ ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+ OCSP_CERTID *cid, *ca_id = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ int i, id_count, ret = 1;
+
+
+ id_count = OCSP_request_onereq_count(req);
+
+ if (id_count <= 0)
+ {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ goto end;
+ }
+
+ ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
+
+ bs = OCSP_BASICRESP_new();
+ thisupd = X509_gmtime_adj(NULL, 0);
+ if (ndays != -1)
+ nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
+
+ /* Examine each certificate id in the request */
+ for (i = 0; i < id_count; i++)
+ {
+ OCSP_ONEREQ *one;
+ ASN1_INTEGER *serial;
+ char **inf;
+ one = OCSP_request_onereq_get0(req, i);
+ cid = OCSP_onereq_get0_id(one);
+ /* Is this request about our CA? */
+ if (OCSP_id_issuer_cmp(ca_id, cid))
+ {
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
+ continue;
+ }
+ OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+ inf = lookup_serial(db, serial);
+ if (!inf)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_VAL)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_GOOD,
+ 0, NULL,
+ thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_REV)
+ {
+ ASN1_OBJECT *inst = NULL;
+ ASN1_TIME *revtm = NULL;
+ ASN1_GENERALIZEDTIME *invtm = NULL;
+ OCSP_SINGLERESP *single;
+ int reason = -1;
+ unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+ single = OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_REVOKED,
+ reason, revtm,
+ thisupd, nextupd);
+ if (invtm)
+ OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
+ else if (inst)
+ OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
+ ASN1_OBJECT_free(inst);
+ ASN1_TIME_free(revtm);
+ ASN1_GENERALIZEDTIME_free(invtm);
+ }
+ }
+
+ OCSP_copy_nonce(bs, req);
+
+ OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+ ASN1_TIME_free(thisupd);
+ ASN1_TIME_free(nextupd);
+ OCSP_CERTID_free(ca_id);
+ OCSP_BASICRESP_free(bs);
+ return ret;
+
+ }
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+ {
+ int i;
+ BIGNUM *bn = NULL;
+ char *itmp, *row[DB_NUMBER],**rrow;
+ for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
+ bn = ASN1_INTEGER_to_BN(ser,NULL);
+ OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
+ if (BN_is_zero(bn))
+ itmp = BUF_strdup("00");
+ else
+ itmp = BN_bn2hex(bn);
+ row[DB_serial] = itmp;
+ BN_free(bn);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+ OPENSSL_free(itmp);
+ return rrow;
+ }
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+ {
+ BIO *acbio = NULL, *bufbio = NULL;
+ bufbio = BIO_new(BIO_f_buffer());
+ if (!bufbio)
+ goto err;
+#ifndef OPENSSL_NO_SOCK
+ acbio = BIO_new_accept(port);
+#else
+ BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
+#endif
+ if (!acbio)
+ goto err;
+ BIO_set_accept_bios(acbio, bufbio);
+ bufbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0)
+ {
+ BIO_printf(bio_err, "Error setting up accept BIO\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ return acbio;
+
+ err:
+ BIO_free_all(acbio);
+ BIO_free(bufbio);
+ return NULL;
+ }
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+ {
+ int have_post = 0, len;
+ OCSP_REQUEST *req = NULL;
+ char inbuf[1024];
+ BIO *cbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0)
+ {
+ BIO_printf(bio_err, "Error accepting connection\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ cbio = BIO_pop(acbio);
+ *pcbio = cbio;
+
+ for(;;)
+ {
+ len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ if (len <= 0)
+ return 1;
+ /* Look for "POST" signalling start of query */
+ if (!have_post)
+ {
+ if(strncmp(inbuf, "POST", 4))
+ {
+ BIO_printf(bio_err, "Invalid request\n");
+ return 1;
+ }
+ have_post = 1;
+ }
+ /* Look for end of headers */
+ if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+ break;
+ }
+
+ /* Try to read OCSP request */
+
+ req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+ if (!req)
+ {
+ BIO_printf(bio_err, "Error parsing OCSP request\n");
+ ERR_print_errors(bio_err);
+ }
+
+ *preq = req;
+
+ return 1;
+
+ }
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+ {
+ char http_resp[] =
+ "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+ "Content-Length: %d\r\n\r\n";
+ if (!cbio)
+ return 0;
+ BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+ i2d_OCSP_RESPONSE_bio(cbio, resp);
+ (void)BIO_flush(cbio);
+ return 1;
+ }
+
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout)
+ {
+ int fd;
+ int rv;
+ OCSP_REQ_CTX *ctx = NULL;
+ OCSP_RESPONSE *rsp = NULL;
+ fd_set confds;
+ struct timeval tv;
+
+ if (req_timeout != -1)
+ BIO_set_nbio(cbio, 1);
+
+ rv = BIO_do_connect(cbio);
+
+ if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
+ {
+ BIO_puts(err, "Error connecting BIO\n");
+ return NULL;
+ }
+
+ if (req_timeout == -1)
+ return OCSP_sendreq_bio(cbio, path, req);
+
+ if (BIO_get_fd(cbio, &fd) <= 0)
+ {
+ BIO_puts(err, "Can't get connection fd\n");
+ goto err;
+ }
+
+ if (rv <= 0)
+ {
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ if (rv == 0)
+ {
+ BIO_puts(err, "Timeout on connect\n");
+ return NULL;
+ }
+ }
+
+
+ ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ if (!ctx)
+ return NULL;
+
+ for (;;)
+ {
+ rv = OCSP_sendreq_nbio(&rsp, ctx);
+ if (rv != -1)
+ break;
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ if (BIO_should_read(cbio))
+ rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+ else if (BIO_should_write(cbio))
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ else
+ {
+ BIO_puts(err, "Unexpected retry condition\n");
+ goto err;
+ }
+ if (rv == 0)
+ {
+ BIO_puts(err, "Timeout on request\n");
+ break;
+ }
+ if (rv == -1)
+ {
+ BIO_puts(err, "Select error\n");
+ break;
+ }
+
+ }
+ err:
+ if (ctx)
+ OCSP_REQ_CTX_free(ctx);
+
+ return rsp;
+ }
+
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port, int use_ssl,
+ int req_timeout)
+ {
+ BIO *cbio = NULL;
+ SSL_CTX *ctx = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ cbio = BIO_new_connect(host);
+ if (!cbio)
+ {
+ BIO_printf(err, "Error creating connect BIO\n");
+ goto end;
+ }
+ if (port) BIO_set_conn_port(cbio, port);
+ if (use_ssl == 1)
+ {
+ BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+ BIO_printf(err, "SSL is disabled\n");
+ goto end;
+#endif
+ if (ctx == NULL)
+ {
+ BIO_printf(err, "Error creating SSL context.\n");
+ goto end;
+ }
+ SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+ sbio = BIO_new_ssl(ctx, 1);
+ cbio = BIO_push(sbio, cbio);
+ }
+ resp = query_responder(err, cbio, path, req, req_timeout);
+ if (!resp)
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+ if (ctx)
+ SSL_CTX_free(ctx);
+ if (cbio)
+ BIO_free_all(cbio);
+ return resp;
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/apps/oid.cnf
===================================================================
--- vendor-crypto/openssl/dist/apps/oid.cnf (rev 0)
+++ vendor-crypto/openssl/dist/apps/oid.cnf 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,6 @@
+2.99999.1 SET.ex1 SET x509v3 extension 1
+2.99999.2 SET.ex2 SET x509v3 extension 2
+2.99999.3 SET.ex3 SET x509v3 extension 3
+2.99999.4 SET.ex4 SET x509v3 extension 4
+2.99999.5 SET.ex5 SET x509v3 extension 5
+2.99999.6 SET.ex6 SET x509v3 extension 6
Added: vendor-crypto/openssl/dist/apps/openssl-vms.cnf
===================================================================
--- vendor-crypto/openssl/dist/apps/openssl-vms.cnf (rev 0)
+++ vendor-crypto/openssl/dist/apps/openssl-vms.cnf 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,313 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = sys\$disk:[.demoCA # Where everything is kept
+certs = $dir.certs] # Where the issued certs are kept
+crl_dir = $dir.crl] # Where the issued crl are kept
+database = $dir]index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir.newcerts] # default place for new certs.
+
+certificate = $dir]cacert.pem # The CA certificate
+serial = $dir]serial. # The current serial number
+crlnumber = $dir]crlnumber. # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir]crl.pem # The current CRL
+private_key = $dir.private]cakey.pem# The private key
+RANDFILE = $dir.private].rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
Added: vendor-crypto/openssl/dist/apps/openssl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/openssl.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/openssl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,544 @@
+/* apps/openssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#include "progs.h"
+#include "s_apps.h"
+#include <openssl/err.h>
+
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static unsigned long MS_CALLBACK hash(const void *a_void);
+/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
+static LHASH *prog_init(void );
+static int do_cmd(LHASH *prog,int argc,char *argv[]);
+char *default_config_file=NULL;
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+CONF *config=NULL;
+BIO *bio_err=NULL;
+int in_FIPS_mode=0;
+#endif
+
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ {
+ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+ rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+ if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+ {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ if (type < 0 || type >= CRYPTO_NUM_LOCKS)
+ {
+ errstr = "type out of bounds";
+ goto err;
+ }
+
+ if (mode & CRYPTO_LOCK)
+ {
+ if (modes[type])
+ {
+ errstr = "already locked";
+ /* must not happen in a single-threaded program
+ * (would deadlock) */
+ goto err;
+ }
+
+ modes[type] = rw;
+ }
+ else if (mode & CRYPTO_UNLOCK)
+ {
+ if (!modes[type])
+ {
+ errstr = "not locked";
+ goto err;
+ }
+
+ if (modes[type] != rw)
+ {
+ errstr = (rw == CRYPTO_READ) ?
+ "CRYPTO_r_unlock on write lock" :
+ "CRYPTO_w_unlock on read lock";
+ }
+
+ modes[type] = 0;
+ }
+ else
+ {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ err:
+ if (errstr)
+ {
+ /* we cannot use bio_err here */
+ fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+ errstr, mode, type, file, line);
+ }
+ }
+
+
+int main(int Argc, char *Argv[])
+ {
+ ARGS arg;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE+1];
+ FUNCTION f,*fp;
+ MS_STATIC const char *prompt;
+ MS_STATIC char buf[1024];
+ char *to_free=NULL;
+ int n,i,ret=0;
+ int argc;
+ char **argv,*p;
+ LHASH *prog=NULL;
+ long errline;
+
+ arg.data=NULL;
+ arg.count=0;
+
+ in_FIPS_mode = 0;
+
+ if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ in_FIPS_mode = 1;
+#else
+ fprintf(stderr, "FIPS mode not supported.\n");
+ EXIT(1);
+#endif
+ }
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+ {
+ if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+ {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ }
+ else
+ {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#if 0
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+#endif
+ {
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
+ apps_startup();
+
+ /* Lets load up our environment a little */
+ p=getenv("OPENSSL_CONF");
+ if (p == NULL)
+ p=getenv("SSLEAY_CONF");
+ if (p == NULL)
+ p=to_free=make_config_name();
+
+ default_config_file=p;
+
+ config=NCONF_new(NULL);
+ i=NCONF_load(config,p,&errline);
+ if (i == 0)
+ {
+ NCONF_free(config);
+ config = NULL;
+ ERR_clear_error();
+ }
+
+ prog=prog_init();
+
+ /* first check the program name */
+ program_name(Argv[0],pname,sizeof pname);
+
+ f.name=pname;
+ fp=(FUNCTION *)lh_retrieve(prog,&f);
+ if (fp != NULL)
+ {
+ Argv[0]=pname;
+ ret=fp->func(Argc,Argv);
+ goto end;
+ }
+
+ /* ok, now check that there are not arguments, if there are,
+ * run with them, shifting the ssleay off the front */
+ if (Argc != 1)
+ {
+ Argc--;
+ Argv++;
+ ret=do_cmd(prog,Argc,Argv);
+ if (ret < 0) ret=0;
+ goto end;
+ }
+
+ /* ok, lets enter the old 'OpenSSL>' mode */
+
+ for (;;)
+ {
+ ret=0;
+ p=buf;
+ n=sizeof buf;
+ i=0;
+ for (;;)
+ {
+ p[0]='\0';
+ if (i++)
+ prompt=">";
+ else prompt="OpenSSL> ";
+ fputs(prompt,stdout);
+ fflush(stdout);
+ if (!fgets(p,n,stdin))
+ goto end;
+ if (p[0] == '\0') goto end;
+ i=strlen(p);
+ if (i <= 1) break;
+ if (p[i-2] != '\\') break;
+ i-=2;
+ p+=i;
+ n-=i;
+ }
+ if (!chopup_args(&arg,buf,&argc,&argv)) break;
+
+ ret=do_cmd(prog,argc,argv);
+ if (ret < 0)
+ {
+ ret=0;
+ goto end;
+ }
+ if (ret != 0)
+ BIO_printf(bio_err,"error in %s\n",argv[0]);
+ (void)BIO_flush(bio_err);
+ }
+ BIO_printf(bio_err,"bad exit\n");
+ ret=1;
+end:
+ if (to_free)
+ OPENSSL_free(to_free);
+ if (config != NULL)
+ {
+ NCONF_free(config);
+ config=NULL;
+ }
+ if (prog != NULL) lh_free(prog);
+ if (arg.data != NULL) OPENSSL_free(arg.data);
+
+ apps_shutdown();
+
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ {
+ BIO_free(bio_err);
+ bio_err=NULL;
+ }
+ OPENSSL_EXIT(ret);
+ }
+
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
+ {
+ FUNCTION f,*fp;
+ int i,ret=1,tp,nl;
+
+ if ((argc <= 0) || (argv[0] == NULL))
+ { ret=0; goto end; }
+ f.name=argv[0];
+ fp=(FUNCTION *)lh_retrieve(prog,&f);
+ if (fp != NULL)
+ {
+ ret=fp->func(argc,argv);
+ }
+ else if ((strncmp(argv[0],"no-",3)) == 0)
+ {
+ BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_stdout = BIO_push(tmpbio, bio_stdout);
+ }
+#endif
+ f.name=argv[0]+3;
+ ret = (lh_retrieve(prog,&f) != NULL);
+ if (!ret)
+ BIO_printf(bio_stdout, "%s\n", argv[0]);
+ else
+ BIO_printf(bio_stdout, "%s\n", argv[0]+3);
+ BIO_free_all(bio_stdout);
+ goto end;
+ }
+ else if ((strcmp(argv[0],"quit") == 0) ||
+ (strcmp(argv[0],"q") == 0) ||
+ (strcmp(argv[0],"exit") == 0) ||
+ (strcmp(argv[0],"bye") == 0))
+ {
+ ret= -1;
+ goto end;
+ }
+ else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
+ (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+ (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+ {
+ int list_type;
+ BIO *bio_stdout;
+
+ if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+ list_type = FUNC_TYPE_GENERAL;
+ else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+ list_type = FUNC_TYPE_MD;
+ else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+ list_type = FUNC_TYPE_CIPHER;
+ bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_stdout = BIO_push(tmpbio, bio_stdout);
+ }
+#endif
+
+ for (fp=functions; fp->name != NULL; fp++)
+ if (fp->type == list_type)
+ BIO_printf(bio_stdout, "%s\n", fp->name);
+ BIO_free_all(bio_stdout);
+ ret=0;
+ goto end;
+ }
+ else
+ {
+ BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
+ argv[0]);
+ BIO_printf(bio_err, "\nStandard commands");
+ i=0;
+ tp=0;
+ for (fp=functions; fp->name != NULL; fp++)
+ {
+ nl=0;
+#ifdef OPENSSL_NO_CAMELLIA
+ if (((i++) % 5) == 0)
+#else
+ if (((i++) % 4) == 0)
+#endif
+ {
+ BIO_printf(bio_err,"\n");
+ nl=1;
+ }
+ if (fp->type != tp)
+ {
+ tp=fp->type;
+ if (!nl) BIO_printf(bio_err,"\n");
+ if (tp == FUNC_TYPE_MD)
+ {
+ i=1;
+ BIO_printf(bio_err,
+ "\nMessage Digest commands (see the `dgst' command for more details)\n");
+ }
+ else if (tp == FUNC_TYPE_CIPHER)
+ {
+ i=1;
+ BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
+ }
+ }
+#ifdef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err,"%-15s",fp->name);
+#else
+ BIO_printf(bio_err,"%-18s",fp->name);
+#endif
+ }
+ BIO_printf(bio_err,"\n\n");
+ ret=0;
+ }
+end:
+ return(ret);
+ }
+
+static int SortFnByName(const void *_f1,const void *_f2)
+ {
+ const FUNCTION *f1=_f1;
+ const FUNCTION *f2=_f2;
+
+ if(f1->type != f2->type)
+ return f1->type-f2->type;
+ return strcmp(f1->name,f2->name);
+ }
+
+static LHASH *prog_init(void)
+ {
+ LHASH *ret;
+ FUNCTION *f;
+ size_t i;
+
+ /* Purely so it looks nice when the user hits ? */
+ for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+ ;
+ qsort(functions,i,sizeof *functions,SortFnByName);
+
+ if ((ret=lh_new(hash, cmp)) == NULL)
+ return(NULL);
+
+ for (f=functions; f->name != NULL; f++)
+ lh_insert(ret,f);
+ return(ret);
+ }
+
+/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
+ {
+ return(strncmp(((const FUNCTION *)a_void)->name,
+ ((const FUNCTION *)b_void)->name,8));
+ }
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(const void *a_void)
+ {
+ return(lh_strhash(((const FUNCTION *)a_void)->name));
+ }
Added: vendor-crypto/openssl/dist/apps/openssl.cnf
===================================================================
--- vendor-crypto/openssl/dist/apps/openssl.cnf (rev 0)
+++ vendor-crypto/openssl/dist/apps/openssl.cnf 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,313 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
Added: vendor-crypto/openssl/dist/apps/passwd.c
===================================================================
--- vendor-crypto/openssl/dist/apps/passwd.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/passwd.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,512 @@
+/* apps/passwd.c */
+
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+# define NO_MD5CRYPT_1
+#endif
+
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+
+#include <assert.h>
+#include <string.h>
+
+#include "apps.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef NO_MD5CRYPT_1
+# include <openssl/md5.h>
+#endif
+
+
+#undef PROG
+#define PROG passwd_main
+
+
+static unsigned const char cov_2char[64]={
+ /* from crypto/des/fcrypt.c */
+ 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+ 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+ 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+ 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+ 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+ 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+ 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int use1, int useapr1);
+
+/* -crypt - standard Unix password algorithm (default)
+ * -1 - MD5-based password algorithm
+ * -apr1 - MD5-based password algorithm, Apache variant
+ * -salt string - salt
+ * -in file - read passwords from file
+ * -stdin - read passwords from stdin
+ * -noverify - never verify when reading password from terminal
+ * -quiet - no warnings
+ * -table - format output as table
+ * -reverse - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret = 1;
+ char *infile = NULL;
+ int in_stdin = 0;
+ int in_noverify = 0;
+ char *salt = NULL, *passwd = NULL, **passwds = NULL;
+ char *salt_malloc = NULL, *passwd_malloc = NULL;
+ size_t passwd_malloc_size = 0;
+ int pw_source_defined = 0;
+ BIO *in = NULL, *out = NULL;
+ int i, badopt, opt_done;
+ int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+ int usecrypt = 0, use1 = 0, useapr1 = 0;
+ size_t pw_maxlen = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+
+ badopt = 0, opt_done = 0;
+ i = 0;
+ while (!badopt && !opt_done && argv[++i] != NULL)
+ {
+ if (strcmp(argv[i], "-crypt") == 0)
+ usecrypt = 1;
+ else if (strcmp(argv[i], "-1") == 0)
+ use1 = 1;
+ else if (strcmp(argv[i], "-apr1") == 0)
+ useapr1 = 1;
+ else if (strcmp(argv[i], "-salt") == 0)
+ {
+ if ((argv[i+1] != NULL) && (salt == NULL))
+ {
+ passed_salt = 1;
+ salt = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-in") == 0)
+ {
+ if ((argv[i+1] != NULL) && !pw_source_defined)
+ {
+ pw_source_defined = 1;
+ infile = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-stdin") == 0)
+ {
+ if (!pw_source_defined)
+ {
+ pw_source_defined = 1;
+ in_stdin = 1;
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-noverify") == 0)
+ in_noverify = 1;
+ else if (strcmp(argv[i], "-quiet") == 0)
+ quiet = 1;
+ else if (strcmp(argv[i], "-table") == 0)
+ table = 1;
+ else if (strcmp(argv[i], "-reverse") == 0)
+ reverse = 1;
+ else if (argv[i][0] == '-')
+ badopt = 1;
+ else if (!pw_source_defined)
+ /* non-option arguments, use as passwords */
+ {
+ pw_source_defined = 1;
+ passwds = &argv[i];
+ opt_done = 1;
+ }
+ else
+ badopt = 1;
+ }
+
+ if (!usecrypt && !use1 && !useapr1) /* use default */
+ usecrypt = 1;
+ if (usecrypt + use1 + useapr1 > 1) /* conflict */
+ badopt = 1;
+
+ /* reject unsupported algorithms */
+#ifdef OPENSSL_NO_DES
+ if (usecrypt) badopt = 1;
+#endif
+#ifdef NO_MD5CRYPT_1
+ if (use1 || useapr1) badopt = 1;
+#endif
+
+ if (badopt)
+ {
+ BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+ BIO_printf(bio_err, "where options are\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
+#endif
+#ifndef NO_MD5CRYPT_1
+ BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
+ BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
+#endif
+ BIO_printf(bio_err, "-salt string use provided salt\n");
+ BIO_printf(bio_err, "-in file read passwords from file\n");
+ BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
+ BIO_printf(bio_err, "-quiet no warnings\n");
+ BIO_printf(bio_err, "-table format output as table\n");
+ BIO_printf(bio_err, "-reverse switch table columns\n");
+
+ goto err;
+ }
+
+ if ((infile != NULL) || in_stdin)
+ {
+ in = BIO_new(BIO_s_file());
+ if (in == NULL)
+ goto err;
+ if (infile != NULL)
+ {
+ assert(in_stdin == 0);
+ if (BIO_read_filename(in, infile) <= 0)
+ goto err;
+ }
+ else
+ {
+ assert(in_stdin);
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ }
+ }
+
+ if (usecrypt)
+ pw_maxlen = 8;
+ else if (use1 || useapr1)
+ pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
+
+ if (passwds == NULL)
+ {
+ /* no passwords on the command line */
+
+ passwd_malloc_size = pw_maxlen + 2;
+ /* longer than necessary so that we can warn about truncation */
+ passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
+ if (passwd_malloc == NULL)
+ goto err;
+ }
+
+ if ((in == NULL) && (passwds == NULL))
+ {
+ /* build a null-terminated list */
+ static char *passwds_static[2] = {NULL, NULL};
+
+ passwds = passwds_static;
+ if (in == NULL)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
+ goto err;
+ passwds[0] = passwd_malloc;
+ }
+
+ if (in == NULL)
+ {
+ assert(passwds != NULL);
+ assert(*passwds != NULL);
+
+ do /* loop over list of passwords */
+ {
+ passwd = *passwds++;
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+ goto err;
+ }
+ while (*passwds != NULL);
+ }
+ else
+ /* in != NULL */
+ {
+ int done;
+
+ assert (passwd != NULL);
+ do
+ {
+ int r = BIO_gets(in, passwd, pw_maxlen + 1);
+ if (r > 0)
+ {
+ char *c = (strchr(passwd, '\n')) ;
+ if (c != NULL)
+ *c = 0; /* truncate at newline */
+ else
+ {
+ /* ignore rest of line */
+ char trash[BUFSIZ];
+ do
+ r = BIO_gets(in, trash, sizeof trash);
+ while ((r > 0) && (!strchr(trash, '\n')));
+ }
+
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+ goto err;
+ }
+ done = (r <= 0);
+ }
+ while (!done);
+ }
+ ret = 0;
+
+err:
+ ERR_print_errors(bio_err);
+ if (salt_malloc)
+ OPENSSL_free(salt_malloc);
+ if (passwd_malloc)
+ OPENSSL_free(passwd_malloc);
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+
+#ifndef NO_MD5CRYPT_1
+/* MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable).
+ * For magic string "1", this should be compatible to the MD5-based BSD
+ * password algorithm.
+ * For 'magic' string "apr1", this is compatible to the MD5-based Apache
+ * password algorithm.
+ * (Apparently, the Apache password algorithm is identical except that the
+ * 'magic' string was changed -- the laziest application of the NIH principle
+ * I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+ {
+ static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ char *salt_out;
+ int n;
+ unsigned int i;
+ EVP_MD_CTX md,md2;
+ size_t passwd_len, salt_len;
+
+ passwd_len = strlen(passwd);
+ out_buf[0] = '$';
+ out_buf[1] = 0;
+ assert(strlen(magic) <= 4); /* "1" or "apr1" */
+ strncat(out_buf, magic, 4);
+ strncat(out_buf, "$", 1);
+ strncat(out_buf, salt, 8);
+ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+ salt_out = out_buf + 2 + strlen(magic);
+ salt_len = strlen(salt_out);
+ assert(salt_len <= 8);
+
+ EVP_MD_CTX_init(&md);
+ EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md, passwd, passwd_len);
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, magic, strlen(magic));
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, salt_out, salt_len);
+
+ EVP_MD_CTX_init(&md2);
+ EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
+
+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+ EVP_DigestUpdate(&md, buf, sizeof buf);
+ EVP_DigestUpdate(&md, buf, i);
+
+ n = passwd_len;
+ while (n)
+ {
+ EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
+ n >>= 1;
+ }
+ EVP_DigestFinal_ex(&md, buf, NULL);
+
+ for (i = 0; i < 1000; i++)
+ {
+ EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf);
+ if (i % 3)
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
+ if (i % 7)
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
+ (i & 1) ? sizeof buf : passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
+ }
+ EVP_MD_CTX_cleanup(&md2);
+
+ {
+ /* transform buf into output string */
+
+ unsigned char buf_perm[sizeof buf];
+ int dest, source;
+ char *output;
+
+ /* silly output permutation */
+ for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
+ buf_perm[dest] = buf[source];
+ buf_perm[14] = buf[5];
+ buf_perm[15] = buf[11];
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
+ assert(16 == sizeof buf_perm);
+#endif
+
+ output = salt_out + salt_len;
+ assert(output == out_buf + strlen(out_buf));
+
+ *output++ = '$';
+
+ for (i = 0; i < 15; i += 3)
+ {
+ *output++ = cov_2char[buf_perm[i+2] & 0x3f];
+ *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
+ (buf_perm[i+2] >> 6)];
+ *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+ (buf_perm[i+1] >> 4)];
+ *output++ = cov_2char[buf_perm[i] >> 2];
+ }
+ assert(i == 15);
+ *output++ = cov_2char[buf_perm[i] & 0x3f];
+ *output++ = cov_2char[buf_perm[i] >> 6];
+ *output = 0;
+ assert(strlen(out_buf) < sizeof(out_buf));
+ }
+ EVP_MD_CTX_cleanup(&md);
+
+ return out_buf;
+ }
+#endif
+
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int use1, int useapr1)
+ {
+ char *hash = NULL;
+
+ assert(salt_p != NULL);
+ assert(salt_malloc_p != NULL);
+
+ /* first make sure we have a salt */
+ if (!passed_salt)
+ {
+#ifndef OPENSSL_NO_DES
+ if (usecrypt)
+ {
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ goto err;
+ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+ (*salt_p)[2] = 0;
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+ * back to ASCII */
+#endif
+ }
+#endif /* !OPENSSL_NO_DES */
+
+#ifndef NO_MD5CRYPT_1
+ if (use1 || useapr1)
+ {
+ int i;
+
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ goto err;
+
+ for (i = 0; i < 8; i++)
+ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+ (*salt_p)[8] = 0;
+ }
+#endif /* !NO_MD5CRYPT_1 */
+ }
+
+ assert(*salt_p != NULL);
+
+ /* truncate password if necessary */
+ if ((strlen(passwd) > pw_maxlen))
+ {
+ if (!quiet)
+ /* XXX: really we should know how to print a size_t, not cast it */
+ BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
+ passwd[pw_maxlen] = 0;
+ }
+ assert(strlen(passwd) <= pw_maxlen);
+
+ /* now compute password hash */
+#ifndef OPENSSL_NO_DES
+ if (usecrypt)
+ hash = DES_crypt(passwd, *salt_p);
+#endif
+#ifndef NO_MD5CRYPT_1
+ if (use1 || useapr1)
+ hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+#endif
+ assert(hash != NULL);
+
+ if (table && !reverse)
+ BIO_printf(out, "%s\t%s\n", passwd, hash);
+ else if (table && reverse)
+ BIO_printf(out, "%s\t%s\n", hash, passwd);
+ else
+ BIO_printf(out, "%s\n", hash);
+ return 1;
+
+err:
+ return 0;
+ }
+#else
+
+int MAIN(int argc, char **argv)
+ {
+ fputs("Program not available.\n", stderr)
+ OPENSSL_EXIT(1);
+ }
+#endif
Added: vendor-crypto/openssl/dist/apps/pca-cert.srl
===================================================================
--- vendor-crypto/openssl/dist/apps/pca-cert.srl (rev 0)
+++ vendor-crypto/openssl/dist/apps/pca-cert.srl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+07
Added: vendor-crypto/openssl/dist/apps/pca-key.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/pca-key.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/pca-key.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/pca-req.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/pca-req.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/pca-req.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
+Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
+MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
+vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
+IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
+wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
+Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/pkcs12.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs12.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/pkcs12.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,971 @@
+/* pkcs12.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+#define uni2asc OPENSSL_uni2asc
+#define asc2uni OPENSSL_asc2uni
+#endif
+
+#define PROG pkcs12_main
+
+const EVP_CIPHER *enc;
+
+
+#define NOKEYS 0x1
+#define NOCERTS 0x2
+#define INFO 0x4
+#define CLCERTS 0x8
+#define CACERTS 0x10
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
+ int passlen, int options, char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ char *infile=NULL, *outfile=NULL, *keyname = NULL;
+ char *certfile=NULL;
+ BIO *in=NULL, *out = NULL;
+ char **args;
+ char *name = NULL;
+ char *csp_name = NULL;
+ int add_lmk = 0;
+ PKCS12 *p12 = NULL;
+ char pass[50], macpass[50];
+ int export_cert = 0;
+ int options = 0;
+ int chain = 0;
+ int badarg = 0;
+ int iter = PKCS12_DEFAULT_ITER;
+ int maciter = PKCS12_DEFAULT_ITER;
+ int twopass = 0;
+ int keytype = 0;
+ int cert_pbe;
+ int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ int ret = 1;
+ int macver = 1;
+ int noprompt = 0;
+ STACK *canames = NULL;
+ char *cpass = NULL, *mpass = NULL;
+ char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *inrand = NULL;
+ char *CApath = NULL, *CAfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ apps_startup();
+
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
+ enc = EVP_des_ede3_cbc();
+ if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ args = argv + 1;
+
+
+ while (*args) {
+ if (*args[0] == '-') {
+ if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+ else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+ else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+ else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+ else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+ else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+ else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+ else if (!strcmp (*args, "-info")) options |= INFO;
+ else if (!strcmp (*args, "-chain")) chain = 1;
+ else if (!strcmp (*args, "-twopass")) twopass = 1;
+ else if (!strcmp (*args, "-nomacver")) macver = 0;
+ else if (!strcmp (*args, "-descert"))
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else if (!strcmp (*args, "-export")) export_cert = 1;
+ else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+ else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_IDEA
+ else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp (*args, "-noiter")) iter = 1;
+ else if (!strcmp (*args, "-maciter"))
+ maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp (*args, "-nomaciter"))
+ maciter = 1;
+ else if (!strcmp (*args, "-nomac"))
+ maciter = -1;
+ else if (!strcmp (*args, "-nodes")) enc=NULL;
+ else if (!strcmp (*args, "-certpbe")) {
+ if (args[1]) {
+ args++;
+ if (!strcmp(*args, "NONE"))
+ cert_pbe = -1;
+ else
+ cert_pbe=OBJ_txt2nid(*args);
+ if(cert_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-keypbe")) {
+ if (args[1]) {
+ args++;
+ if (!strcmp(*args, "NONE"))
+ key_pbe = -1;
+ else
+ key_pbe=OBJ_txt2nid(*args);
+ if(key_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyname = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-name")) {
+ if (args[1]) {
+ args++;
+ name = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp (*args, "-CSP")) {
+ if (args[1]) {
+ args++;
+ csp_name = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-caname")) {
+ if (args[1]) {
+ args++;
+ if (!canames) canames = sk_new_null();
+ sk_push(canames, *args);
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp(*args,"-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else badarg = 1;
+ } else if (!strcmp(*args,"-passout")) {
+ if (args[1]) {
+ args++;
+ passargout = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-password")) {
+ if (args[1]) {
+ args++;
+ passarg = *args;
+ noprompt = 1;
+ } else badarg = 1;
+ } else if (!strcmp(*args,"-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else badarg = 1;
+ } else if (!strcmp(*args,"-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else badarg = 1;
+#ifndef OPENSSL_NO_ENGINE
+ } else if (!strcmp(*args,"-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else badarg = 1;
+#endif
+ } else badarg = 1;
+
+ } else badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-export output PKCS12 file\n");
+ BIO_printf (bio_err, "-chain add certificate chain\n");
+ BIO_printf (bio_err, "-inkey file private key if not infile\n");
+ BIO_printf (bio_err, "-certfile f add all certs in f\n");
+ BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
+ BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
+ BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
+ BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
+ BIO_printf (bio_err, "-in infile input filename\n");
+ BIO_printf (bio_err, "-out outfile output filename\n");
+ BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
+ BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
+ BIO_printf (bio_err, "-nocerts don't output certificates.\n");
+ BIO_printf (bio_err, "-clcerts only output client certificates.\n");
+ BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
+ BIO_printf (bio_err, "-nokeys don't output private keys.\n");
+ BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
+ BIO_printf (bio_err, "-des encrypt private keys with DES\n");
+ BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
+ BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
+ BIO_printf (bio_err, "-maciter use MAC iteration\n");
+ BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
+ BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
+ BIO_printf (bio_err, "-keyex set MS key exchange type\n");
+ BIO_printf (bio_err, "-keysig set MS key signature type\n");
+ BIO_printf (bio_err, "-password p set import/export password source\n");
+ BIO_printf (bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if(passarg) {
+ if(export_cert) passargout = passarg;
+ else passargin = passarg;
+ }
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if(!cpass) {
+ if(export_cert) cpass = passout;
+ else cpass = passin;
+ }
+
+ if(cpass) {
+ mpass = cpass;
+ noprompt = 1;
+ } else {
+ cpass = pass;
+ mpass = macpass;
+ }
+
+ if(export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+ ERR_load_crypto_strings();
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read files");
+#endif
+
+ if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else in = BIO_new_file(infile, "rb");
+ if (!in) {
+ BIO_printf(bio_err, "Error opening input file %s\n",
+ infile ? infile : "<stdin>");
+ perror (infile);
+ goto end;
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("write files");
+#endif
+
+ if (!outfile) {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else out = BIO_new_file(outfile, "wb");
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "<stdout>");
+ perror (outfile);
+ goto end;
+ }
+ if (twopass) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+#endif
+ if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
+ {
+ BIO_printf (bio_err, "Can't read Password\n");
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+ if (export_cert) {
+ EVP_PKEY *key = NULL;
+ X509 *ucert = NULL, *x = NULL;
+ STACK_OF(X509) *certs=NULL;
+ unsigned char *catmp = NULL;
+ int i;
+
+ if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
+ {
+ BIO_printf(bio_err, "Nothing to do!\n");
+ goto export_end;
+ }
+
+ if (options & NOCERTS)
+ chain = 0;
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("process -export_cert");
+ CRYPTO_push_info("reading private key");
+#endif
+ if (!(options & NOKEYS))
+ {
+ key = load_key(bio_err, keyname ? keyname : infile,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!key)
+ goto export_end;
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input");
+#endif
+
+ /* Load in all certs in input file */
+ if(!(options & NOCERTS))
+ {
+ certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates");
+ if (!certs)
+ goto export_end;
+
+ if (key)
+ {
+ /* Look for matching private key */
+ for(i = 0; i < sk_X509_num(certs); i++)
+ {
+ x = sk_X509_value(certs, i);
+ if(X509_check_private_key(x, key))
+ {
+ ucert = x;
+ /* Zero keyid and alias */
+ X509_keyid_set1(ucert, NULL, 0);
+ X509_alias_set1(ucert, NULL, 0);
+ /* Remove from list */
+ (void)sk_X509_delete(certs, i);
+ break;
+ }
+ }
+ if (!ucert)
+ {
+ BIO_printf(bio_err, "No certificate matches private key\n");
+ goto export_end;
+ }
+ }
+
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input 2");
+#endif
+
+ /* Add any more certificates asked for */
+ if(certfile)
+ {
+ STACK_OF(X509) *morecerts=NULL;
+ if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile")))
+ goto export_end;
+ while(sk_X509_num(morecerts) > 0)
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ sk_X509_free(morecerts);
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from certfile");
+#endif
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("building chain");
+#endif
+
+ /* If chaining get chain from user cert */
+ if (chain) {
+ int vret;
+ STACK_OF(X509) *chain2;
+ X509_STORE *store = X509_STORE_new();
+ if (!store)
+ {
+ BIO_printf (bio_err, "Memory allocation error\n");
+ goto export_end;
+ }
+ if (!X509_STORE_load_locations(store, CAfile, CApath))
+ X509_STORE_set_default_paths (store);
+
+ vret = get_cert_chain (ucert, store, &chain2);
+ X509_STORE_free(store);
+
+ if (!vret) {
+ /* Exclude verified certificate */
+ for (i = 1; i < sk_X509_num (chain2) ; i++)
+ sk_X509_push(certs, sk_X509_value (chain2, i));
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
+ if (vret >= 0)
+ BIO_printf (bio_err, "Error %s getting chain.\n",
+ X509_verify_cert_error_string(vret));
+ else
+ ERR_print_errors(bio_err);
+ goto export_end;
+ }
+ }
+
+ /* Add any CA names */
+
+ for (i = 0; i < sk_num(canames); i++)
+ {
+ catmp = (unsigned char *)sk_value(canames, i);
+ X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+ }
+
+ if (csp_name && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+ MBSTRING_ASC, (unsigned char *)csp_name, -1);
+
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading password");
+#endif
+
+ if(!noprompt &&
+ EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
+ {
+ BIO_printf (bio_err, "Can't read Password\n");
+ goto export_end;
+ }
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("creating PKCS#12 structure");
+#endif
+
+ p12 = PKCS12_create(cpass, name, key, ucert, certs,
+ key_pbe, cert_pbe, iter, -1, keytype);
+
+ if (!p12)
+ {
+ ERR_print_errors (bio_err);
+ goto export_end;
+ }
+
+ if (maciter != -1)
+ PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("writing pkcs12");
+#endif
+
+ i2d_PKCS12_bio(out, p12);
+
+ ret = 0;
+
+ export_end:
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_pop_info();
+ CRYPTO_push_info("process -export_cert: freeing");
+#endif
+
+ if (key) EVP_PKEY_free(key);
+ if (certs) sk_X509_pop_free(certs, X509_free);
+ if (ucert) X509_free(ucert);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ goto end;
+
+ }
+
+ if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read import password");
+#endif
+ if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
+ BIO_printf (bio_err, "Can't read Password\n");
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+
+ if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+ if(macver) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("verify MAC");
+#endif
+ /* If we enter empty password try no password first */
+ if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+ /* If mac and crypto pass the same set it to NULL too */
+ if(!twopass) cpass = NULL;
+ } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+ BIO_printf (bio_err, "Mac verify error: invalid password?\n");
+ ERR_print_errors (bio_err);
+ goto end;
+ }
+ BIO_printf (bio_err, "MAC verified OK\n");
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ }
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("output keys and certificates");
+#endif
+ if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
+ BIO_printf(bio_err, "Error outputting keys and certificates\n");
+ ERR_print_errors (bio_err);
+ goto end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ ret = 0;
+ end:
+ if (p12) PKCS12_free(p12);
+ if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_remove_all_info();
+#endif
+ BIO_free(in);
+ BIO_free_all(out);
+ if (canames) sk_free(canames);
+ if(passin) OPENSSL_free(passin);
+ if(passout) OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+ int passlen, int options, char *pempass)
+{
+ STACK_OF(PKCS7) *asafes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) *bags;
+ int i, bagnid;
+ int ret = 0;
+ PKCS7 *p7;
+
+ if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
+ for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+ p7 = sk_PKCS7_value (asafes, i);
+ bagnid = OBJ_obj2nid (p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = PKCS12_unpack_p7data(p7);
+ if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ if (options & INFO) {
+ BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+ alg_print(bio_err,
+ p7->d.encrypted->enc_data->algorithm);
+ }
+ bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+ } else continue;
+ if (!bags) goto err;
+ if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
+ options, pempass)) {
+ sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+ goto err;
+ }
+ sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+ }
+ ret = 1;
+
+ err:
+
+ if (asafes)
+ sk_PKCS7_pop_free (asafes, PKCS7_free);
+ return ret;
+}
+
+int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+ char *pass, int passlen, int options, char *pempass)
+{
+ int i;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
+ if (!dump_certs_pkeys_bag (out,
+ sk_PKCS12_SAFEBAG_value (bags, i),
+ pass, passlen,
+ options, pempass))
+ return 0;
+ }
+ return 1;
+}
+
+int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+ int passlen, int options, char *pempass)
+{
+ EVP_PKEY *pkey;
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509 *x509;
+
+ switch (M_PKCS12_bag_type(bag))
+ {
+ case NID_keyBag:
+ if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+ if (options & NOKEYS) return 1;
+ print_attribs (out, bag->attrib, "Bag Attributes");
+ p8 = bag->value.keybag;
+ if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+ print_attribs (out, p8->attributes, "Key Attributes");
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+ EVP_PKEY_free(pkey);
+ break;
+
+ case NID_pkcs8ShroudedKeyBag:
+ if (options & INFO) {
+ BIO_printf (bio_err, "Shrouded Keybag: ");
+ alg_print (bio_err, bag->value.shkeybag->algor);
+ }
+ if (options & NOKEYS) return 1;
+ print_attribs (out, bag->attrib, "Bag Attributes");
+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+ return 0;
+ if (!(pkey = EVP_PKCS82PKEY (p8))) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return 0;
+ }
+ print_attribs (out, p8->attributes, "Key Attributes");
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+ EVP_PKEY_free(pkey);
+ break;
+
+ case NID_certBag:
+ if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+ if (options & NOCERTS) return 1;
+ if (PKCS12_get_attr(bag, NID_localKeyID)) {
+ if (options & CACERTS) return 1;
+ } else if (options & CLCERTS) return 1;
+ print_attribs (out, bag->attrib, "Bag Attributes");
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+ return 1;
+ if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+ dump_cert_text (out, x509);
+ PEM_write_bio_X509 (out, x509);
+ X509_free(x509);
+ break;
+
+ case NID_safeContentsBag:
+ if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
+ print_attribs (out, bag->attrib, "Bag Attributes");
+ return dump_certs_pkeys_bags (out, bag->value.safes, pass,
+ passlen, options, pempass);
+
+ default:
+ BIO_printf (bio_err, "Warning unsupported bag type: ");
+ i2a_ASN1_OBJECT (bio_err, bag->type);
+ BIO_printf (bio_err, "\n");
+ return 1;
+ break;
+ }
+ return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+{
+ X509_STORE_CTX store_ctx;
+ STACK_OF(X509) *chn;
+ int i = 0;
+
+ /* FIXME: Should really check the return status of X509_STORE_CTX_init
+ * for an error, but how that fits into the return value of this
+ * function is less obvious. */
+ X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+ if (X509_verify_cert(&store_ctx) <= 0) {
+ i = X509_STORE_CTX_get_error (&store_ctx);
+ if (i == 0)
+ /* avoid returning 0 if X509_verify_cert() did not
+ * set an appropriate error value in the context */
+ i = -1;
+ chn = NULL;
+ goto err;
+ } else
+ chn = X509_STORE_CTX_get1_chain(&store_ctx);
+err:
+ X509_STORE_CTX_cleanup(&store_ctx);
+ *chain = chn;
+
+ return i;
+}
+
+int alg_print (BIO *x, X509_ALGOR *alg)
+{
+ PBEPARAM *pbe;
+ const unsigned char *p;
+ p = alg->parameter->value.sequence->data;
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ if (!pbe)
+ return 1;
+ BIO_printf (bio_err, "%s, Iteration %ld\n",
+ OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+ ASN1_INTEGER_get(pbe->iter));
+ PBEPARAM_free (pbe);
+ return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+ int ret;
+ X509 *cert;
+ ret = 0;
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("cert_load(): reading one cert");
+#endif
+ while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ ret = 1;
+ sk_X509_push(sk, cert);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("cert_load(): reading one cert");
+#endif
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
+ if(ret) ERR_clear_error();
+ return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
+{
+ X509_ATTRIBUTE *attr;
+ ASN1_TYPE *av;
+ char *value;
+ int i, attr_nid;
+ if(!attrlst) {
+ BIO_printf(out, "%s: <No Attributes>\n", name);
+ return 1;
+ }
+ if(!sk_X509_ATTRIBUTE_num(attrlst)) {
+ BIO_printf(out, "%s: <Empty Attributes>\n", name);
+ return 1;
+ }
+ BIO_printf(out, "%s\n", name);
+ for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+ attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+ attr_nid = OBJ_obj2nid(attr->object);
+ BIO_printf(out, " ");
+ if(attr_nid == NID_undef) {
+ i2a_ASN1_OBJECT (out, attr->object);
+ BIO_printf(out, ": ");
+ } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+ if(sk_ASN1_TYPE_num(attr->value.set)) {
+ av = sk_ASN1_TYPE_value(attr->value.set, 0);
+ switch(av->type) {
+ case V_ASN1_BMPSTRING:
+ value = uni2asc(av->value.bmpstring->data,
+ av->value.bmpstring->length);
+ BIO_printf(out, "%s\n", value);
+ OPENSSL_free(value);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ hex_prin(out, av->value.octet_string->data,
+ av->value.octet_string->length);
+ BIO_printf(out, "\n");
+ break;
+
+ case V_ASN1_BIT_STRING:
+ hex_prin(out, av->value.bit_string->data,
+ av->value.bit_string->length);
+ BIO_printf(out, "\n");
+ break;
+
+ default:
+ BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+ break;
+ }
+ } else BIO_printf(out, "<No Values>\n");
+ }
+ return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+ int i;
+ for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+}
+
+#endif
Added: vendor-crypto/openssl/dist/apps/pkcs7.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs7.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/pkcs7.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,315 @@
+/* apps/pkcs7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG pkcs7_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -print_certs
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ PKCS7 *p7=NULL;
+ int i,badops=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat;
+ char *infile,*outfile,*prog;
+ int print_certs=0,text=0,noout=0;
+ int ret=1;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-print_certs") == 0)
+ print_certs=1;
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
+ BIO_printf(bio_err," -text print full details of certificates\n");
+ BIO_printf(bio_err," -noout don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ ret = 1;
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ if (in == NULL)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ p7=d2i_PKCS7_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
+ goto end;
+ }
+ if (p7 == NULL)
+ {
+ BIO_printf(bio_err,"unable to load PKCS7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (print_certs)
+ {
+ STACK_OF(X509) *certs=NULL;
+ STACK_OF(X509_CRL) *crls=NULL;
+
+ i=OBJ_obj2nid(p7->type);
+ switch (i)
+ {
+ case NID_pkcs7_signed:
+ certs=p7->d.sign->cert;
+ crls=p7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ certs=p7->d.signed_and_enveloped->cert;
+ crls=p7->d.signed_and_enveloped->crl;
+ break;
+ default:
+ break;
+ }
+
+ if (certs != NULL)
+ {
+ X509 *x;
+
+ for (i=0; i<sk_X509_num(certs); i++)
+ {
+ x=sk_X509_value(certs,i);
+ if(text) X509_print(out, x);
+ else dump_cert_text(out, x);
+
+ if(!noout) PEM_write_bio_X509(out,x);
+ BIO_puts(out,"\n");
+ }
+ }
+ if (crls != NULL)
+ {
+ X509_CRL *crl;
+
+ for (i=0; i<sk_X509_CRL_num(crls); i++)
+ {
+ crl=sk_X509_CRL_value(crls,i);
+
+ X509_CRL_print(out, crl);
+
+ if(!noout)PEM_write_bio_X509_CRL(out,crl);
+ BIO_puts(out,"\n");
+ }
+ }
+
+ ret=0;
+ goto end;
+ }
+
+ if(!noout) {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_PKCS7_bio(out,p7);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_PKCS7(out,p7);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (p7 != NULL) PKCS7_free(p7);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
Added: vendor-crypto/openssl/dist/apps/pkcs8.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs8.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/pkcs8.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,460 @@
+/* pkcs8.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+#define PROG pkcs8_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char **args, *infile = NULL, *outfile = NULL;
+ char *passargin = NULL, *passargout = NULL;
+ BIO *in = NULL, *out = NULL;
+ int topk8 = 0;
+ int pbe_nid = -1;
+ const EVP_CIPHER *cipher = NULL;
+ int iter = PKCS12_DEFAULT_ITER;
+ int informat, outformat;
+ int p8_broken = PKCS8_OK;
+ int nocrypt = 0;
+ X509_SIG *p8;
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ EVP_PKEY *pkey=NULL;
+ char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
+ int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp(*args,"-v2"))
+ {
+ if (args[1])
+ {
+ args++;
+ cipher=EVP_get_cipherbyname(*args);
+ if (!cipher)
+ {
+ BIO_printf(bio_err,
+ "Unknown cipher %s\n", *args);
+ badarg = 1;
+ }
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp(*args,"-v1"))
+ {
+ if (args[1])
+ {
+ args++;
+ pbe_nid=OBJ_txt2nid(*args);
+ if (pbe_nid == NID_undef)
+ {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp(*args,"-inform"))
+ {
+ if (args[1])
+ {
+ args++;
+ informat=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args,"-outform"))
+ {
+ if (args[1])
+ {
+ args++;
+ outformat=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-topk8"))
+ topk8 = 1;
+ else if (!strcmp (*args, "-noiter"))
+ iter = 1;
+ else if (!strcmp (*args, "-nocrypt"))
+ nocrypt = 1;
+ else if (!strcmp (*args, "-nooct"))
+ p8_broken = PKCS8_NO_OCTET;
+ else if (!strcmp (*args, "-nsdb"))
+ p8_broken = PKCS8_NS_DB;
+ else if (!strcmp (*args, "-embed"))
+ p8_broken = PKCS8_EMBEDDED_PARAM;
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1]) goto bad;
+ passargin= *(++args);
+ }
+ else if (!strcmp(*args,"-passout"))
+ {
+ if (!args[1]) goto bad;
+ passargout= *(++args);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1]) goto bad;
+ engine= *(++args);
+ }
+#endif
+ else if (!strcmp (*args, "-in"))
+ {
+ if (args[1])
+ {
+ args++;
+ infile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+ else badarg = 1;
+ args++;
+ }
+
+ if (badarg)
+ {
+ bad:
+ BIO_printf(bio_err, "Usage pkcs8 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
+ BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
+ BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
+ BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
+ BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
+ BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
+ BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
+ BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
+ BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ return 1;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+ {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ return 1;
+ }
+
+ if ((pbe_nid == -1) && !cipher)
+ pbe_nid = NID_pbeWithMD5AndDES_CBC;
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file(infile, "rb")))
+ {
+ BIO_printf(bio_err,
+ "Can't open input file %s\n", infile);
+ return (1);
+ }
+ }
+ else
+ in = BIO_new_fp (stdin, BIO_NOCLOSE);
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file (outfile, "wb")))
+ {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
+ return (1);
+ }
+ }
+ else
+ {
+ out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (topk8)
+ {
+ BIO_free(in); /* Not needed in this section */
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "key");
+ if (!pkey)
+ {
+ BIO_free_all(out);
+ return 1;
+ }
+ if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
+ {
+ BIO_printf(bio_err, "Error converting key\n");
+ ERR_print_errors(bio_err);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return 1;
+ }
+ if (nocrypt)
+ {
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ }
+ else
+ {
+ if (passout)
+ p8pass = passout;
+ else
+ {
+ p8pass = pass;
+ if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
+ {
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ }
+ app_RAND_load_file(NULL, bio_err, 0);
+ if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+ p8pass, strlen(p8pass),
+ NULL, 0, iter, p8inf)))
+ {
+ BIO_printf(bio_err, "Error encrypting key\n");
+ ERR_print_errors(bio_err);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ app_RAND_write_file(NULL, bio_err);
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS8(out, p8);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS8_bio(out, p8);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ X509_SIG_free(p8);
+ }
+
+ PKCS8_PRIV_KEY_INFO_free (p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ return (0);
+ }
+
+ if (nocrypt)
+ {
+ if (informat == FORMAT_PEM)
+ p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+ }
+ else
+ {
+ if (informat == FORMAT_PEM)
+ p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p8 = d2i_PKCS8_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+
+ if (!p8)
+ {
+ BIO_printf (bio_err, "Error reading key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+ if (passin)
+ p8pass = passin;
+ else
+ {
+ p8pass = pass;
+ EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+ }
+ p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+ X509_SIG_free(p8);
+ }
+
+ if (!p8inf)
+ {
+ BIO_printf(bio_err, "Error decrypting key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+
+ if (!(pkey = EVP_PKCS82PKEY(p8inf)))
+ {
+ BIO_printf(bio_err, "Error converting key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+
+ if (p8inf->broken)
+ {
+ BIO_printf(bio_err, "Warning: broken key encoding: ");
+ switch (p8inf->broken)
+ {
+ case PKCS8_NO_OCTET:
+ BIO_printf(bio_err, "No Octet String in PrivateKey\n");
+ break;
+
+ case PKCS8_EMBEDDED_PARAM:
+ BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
+ break;
+
+ case PKCS8_NS_DB:
+ BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
+ break;
+
+ default:
+ BIO_printf(bio_err, "Unknown broken type\n");
+ break;
+ }
+ }
+
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PrivateKey_bio(out, pkey);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+
+ end:
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ BIO_free(in);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+
+ return (0);
+ }
Added: vendor-crypto/openssl/dist/apps/prime.c
===================================================================
--- vendor-crypto/openssl/dist/apps/prime.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/prime.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,130 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include <openssl/bn.h>
+
+
+#undef PROG
+#define PROG prime_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int hex=0;
+ int checks=20;
+ BIGNUM *bn=NULL;
+ BIO *bio_out;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ --argc;
+ ++argv;
+ while (argc >= 1 && **argv == '-')
+ {
+ if(!strcmp(*argv,"-hex"))
+ hex=1;
+ else if(!strcmp(*argv,"-checks"))
+ if(--argc < 1)
+ goto bad;
+ else
+ checks=atoi(*++argv);
+ else
+ {
+ BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
+ goto bad;
+ }
+ --argc;
+ ++argv;
+ }
+
+ if (argv[0] == NULL)
+ {
+ BIO_printf(bio_err,"No prime specified\n");
+ goto bad;
+ }
+
+ if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+ {
+ BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+ }
+
+ if(hex)
+ BN_hex2bn(&bn,argv[0]);
+ else
+ BN_dec2bn(&bn,argv[0]);
+
+ BN_print(bio_out,bn);
+ BIO_printf(bio_out," is %sprime\n",
+ BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
+
+ BN_free(bn);
+ BIO_free_all(bio_out);
+
+ return 0;
+
+ bad:
+ BIO_printf(bio_err,"options are\n");
+ BIO_printf(bio_err,"%-14s hex\n","-hex");
+ BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
+ return 1;
+ }
Added: vendor-crypto/openssl/dist/apps/privkey.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/privkey.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/privkey.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
+
+6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
+Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
+F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
+XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
+jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
+vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
+JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
+PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
+POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
+gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
+8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
+Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
+dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/progs.h
===================================================================
--- vendor-crypto/openssl/dist/apps/progs.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/progs.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,343 @@
+/* apps/progs.h */
+/* automatically generated by progs.pl for openssl.c */
+
+extern int verify_main(int argc,char *argv[]);
+extern int asn1parse_main(int argc,char *argv[]);
+extern int req_main(int argc,char *argv[]);
+extern int dgst_main(int argc,char *argv[]);
+extern int dh_main(int argc,char *argv[]);
+extern int dhparam_main(int argc,char *argv[]);
+extern int enc_main(int argc,char *argv[]);
+extern int passwd_main(int argc,char *argv[]);
+extern int gendh_main(int argc,char *argv[]);
+extern int errstr_main(int argc,char *argv[]);
+extern int ca_main(int argc,char *argv[]);
+extern int crl_main(int argc,char *argv[]);
+extern int rsa_main(int argc,char *argv[]);
+extern int rsautl_main(int argc,char *argv[]);
+extern int dsa_main(int argc,char *argv[]);
+extern int dsaparam_main(int argc,char *argv[]);
+extern int ec_main(int argc,char *argv[]);
+extern int ecparam_main(int argc,char *argv[]);
+extern int x509_main(int argc,char *argv[]);
+extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
+extern int s_server_main(int argc,char *argv[]);
+extern int s_client_main(int argc,char *argv[]);
+extern int speed_main(int argc,char *argv[]);
+extern int s_time_main(int argc,char *argv[]);
+extern int version_main(int argc,char *argv[]);
+extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
+extern int crl2pkcs7_main(int argc,char *argv[]);
+extern int sess_id_main(int argc,char *argv[]);
+extern int ciphers_main(int argc,char *argv[]);
+extern int nseq_main(int argc,char *argv[]);
+extern int pkcs12_main(int argc,char *argv[]);
+extern int pkcs8_main(int argc,char *argv[]);
+extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
+extern int rand_main(int argc,char *argv[]);
+extern int engine_main(int argc,char *argv[]);
+extern int ocsp_main(int argc,char *argv[]);
+extern int prime_main(int argc,char *argv[]);
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ const char *name;
+ int (*func)(int argc,char *argv[]);
+ } FUNCTION;
+
+FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL,"verify",verify_main},
+ {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
+ {FUNC_TYPE_GENERAL,"req",req_main},
+ {FUNC_TYPE_GENERAL,"dgst",dgst_main},
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL,"dh",dh_main},
+#endif
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
+#endif
+ {FUNC_TYPE_GENERAL,"enc",enc_main},
+ {FUNC_TYPE_GENERAL,"passwd",passwd_main},
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL,"gendh",gendh_main},
+#endif
+ {FUNC_TYPE_GENERAL,"errstr",errstr_main},
+ {FUNC_TYPE_GENERAL,"ca",ca_main},
+ {FUNC_TYPE_GENERAL,"crl",crl_main},
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL,"rsa",rsa_main},
+#endif
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL,"dsa",dsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
+#endif
+#ifndef OPENSSL_NO_EC
+ {FUNC_TYPE_GENERAL,"ec",ec_main},
+#endif
+#ifndef OPENSSL_NO_EC
+ {FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
+#endif
+ {FUNC_TYPE_GENERAL,"x509",x509_main},
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL,"s_server",s_server_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL,"s_client",s_client_main},
+#endif
+#ifndef OPENSSL_NO_SPEED
+ {FUNC_TYPE_GENERAL,"speed",speed_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL,"s_time",s_time_main},
+#endif
+ {FUNC_TYPE_GENERAL,"version",version_main},
+ {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+ {FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
+ {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
+ {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
+#endif
+ {FUNC_TYPE_GENERAL,"nseq",nseq_main},
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+ {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
+#endif
+ {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
+ {FUNC_TYPE_GENERAL,"spkac",spkac_main},
+ {FUNC_TYPE_GENERAL,"smime",smime_main},
+ {FUNC_TYPE_GENERAL,"rand",rand_main},
+#ifndef OPENSSL_NO_ENGINE
+ {FUNC_TYPE_GENERAL,"engine",engine_main},
+#endif
+ {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+ {FUNC_TYPE_GENERAL,"prime",prime_main},
+#ifndef OPENSSL_NO_MD2
+ {FUNC_TYPE_MD,"md2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+ {FUNC_TYPE_MD,"md4",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
+ {FUNC_TYPE_MD,"md5",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
+ {FUNC_TYPE_MD,"sha",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
+ {FUNC_TYPE_MD,"sha1",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
+ {FUNC_TYPE_MD,"mdc2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+ {FUNC_TYPE_MD,"rmd160",dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
+#endif
+ {FUNC_TYPE_CIPHER,"base64",enc_main},
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des3",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"desx",enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+ {FUNC_TYPE_CIPHER,"rc4",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+ {FUNC_TYPE_CIPHER,"rc4-40",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER,"bf",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER,"rc5",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
+#endif
+ {0,NULL,NULL}
+ };
Added: vendor-crypto/openssl/dist/apps/progs.pl
===================================================================
--- vendor-crypto/openssl/dist/apps/progs.pl (rev 0)
+++ vendor-crypto/openssl/dist/apps/progs.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,95 @@
+#!/usr/local/bin/perl
+
+print "/* apps/progs.h */\n";
+print "/* automatically generated by progs.pl for openssl.c */\n\n";
+
+grep(s/^asn1pars$/asn1parse/, at ARGV);
+
+foreach (@ARGV)
+ { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+
+print <<'EOF';
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ const char *name;
+ int (*func)(int argc,char *argv[]);
+ } FUNCTION;
+
+FUNCTION functions[] = {
+EOF
+
+foreach (@ARGV)
+ {
+ push(@files,$_);
+ $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+ if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
+ { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^speed$/))
+ { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^engine$/))
+ { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
+ { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
+ { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
+ { print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
+ elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
+ { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^pkcs12$/))
+ { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^cms$/))
+ { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
+ else
+ { print $str; }
+ }
+
+foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
+ {
+ push(@files,$_);
+ printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+ }
+
+foreach (
+ "aes-128-cbc", "aes-128-ecb",
+ "aes-192-cbc", "aes-192-ecb",
+ "aes-256-cbc", "aes-256-ecb",
+ "camellia-128-cbc", "camellia-128-ecb",
+ "camellia-192-cbc", "camellia-192-ecb",
+ "camellia-256-cbc", "camellia-256-ecb",
+ "base64",
+ "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
+ "rc2", "bf", "cast", "rc5",
+ "des-ecb", "des-ede", "des-ede3",
+ "des-cbc", "des-ede-cbc","des-ede3-cbc",
+ "des-cfb", "des-ede-cfb","des-ede3-cfb",
+ "des-ofb", "des-ede-ofb","des-ede3-ofb",
+ "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+ "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
+ "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
+ "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
+ "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+ "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
+ {
+ push(@files,$_);
+
+ $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+ if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
+ elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
+ elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
+ elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
+ elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
+ elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
+ elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
+ elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
+ elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
+ elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
+ print $t;
+ }
+
+print "\t{0,NULL,NULL}\n\t};\n";
Added: vendor-crypto/openssl/dist/apps/rand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rand.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/rand.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,245 @@
+/* apps/rand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#undef PROG
+#define PROG rand_main
+
+/* -out file - write to file
+ * -rand file:file - PRNG seed files
+ * -base64 - base64 encode output
+ * -hex - hex encode output
+ * num - write 'num' bytes
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i, r, ret = 1;
+ int badopt;
+ char *outfile = NULL;
+ char *inrand = NULL;
+ int base64 = 0;
+ int hex = 0;
+ BIO *out = NULL;
+ int num = -1;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+
+ badopt = 0;
+ i = 0;
+ while (!badopt && argv[++i] != NULL)
+ {
+ if (strcmp(argv[i], "-out") == 0)
+ {
+ if ((argv[i+1] != NULL) && (outfile == NULL))
+ outfile = argv[++i];
+ else
+ badopt = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(argv[i], "-engine") == 0)
+ {
+ if ((argv[i+1] != NULL) && (engine == NULL))
+ engine = argv[++i];
+ else
+ badopt = 1;
+ }
+#endif
+ else if (strcmp(argv[i], "-rand") == 0)
+ {
+ if ((argv[i+1] != NULL) && (inrand == NULL))
+ inrand = argv[++i];
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-base64") == 0)
+ {
+ if (!base64)
+ base64 = 1;
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-hex") == 0)
+ {
+ if (!hex)
+ hex = 1;
+ else
+ badopt = 1;
+ }
+ else if (isdigit((unsigned char)argv[i][0]))
+ {
+ if (num < 0)
+ {
+ r = sscanf(argv[i], "%d", &num);
+ if (r == 0 || num < 0)
+ badopt = 1;
+ }
+ else
+ badopt = 1;
+ }
+ else
+ badopt = 1;
+ }
+
+ if (hex && base64)
+ badopt = 1;
+
+ if (num < 0)
+ badopt = 1;
+
+ if (badopt)
+ {
+ BIO_printf(bio_err, "Usage: rand [options] num\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-out file - write to file\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "-base64 - base64 encode output\n");
+ BIO_printf(bio_err, "-hex - hex encode output\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ if (outfile != NULL)
+ r = BIO_write_filename(out, outfile);
+ else
+ {
+ r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (r <= 0)
+ goto err;
+
+ if (base64)
+ {
+ BIO *b64 = BIO_new(BIO_f_base64());
+ if (b64 == NULL)
+ goto err;
+ out = BIO_push(b64, out);
+ }
+
+ while (num > 0)
+ {
+ unsigned char buf[4096];
+ int chunk;
+
+ chunk = num;
+ if (chunk > (int)sizeof(buf))
+ chunk = sizeof buf;
+ r = RAND_bytes(buf, chunk);
+ if (r <= 0)
+ goto err;
+ if (!hex)
+ BIO_write(out, buf, chunk);
+ else
+ {
+ for (i = 0; i < chunk; i++)
+ BIO_printf(out, "%02x", buf[i]);
+ }
+ num -= chunk;
+ }
+ if (hex)
+ BIO_puts(out, "\n");
+ (void)BIO_flush(out);
+
+ app_RAND_write_file(NULL, bio_err);
+ ret = 0;
+
+err:
+ ERR_print_errors(bio_err);
+ if (out)
+ BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
Added: vendor-crypto/openssl/dist/apps/req.c
===================================================================
--- vendor-crypto/openssl/dist/apps/req.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/req.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1704 @@
+/* apps/req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#define SECTION "req"
+
+#define BITS "default_bits"
+#define KEYFILE "default_keyfile"
+#define PROMPT "prompt"
+#define DISTINGUISHED_NAME "distinguished_name"
+#define ATTRIBUTES "attributes"
+#define V3_EXTENSIONS "x509_extensions"
+#define REQ_EXTENSIONS "req_extensions"
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
+
+#define DEFAULT_KEY_LENGTH 512
+#define MIN_KEY_LENGTH 384
+
+#undef PROG
+#define PROG req_main
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -verify - check request signature
+ * -noout - don't print stuff out.
+ * -text - print out human readable text.
+ * -nodes - no des encryption
+ * -config file - Load configuration file.
+ * -key file - make a request using key in file (or use it for verification).
+ * -keyform arg - key file format.
+ * -rand file(s) - load the file(s) into the PRNG.
+ * -newkey - make a key and a request.
+ * -modulus - print RSA modulus.
+ * -pubkey - output Public Key.
+ * -x509 - output a self signed X509 structure instead.
+ * -asn1-kludge - output new certificate request in a format that some CA's
+ * require. This format is wrong
+ */
+
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
+ int attribs,unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
+ int multirdn);
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+ STACK_OF(CONF_VALUE) *attr, int attribs,
+ unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype);
+static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+ int nid,int n_min,int n_max, unsigned long chtype, int mval);
+#ifndef OPENSSL_NO_RSA
+static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
+#endif
+static int req_check_len(int len,int n_min,int n_max);
+static int check_end(const char *str, const char *end);
+#ifndef MONOLITH
+static char *default_config_file=NULL;
+#endif
+static CONF *req_conf=NULL;
+static int batch=0;
+
+#define TYPE_RSA 1
+#define TYPE_DSA 2
+#define TYPE_DH 3
+#define TYPE_EC 4
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa_params=NULL;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EC_KEY *ec_params = NULL;
+#endif
+ unsigned long nmflag = 0, reqflag = 0;
+ int ex=1,x509=0,days=30;
+ X509 *x509ss=NULL;
+ X509_REQ *req=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+ long newkey = -1;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
+ int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
+ char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ char *extensions = NULL;
+ char *req_exts = NULL;
+ const EVP_CIPHER *cipher=NULL;
+ ASN1_INTEGER *serial = NULL;
+ int modulus=0;
+ char *inrand=NULL;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *p;
+ char *subj = NULL;
+ int multirdn = 0;
+ const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
+ unsigned long chtype = MBSTRING_ASC;
+#ifndef MONOLITH
+ char *to_free;
+ long errline;
+#endif
+
+ req_conf = NULL;
+#ifndef OPENSSL_NO_DES
+ cipher=EVP_des_ede3_cbc();
+#endif
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-pubkey") == 0)
+ {
+ pubkey=1;
+ }
+ else if (strcmp(*argv,"-new") == 0)
+ {
+ newreq=1;
+ }
+ else if (strcmp(*argv,"-config") == 0)
+ {
+ if (--argc < 1) goto bad;
+ template= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyout= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (strcmp(*argv,"-newkey") == 0)
+ {
+ int is_numeric;
+
+ if (--argc < 1) goto bad;
+ p= *(++argv);
+ is_numeric = p[0] >= '0' && p[0] <= '9';
+ if (strncmp("rsa:",p,4) == 0 || is_numeric)
+ {
+ pkey_type=TYPE_RSA;
+ if(!is_numeric)
+ p+=4;
+ newkey= atoi(p);
+ }
+ else
+#ifndef OPENSSL_NO_DSA
+ if (strncmp("dsa:",p,4) == 0)
+ {
+ X509 *xtmp=NULL;
+ EVP_PKEY *dtmp;
+
+ pkey_type=TYPE_DSA;
+ p+=4;
+ if ((in=BIO_new_file(p,"r")) == NULL)
+ {
+ perror(p);
+ goto end;
+ }
+ if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
+ {
+ ERR_clear_error();
+ (void)BIO_reset(in);
+ if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters from file\n");
+ goto end;
+ }
+
+ if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
+ if (dtmp->type == EVP_PKEY_DSA)
+ dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+ EVP_PKEY_free(dtmp);
+ X509_free(xtmp);
+ if (dsa_params == NULL)
+ {
+ BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
+ goto end;
+ }
+ }
+ BIO_free(in);
+ in=NULL;
+ newkey=BN_num_bits(dsa_params->p);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (strncmp("ec:",p,3) == 0)
+ {
+ X509 *xtmp=NULL;
+ EVP_PKEY *dtmp;
+ EC_GROUP *group;
+
+ pkey_type=TYPE_EC;
+ p+=3;
+ if ((in=BIO_new_file(p,"r")) == NULL)
+ {
+ perror(p);
+ goto end;
+ }
+ if ((ec_params = EC_KEY_new()) == NULL)
+ goto end;
+ group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+ if (group == NULL)
+ {
+ EC_KEY_free(ec_params);
+ ERR_clear_error();
+ (void)BIO_reset(in);
+ if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to load EC parameters from file\n");
+ goto end;
+ }
+
+ if ((dtmp=X509_get_pubkey(xtmp))==NULL)
+ goto end;
+ if (dtmp->type == EVP_PKEY_EC)
+ ec_params = EC_KEY_dup(dtmp->pkey.ec);
+ EVP_PKEY_free(dtmp);
+ X509_free(xtmp);
+ if (ec_params == NULL)
+ {
+ BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
+ goto end;
+ }
+ }
+ else
+ {
+ if (EC_KEY_set_group(ec_params, group) == 0)
+ goto end;
+ EC_GROUP_free(group);
+ }
+
+ BIO_free(in);
+ in=NULL;
+ newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (strncmp("dh:",p,4) == 0)
+ {
+ pkey_type=TYPE_DH;
+ p+=3;
+ }
+ else
+#endif
+ {
+ goto bad;
+ }
+
+ newreq=1;
+ }
+ else if (strcmp(*argv,"-batch") == 0)
+ batch=1;
+ else if (strcmp(*argv,"-newhdr") == 0)
+ newhdr=1;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if (strcmp(*argv,"-verify") == 0)
+ verify=1;
+ else if (strcmp(*argv,"-nodes") == 0)
+ nodes=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-verbose") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-reqopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-subject") == 0)
+ subject=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-x509") == 0)
+ x509=1;
+ else if (strcmp(*argv,"-asn1-kludge") == 0)
+ kludge=1;
+ else if (strcmp(*argv,"-no-asn1-kludge") == 0)
+ kludge=0;
+ else if (strcmp(*argv,"-subj") == 0)
+ {
+ if (--argc < 1) goto bad;
+ subj= *(++argv);
+ }
+ else if (strcmp(*argv,"-multivalue-rdn") == 0)
+ multirdn=1;
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days= atoi(*(++argv));
+ if (days == 0) days=30;
+ }
+ else if (strcmp(*argv,"-set_serial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+ if (!serial) goto bad;
+ }
+ else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ {
+ /* ok */
+ digest=md_alg;
+ }
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions = *(++argv);
+ }
+ else if (strcmp(*argv,"-reqexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ req_exts = *(++argv);
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -text text form of request\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
+ BIO_printf(bio_err," -noout do not output REQ\n");
+ BIO_printf(bio_err," -verify verify signature on REQ\n");
+ BIO_printf(bio_err," -modulus RSA modulus\n");
+ BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
+#endif
+ BIO_printf(bio_err," -subject output the request's subject\n");
+ BIO_printf(bio_err," -passin private key password source\n");
+ BIO_printf(bio_err," -key file use the private key contained in file\n");
+ BIO_printf(bio_err," -keyform arg key file format\n");
+ BIO_printf(bio_err," -keyout arg file to send the key to\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+ BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+#ifndef OPENSSL_NO_ECDSA
+ BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+#endif
+ BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+ BIO_printf(bio_err," -config file request template file.\n");
+ BIO_printf(bio_err," -subj arg set or modify request subject\n");
+ BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
+ BIO_printf(bio_err," -new new request.\n");
+ BIO_printf(bio_err," -batch do not ask anything during request generation\n");
+ BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
+ BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
+ BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
+ BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
+ BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
+ BIO_printf(bio_err," have been reported as requiring\n");
+ BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+ BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
+ BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
+ BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
+ /* Lets load up our environment a little */
+ p=getenv("OPENSSL_CONF");
+ if (p == NULL)
+ p=getenv("SSLEAY_CONF");
+ if (p == NULL)
+ p=to_free=make_config_name();
+ default_config_file=p;
+ config=NCONF_new(NULL);
+ i=NCONF_load(config, p, &errline);
+#endif
+
+ if (template != NULL)
+ {
+ long errline = -1;
+
+ if( verbose )
+ BIO_printf(bio_err,"Using configuration from %s\n",template);
+ req_conf=NCONF_new(NULL);
+ i=NCONF_load(req_conf,template,&errline);
+ if (i == 0)
+ {
+ BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
+ goto end;
+ }
+ }
+ else
+ {
+ req_conf=config;
+
+ if (req_conf == NULL)
+ {
+ BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
+ if (newreq)
+ goto end;
+ }
+ else if( verbose )
+ BIO_printf(bio_err,"Using configuration from %s\n",
+ default_config_file);
+ }
+
+ if (req_conf != NULL)
+ {
+ if (!load_config(bio_err, req_conf))
+ goto end;
+ p=NCONF_get_string(req_conf,NULL,"oid_file");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL)
+ {
+ BIO *oid_bio;
+
+ oid_bio=BIO_new_file(p,"r");
+ if (oid_bio == NULL)
+ {
+ /*
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ }
+ else
+ {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ }
+ if(!add_oid_section(bio_err, req_conf)) goto end;
+
+ if (md_alg == NULL)
+ {
+ p=NCONF_get_string(req_conf,SECTION,"default_md");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL)
+ {
+ if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+ digest=md_alg;
+ }
+ }
+
+ if (!extensions)
+ {
+ extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n", extensions);
+ goto end;
+ }
+ }
+
+ if(!passin)
+ {
+ passin = NCONF_get_string(req_conf, SECTION, "input_password");
+ if (!passin)
+ ERR_clear_error();
+ }
+
+ if(!passout)
+ {
+ passout = NCONF_get_string(req_conf, SECTION, "output_password");
+ if (!passout)
+ ERR_clear_error();
+ }
+
+ p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+ if (!p)
+ ERR_clear_error();
+
+ if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+ goto end;
+ }
+
+ if (chtype != MBSTRING_UTF8)
+ {
+ p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+ if (!p)
+ ERR_clear_error();
+ else if (!strcmp(p, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+
+ if(!req_exts)
+ {
+ req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if (!req_exts)
+ ERR_clear_error();
+ }
+ if(req_exts) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading request extension section %s\n",
+ req_exts);
+ goto end;
+ }
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (keyfile != NULL)
+ {
+ pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "Private Key");
+ if (!pkey)
+ {
+ /* load_key() has already printed an appropriate
+ message */
+ goto end;
+ }
+ else
+ {
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+ }
+ }
+
+ if (newreq && (pkey == NULL))
+ {
+#ifndef OPENSSL_NO_RSA
+ BN_GENCB cb;
+#endif
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+ if (inrand)
+ app_RAND_load_files(inrand);
+
+ if (newkey <= 0)
+ {
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
+ if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
+ {
+ BIO_printf(bio_err,"private key length is too short,\n");
+ BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
+ goto end;
+ }
+ BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
+ newkey,(pkey_type == TYPE_RSA)?"RSA":
+ (pkey_type == TYPE_DSA)?"DSA":"EC");
+
+ if ((pkey=EVP_PKEY_new()) == NULL) goto end;
+
+#ifndef OPENSSL_NO_RSA
+ BN_GENCB_set(&cb, req_cb, bio_err);
+ if (pkey_type == TYPE_RSA)
+ {
+ RSA *rsa = RSA_new();
+ BIGNUM *bn = BN_new();
+ if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
+ !RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
+ !EVP_PKEY_assign_RSA(pkey, rsa))
+ {
+ if(bn) BN_free(bn);
+ if(rsa) RSA_free(rsa);
+ goto end;
+ }
+ BN_free(bn);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey_type == TYPE_DSA)
+ {
+ if (!DSA_generate_key(dsa_params)) goto end;
+ if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
+ dsa_params=NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey_type == TYPE_EC)
+ {
+ if (!EC_KEY_generate_key(ec_params)) goto end;
+ if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
+ goto end;
+ ec_params = NULL;
+ }
+#endif
+
+ app_RAND_write_file(randfile, bio_err);
+
+ if (pkey == NULL) goto end;
+
+ if (keyout == NULL)
+ {
+ keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
+ if (keyout == NULL)
+ ERR_clear_error();
+ }
+
+ if (keyout == NULL)
+ {
+ BIO_printf(bio_err,"writing new private key to stdout\n");
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
+ if (BIO_write_filename(out,keyout) <= 0)
+ {
+ perror(keyout);
+ goto end;
+ }
+ }
+
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+ if (p == NULL)
+ {
+ ERR_clear_error();
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
+ if (p == NULL)
+ ERR_clear_error();
+ }
+ if ((p != NULL) && (strcmp(p,"no") == 0))
+ cipher=NULL;
+ if (nodes) cipher=NULL;
+
+ i=0;
+loop:
+ if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
+ NULL,0,NULL,passout))
+ {
+ if ((ERR_GET_REASON(ERR_peek_error()) ==
+ PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
+ {
+ ERR_clear_error();
+ i++;
+ goto loop;
+ }
+ goto end;
+ }
+ BIO_printf(bio_err,"-----\n");
+ }
+
+ if (!newreq)
+ {
+ /* Since we are using a pre-existing certificate
+ * request, the kludge 'format' info should not be
+ * changed. */
+ kludge= -1;
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ req=d2i_X509_REQ_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for X509 request\n");
+ goto end;
+ }
+ if (req == NULL)
+ {
+ BIO_printf(bio_err,"unable to load X509 request\n");
+ goto end;
+ }
+ }
+
+ if (newreq || x509)
+ {
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"you need to specify a private key\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ digest=EVP_ecdsa();
+#endif
+ if (req == NULL)
+ {
+ req=X509_REQ_new();
+ if (req == NULL)
+ {
+ goto end;
+ }
+
+ i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
+ subj=NULL; /* done processing '-subj' option */
+ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+ {
+ sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+ req->req_info->attributes = NULL;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"problems making Certificate Request\n");
+ goto end;
+ }
+ }
+ if (x509)
+ {
+ EVP_PKEY *tmppkey;
+ X509V3_CTX ext_ctx;
+ if ((x509ss=X509_new()) == NULL) goto end;
+
+ /* Set version to V3 */
+ if(extensions && !X509_set_version(x509ss, 2)) goto end;
+ if (serial)
+ {
+ if (!X509_set_serialNumber(x509ss, serial)) goto end;
+ }
+ else
+ {
+ if (!rand_serial(NULL,
+ X509_get_serialNumber(x509ss)))
+ goto end;
+ }
+
+ if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+ if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
+ if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
+ if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+ tmppkey = X509_REQ_get_pubkey(req);
+ if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+ EVP_PKEY_free(tmppkey);
+
+ /* Set up V3 context struct */
+
+ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+ X509V3_set_nconf(&ext_ctx, req_conf);
+
+ /* Add extensions */
+ if(extensions && !X509V3_EXT_add_nconf(req_conf,
+ &ext_ctx, extensions, x509ss))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ goto end;
+ }
+
+ if (!(i=X509_sign(x509ss,pkey,digest)))
+ goto end;
+ }
+ else
+ {
+ X509V3_CTX ext_ctx;
+
+ /* Set up V3 context struct */
+
+ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+ X509V3_set_nconf(&ext_ctx, req_conf);
+
+ /* Add extensions */
+ if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
+ &ext_ctx, req_exts, req))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ req_exts);
+ goto end;
+ }
+ if (!(i=X509_REQ_sign(req,pkey,digest)))
+ goto end;
+ }
+ }
+
+ if (subj && x509)
+ {
+ BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+ goto end;
+ }
+
+ if (subj && !x509)
+ {
+ if (verbose)
+ {
+ BIO_printf(bio_err, "Modifying Request's Subject\n");
+ print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+ }
+
+ if (build_subject(req, subj, chtype, multirdn) == 0)
+ {
+ BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+ ex=1;
+ goto end;
+ }
+
+ req->req_info->enc.modified = 1;
+
+ if (verbose)
+ {
+ print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+ }
+ }
+
+ if (verify && !x509)
+ {
+ int tmp=0;
+
+ if (pkey == NULL)
+ {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) goto end;
+ }
+
+ i=X509_REQ_verify(req,pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
+
+ if (i < 0)
+ {
+ goto end;
+ }
+ else if (i == 0)
+ {
+ BIO_printf(bio_err,"verify failure\n");
+ ERR_print_errors(bio_err);
+ }
+ else /* if (i > 0) */
+ BIO_printf(bio_err,"verify OK\n");
+ }
+
+ if (noout && !text && !modulus && !subject && !pubkey)
+ {
+ ex=0;
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
+ i=(int)BIO_append_filename(out,outfile);
+ else
+ i=(int)BIO_write_filename(out,outfile);
+ if (!i)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (pubkey)
+ {
+ EVP_PKEY *tpubkey;
+ tpubkey=X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL)
+ {
+ BIO_printf(bio_err,"Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(out, tpubkey);
+ EVP_PKEY_free(tpubkey);
+ }
+
+ if (text)
+ {
+ if (x509)
+ X509_print_ex(out, x509ss, nmflag, reqflag);
+ else
+ X509_REQ_print_ex(out, req, nmflag, reqflag);
+ }
+
+ if(subject)
+ {
+ if(x509)
+ print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+ else
+ print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
+ }
+
+ if (modulus)
+ {
+ EVP_PKEY *tpubkey;
+
+ if (x509)
+ tpubkey=X509_get_pubkey(x509ss);
+ else
+ tpubkey=X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL)
+ {
+ fprintf(stdout,"Modulus=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout,"Modulus=");
+#ifndef OPENSSL_NO_RSA
+ if (tpubkey->type == EVP_PKEY_RSA)
+ BN_print(out,tpubkey->pkey.rsa->n);
+ else
+#endif
+ fprintf(stdout,"Wrong Algorithm type");
+ EVP_PKEY_free(tpubkey);
+ fprintf(stdout,"\n");
+ }
+
+ if (!noout && !x509)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_REQ_bio(out,req);
+ else if (outformat == FORMAT_PEM) {
+ if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
+ else i=PEM_write_bio_X509_REQ(out,req);
+ } else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write X509 request\n");
+ goto end;
+ }
+ }
+ if (!noout && x509 && (x509ss != NULL))
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_bio(out,x509ss);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509(out,x509ss);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write X509 certificate\n");
+ goto end;
+ }
+ }
+ ex=0;
+end:
+#ifndef MONOLITH
+ if(to_free)
+ OPENSSL_free(to_free);
+#endif
+ if (ex)
+ {
+ ERR_print_errors(bio_err);
+ }
+ if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
+ BIO_free(in);
+ BIO_free_all(out);
+ EVP_PKEY_free(pkey);
+ X509_REQ_free(req);
+ X509_free(x509ss);
+ ASN1_INTEGER_free(serial);
+ if(passargin && passin) OPENSSL_free(passin);
+ if(passargout && passout) OPENSSL_free(passout);
+ OBJ_cleanup();
+#ifndef OPENSSL_NO_DSA
+ if (dsa_params != NULL) DSA_free(dsa_params);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (ec_params != NULL) EC_KEY_free(ec_params);
+#endif
+ apps_shutdown();
+ OPENSSL_EXIT(ex);
+ }
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
+ int attribs, unsigned long chtype)
+ {
+ int ret=0,i;
+ char no_prompt = 0;
+ STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+ char *tmp, *dn_sect,*attr_sect;
+
+ tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
+ if (tmp == NULL)
+ ERR_clear_error();
+ if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
+
+ dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ if (dn_sect == NULL)
+ {
+ BIO_printf(bio_err,"unable to find '%s' in config\n",
+ DISTINGUISHED_NAME);
+ goto err;
+ }
+ dn_sk=NCONF_get_section(req_conf,dn_sect);
+ if (dn_sk == NULL)
+ {
+ BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
+ goto err;
+ }
+
+ attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ if (attr_sect == NULL)
+ {
+ ERR_clear_error();
+ attr_sk=NULL;
+ }
+ else
+ {
+ attr_sk=NCONF_get_section(req_conf,attr_sect);
+ if (attr_sk == NULL)
+ {
+ BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
+ goto err;
+ }
+ }
+
+ /* setup version number */
+ if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
+
+ if (no_prompt)
+ i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+ else
+ {
+ if (subj)
+ i = build_subject(req, subj, chtype, multirdn);
+ else
+ i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
+ }
+ if(!i) goto err;
+
+ if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+
+ ret=1;
+err:
+ return(ret);
+ }
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
+ {
+ X509_NAME *n;
+
+ if (!(n = parse_name(subject, chtype, multirdn)))
+ return 0;
+
+ if (!X509_REQ_set_subject_name(req, n))
+ {
+ X509_NAME_free(n);
+ return 0;
+ }
+ X509_NAME_free(n);
+ return 1;
+}
+
+
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype)
+ {
+ int i;
+ char *p,*q;
+ char buf[100];
+ int nid, mval;
+ long n_min,n_max;
+ char *type, *value;
+ const char *def;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+ subj = X509_REQ_get_subject_name(req);
+
+ if(!batch)
+ {
+ BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+ BIO_printf(bio_err,"into your certificate request.\n");
+ BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+ BIO_printf(bio_err,"For some fields there will be a default value,\n");
+ BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+ BIO_printf(bio_err,"-----\n");
+ }
+
+
+ if (sk_CONF_VALUE_num(dn_sk))
+ {
+ i= -1;
+start: for (;;)
+ {
+ i++;
+ if (sk_CONF_VALUE_num(dn_sk) <= i) break;
+
+ v=sk_CONF_VALUE_value(dn_sk,i);
+ p=q=NULL;
+ type=v->name;
+ if(!check_end(type,"_min") || !check_end(type,"_max") ||
+ !check_end(type,"_default") ||
+ !check_end(type,"_value")) continue;
+ /* Skip past any leading X. X: X, etc to allow for
+ * multiple instances
+ */
+ for(p = v->name; *p ; p++)
+ if ((*p == ':') || (*p == ',') ||
+ (*p == '.')) {
+ p++;
+ if(*p) type = p;
+ break;
+ }
+ if (*type == '+')
+ {
+ mval = -1;
+ type++;
+ }
+ else
+ mval = 0;
+ /* If OBJ not recognised ignore it */
+ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
+ >= (int)sizeof(buf))
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
+ if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ {
+ ERR_clear_error();
+ def="";
+ }
+
+ BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
+ if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ {
+ ERR_clear_error();
+ value=NULL;
+ }
+
+ BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+ {
+ ERR_clear_error();
+ n_min = -1;
+ }
+
+ BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+ {
+ ERR_clear_error();
+ n_max = -1;
+ }
+
+ if (!add_DN_object(subj,v->value,def,value,nid,
+ n_min,n_max, chtype, mval))
+ return 0;
+ }
+ if (X509_NAME_entry_count(subj) == 0)
+ {
+ BIO_printf(bio_err,"error, no objects specified in config file\n");
+ return 0;
+ }
+
+ if (attribs)
+ {
+ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
+ {
+ BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
+ BIO_printf(bio_err,"to be sent with your certificate request\n");
+ }
+
+ i= -1;
+start2: for (;;)
+ {
+ i++;
+ if ((attr_sk == NULL) ||
+ (sk_CONF_VALUE_num(attr_sk) <= i))
+ break;
+
+ v=sk_CONF_VALUE_value(attr_sk,i);
+ type=v->name;
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ goto start2;
+
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
+ >= (int)sizeof(buf))
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
+ if ((def=NCONF_get_string(req_conf,attr_sect,buf))
+ == NULL)
+ {
+ ERR_clear_error();
+ def="";
+ }
+
+
+ BIO_snprintf(buf,sizeof buf,"%s_value",type);
+ if ((value=NCONF_get_string(req_conf,attr_sect,buf))
+ == NULL)
+ {
+ ERR_clear_error();
+ value=NULL;
+ }
+
+ BIO_snprintf(buf,sizeof buf,"%s_min",type);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+ {
+ ERR_clear_error();
+ n_min = -1;
+ }
+
+ BIO_snprintf(buf,sizeof buf,"%s_max",type);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+ {
+ ERR_clear_error();
+ n_max = -1;
+ }
+
+ if (!add_attribute_object(req,
+ v->value,def,value,nid,n_min,n_max, chtype))
+ return 0;
+ }
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"No template, please set one up.\n");
+ return 0;
+ }
+
+ return 1;
+
+ }
+
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+ STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
+ {
+ int i;
+ char *p,*q;
+ char *type;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+
+ subj = X509_REQ_get_subject_name(req);
+
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
+ {
+ int mval;
+ v=sk_CONF_VALUE_value(dn_sk,i);
+ p=q=NULL;
+ type=v->name;
+ /* Skip past any leading X. X: X, etc to allow for
+ * multiple instances
+ */
+ for(p = v->name; *p ; p++)
+#ifndef CHARSET_EBCDIC
+ if ((*p == ':') || (*p == ',') || (*p == '.')) {
+#else
+ if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
+#endif
+ p++;
+ if(*p) type = p;
+ break;
+ }
+#ifndef CHARSET_EBCDIC
+ if (*p == '+')
+#else
+ if (*p == os_toascii['+'])
+#endif
+ {
+ p++;
+ mval = -1;
+ }
+ else
+ mval = 0;
+ if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
+ (unsigned char *) v->value,-1,-1,mval)) return 0;
+
+ }
+
+ if (!X509_NAME_entry_count(subj))
+ {
+ BIO_printf(bio_err,"error, no objects specified in config file\n");
+ return 0;
+ }
+ if (attribs)
+ {
+ for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
+ {
+ v=sk_CONF_VALUE_value(attr_sk,i);
+ if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+ (unsigned char *)v->value, -1)) return 0;
+ }
+ }
+ return 1;
+ }
+
+
+static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+ int nid, int n_min, int n_max, unsigned long chtype, int mval)
+ {
+ int i,ret=0;
+ MS_STATIC char buf[1024];
+start:
+ if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+ (void)BIO_flush(bio_err);
+ if(value != NULL)
+ {
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
+ BIO_printf(bio_err,"%s\n",value);
+ }
+ else
+ {
+ buf[0]='\0';
+ if (!batch)
+ {
+ if (!fgets(buf,sizeof buf,stdin))
+ return 0;
+ }
+ else
+ {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
+ }
+
+ if (buf[0] == '\0') return(0);
+ else if (buf[0] == '\n')
+ {
+ if ((def == NULL) || (def[0] == '\0'))
+ return(1);
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
+ }
+ else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+
+ i=strlen(buf);
+ if (buf[i-1] != '\n')
+ {
+ BIO_printf(bio_err,"weird input :-(\n");
+ return(0);
+ }
+ buf[--i]='\0';
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, i);
+#endif
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
+ (unsigned char *) buf, -1,-1,mval)) goto err;
+ ret=1;
+err:
+ return(ret);
+ }
+
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype)
+ {
+ int i;
+ static char buf[1024];
+
+start:
+ if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+ (void)BIO_flush(bio_err);
+ if (value != NULL)
+ {
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
+ BIO_printf(bio_err,"%s\n",value);
+ }
+ else
+ {
+ buf[0]='\0';
+ if (!batch)
+ {
+ if (!fgets(buf,sizeof buf,stdin))
+ return 0;
+ }
+ else
+ {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
+ }
+
+ if (buf[0] == '\0') return(0);
+ else if (buf[0] == '\n')
+ {
+ if ((def == NULL) || (def[0] == '\0'))
+ return(1);
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
+ }
+ else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+
+ i=strlen(buf);
+ if (buf[i-1] != '\n')
+ {
+ BIO_printf(bio_err,"weird input :-(\n");
+ return(0);
+ }
+ buf[--i]='\0';
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, i);
+#endif
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
+ if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+ (unsigned char *)buf, -1)) {
+ BIO_printf(bio_err, "Error adding attribute\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ return(1);
+err:
+ return(0);
+ }
+
+#ifndef OPENSSL_NO_RSA
+static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(cb->arg,&c,1);
+ (void)BIO_flush(cb->arg);
+#ifdef LINT
+ p=n;
+#endif
+ return 1;
+ }
+#endif
+
+static int req_check_len(int len, int n_min, int n_max)
+ {
+ if ((n_min > 0) && (len < n_min))
+ {
+ BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
+ return(0);
+ }
+ if ((n_max >= 0) && (len > n_max))
+ {
+ BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
+ return(0);
+ }
+ return(1);
+ }
+
+/* Check if the end of a string matches 'end' */
+static int check_end(const char *str, const char *end)
+{
+ int elen, slen;
+ const char *tmp;
+ elen = strlen(end);
+ slen = strlen(str);
+ if(elen > slen) return 1;
+ tmp = str + slen - elen;
+ return strcmp(tmp, end);
+}
Added: vendor-crypto/openssl/dist/apps/req.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/req.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/req.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/rsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rsa.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/rsa.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,401 @@
+/* apps/rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_RSA
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+
+#undef PROG
+#define PROG rsa_main
+
+/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the RSA key modulus
+ * -check - verify key consistency
+ * -pubin - Expect a public key in input file.
+ * -pubout - Output a public key.
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int ret=1;
+ RSA *rsa=NULL;
+ int i,badops=0, sgckey=0;
+ const EVP_CIPHER *enc=NULL;
+ BIO *out=NULL;
+ int informat,outformat,text=0,check=0,noout=0;
+ int pubin = 0, pubout = 0;
+ char *infile,*outfile,*prog;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ int modulus=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-sgckey") == 0)
+ sgckey=1;
+ else if (strcmp(*argv,"-pubin") == 0)
+ pubin=1;
+ else if (strcmp(*argv,"-pubout") == 0)
+ pubout=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the RSA key modulus\n");
+ BIO_printf(bio_err," -check verify key consistency\n");
+ BIO_printf(bio_err," -pubin expect a public key in input file\n");
+ BIO_printf(bio_err," -pubout output a public key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if(check && pubin) {
+ BIO_printf(bio_err, "Only private keys can be checked\n");
+ goto end;
+ }
+
+ out=BIO_new(BIO_s_file());
+
+ {
+ EVP_PKEY *pkey;
+
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
+
+ if (rsa == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!RSA_print(out,rsa,0))
+ {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus)
+ {
+ BIO_printf(out,"Modulus=");
+ BN_print(out,rsa->n);
+ BIO_printf(out,"\n");
+ }
+
+ if (check)
+ {
+ int r = RSA_check_key(rsa);
+
+ if (r == 1)
+ BIO_printf(out,"RSA key ok\n");
+ else if (r == 0)
+ {
+ unsigned long err;
+
+ while ((err = ERR_peek_error()) != 0 &&
+ ERR_GET_LIB(err) == ERR_LIB_RSA &&
+ ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+ ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+ {
+ BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+ ERR_get_error(); /* remove e from error stack */
+ }
+ }
+
+ if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (noout)
+ {
+ ret = 0;
+ goto end;
+ }
+ BIO_printf(bio_err,"writing RSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
+ else i=i2d_RSAPrivateKey_bio(out,rsa);
+ }
+#ifndef OPENSSL_NO_RC4
+ else if (outformat == FORMAT_NETSCAPE)
+ {
+ unsigned char *p,*pp;
+ int size;
+
+ i=1;
+ size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
+ if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto end;
+ }
+ pp=p;
+ i2d_RSA_NET(rsa,&p,NULL, sgckey);
+ BIO_write(out,(char *)pp,size);
+ OPENSSL_free(pp);
+ }
+#endif
+ else if (outformat == FORMAT_PEM) {
+ if(pubout || pubin)
+ i=PEM_write_bio_RSA_PUBKEY(out,rsa);
+ else i=PEM_write_bio_RSAPrivateKey(out,rsa,
+ enc,NULL,0,NULL,passout);
+ } else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write key\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ ret=0;
+end:
+ if(out != NULL) BIO_free_all(out);
+ if(rsa != NULL) RSA_free(rsa);
+ if(passin) OPENSSL_free(passin);
+ if(passout) OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/apps/rsa8192.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/rsa8192.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/rsa8192.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,101 @@
+-----BEGIN RSA PRIVATE KEY-----
+
+MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
+ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
+MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
+55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
+yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
+tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
+LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
+aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
+PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
+mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
+71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
+d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
+wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
+bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
+Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
+Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
+pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
+os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
+mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
+cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
+LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
+tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
+PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
+psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
+9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
+xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
+ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
+RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
+1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
+P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
+77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
+4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
+/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
+GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
+HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
+ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
+AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
+52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
+5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
+7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
+KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
+cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
+dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
+DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
+Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
+f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
+J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
+TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
+fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
+Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
+mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
+YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
+mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
+Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
+c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
+Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
+WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
+KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
+JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
+yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
+kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
+DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
+22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
+D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
+PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
+dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
+FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
+6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
+eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
+bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
+XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
+7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
+82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
+beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
+pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
+70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
+YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
+ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
+lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
+4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
+lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
+LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
+x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
+O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
+6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
+Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
+DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
+Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
+oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
+nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
+X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
+QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
+TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
+46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
+rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
+I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
+-----END RSA PRIVATE KEY-----
+
Added: vendor-crypto/openssl/dist/apps/rsautl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rsautl.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/rsautl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,345 @@
+/* rsautl.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_RSA
+
+#include "apps.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+
+#define RSA_SIGN 1
+#define RSA_VERIFY 2
+#define RSA_ENCRYPT 3
+#define RSA_DECRYPT 4
+
+#define KEY_PRIVKEY 1
+#define KEY_PUBKEY 2
+#define KEY_CERT 3
+
+static void usage(void);
+
+#undef PROG
+
+#define PROG rsautl_main
+
+int MAIN(int argc, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ BIO *in = NULL, *out = NULL;
+ char *infile = NULL, *outfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ char *keyfile = NULL;
+ char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+ int keyform = FORMAT_PEM;
+ char need_priv = 0, badarg = 0, rev = 0;
+ char hexdump = 0, asn1parse = 0;
+ X509 *x;
+ EVP_PKEY *pkey = NULL;
+ RSA *rsa = NULL;
+ unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+ char *passargin = NULL, *passin = NULL;
+ int rsa_inlen, rsa_outlen = 0;
+ int keysize;
+
+ int ret = 1;
+
+ argc--;
+ argv++;
+
+ if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ pad = RSA_PKCS1_PADDING;
+
+ while(argc >= 1)
+ {
+ if (!strcmp(*argv,"-in")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ infile= *(++argv);
+ } else if (!strcmp(*argv,"-out")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ outfile= *(++argv);
+ } else if(!strcmp(*argv, "-inkey")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyfile = *(++argv);
+ } else if (!strcmp(*argv,"-passin")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ passargin= *(++argv);
+ } else if (strcmp(*argv,"-keyform") == 0) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyform=str2fmt(*(++argv));
+#ifndef OPENSSL_NO_ENGINE
+ } else if(!strcmp(*argv, "-engine")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ engine = *(++argv);
+#endif
+ } else if(!strcmp(*argv, "-pubin")) {
+ key_type = KEY_PUBKEY;
+ } else if(!strcmp(*argv, "-certin")) {
+ key_type = KEY_CERT;
+ }
+ else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
+ else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
+ else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
+ else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
+ else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
+ else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+ else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
+ else if(!strcmp(*argv, "-sign")) {
+ rsa_mode = RSA_SIGN;
+ need_priv = 1;
+ } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
+ else if(!strcmp(*argv, "-rev")) rev = 1;
+ else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
+ else if(!strcmp(*argv, "-decrypt")) {
+ rsa_mode = RSA_DECRYPT;
+ need_priv = 1;
+ } else badarg = 1;
+ if(badarg) {
+ usage();
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+ if(need_priv && (key_type != KEY_PRIVKEY)) {
+ BIO_printf(bio_err, "A private key is needed for this operation\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+/* FIXME: seed PRNG only if needed */
+ app_RAND_load_file(NULL, bio_err, 0);
+
+ switch(key_type) {
+ case KEY_PRIVKEY:
+ pkey = load_key(bio_err, keyfile, keyform, 0,
+ passin, e, "Private Key");
+ break;
+
+ case KEY_PUBKEY:
+ pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+ NULL, e, "Public Key");
+ break;
+
+ case KEY_CERT:
+ x = load_cert(bio_err, keyfile, keyform,
+ NULL, e, "Certificate");
+ if(x) {
+ pkey = X509_get_pubkey(x);
+ X509_free(x);
+ }
+ break;
+ }
+
+ if(!pkey) {
+ return 1;
+ }
+
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+
+ if(!rsa) {
+ BIO_printf(bio_err, "Error getting RSA key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+
+ if(infile) {
+ if(!(in = BIO_new_file(infile, "rb"))) {
+ BIO_printf(bio_err, "Error Reading Input File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if(outfile) {
+ if(!(out = BIO_new_file(outfile, "wb"))) {
+ BIO_printf(bio_err, "Error Reading Output File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ keysize = RSA_size(rsa);
+
+ rsa_in = OPENSSL_malloc(keysize * 2);
+ rsa_out = OPENSSL_malloc(keysize);
+
+ /* Read the input data */
+ rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+ if(rsa_inlen <= 0) {
+ BIO_printf(bio_err, "Error reading input Data\n");
+ exit(1);
+ }
+ if(rev) {
+ int i;
+ unsigned char ctmp;
+ for(i = 0; i < rsa_inlen/2; i++) {
+ ctmp = rsa_in[i];
+ rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+ rsa_in[rsa_inlen - 1 - i] = ctmp;
+ }
+ }
+ switch(rsa_mode) {
+
+ case RSA_VERIFY:
+ rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_SIGN:
+ rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_ENCRYPT:
+ rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_DECRYPT:
+ rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ }
+
+ if(rsa_outlen <= 0) {
+ BIO_printf(bio_err, "RSA operation error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ if(asn1parse) {
+ if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+ ERR_print_errors(bio_err);
+ }
+ } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
+ else BIO_write(out, rsa_out, rsa_outlen);
+ end:
+ RSA_free(rsa);
+ BIO_free(in);
+ BIO_free_all(out);
+ if(rsa_in) OPENSSL_free(rsa_in);
+ if(rsa_out) OPENSSL_free(rsa_out);
+ if(passin) OPENSSL_free(passin);
+ return ret;
+}
+
+static void usage()
+{
+ BIO_printf(bio_err, "Usage: rsautl [options]\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-inkey file input key\n");
+ BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
+ BIO_printf(bio_err, "-pubin input is an RSA public\n");
+ BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
+ BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
+ BIO_printf(bio_err, "-raw use no padding\n");
+ BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
+ BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
+ BIO_printf(bio_err, "-sign sign with private key\n");
+ BIO_printf(bio_err, "-verify verify with public key\n");
+ BIO_printf(bio_err, "-encrypt encrypt with public key\n");
+ BIO_printf(bio_err, "-decrypt decrypt with private key\n");
+ BIO_printf(bio_err, "-hexdump hex dump output\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf (bio_err, "-passin arg pass phrase source\n");
+#endif
+
+}
+
+#endif
Added: vendor-crypto/openssl/dist/apps/s1024key.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/s1024key.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/s1024key.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/s1024req.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/s1024req.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/s1024req.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
+dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
+9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
+KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
+RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
+BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
+nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
+frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/s512-key.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/s512-key.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/s512-key.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/apps/s512-req.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/s512-req.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/s512-req.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
+MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
+y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
+5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/s_apps.h
===================================================================
--- vendor-crypto/openssl/dist/apps/s_apps.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_apps.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,176 @@
+/* apps/s_apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+#include <sys/types.h>
+#endif
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+#define _kbhit kbhit
+#endif
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
+/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
+#define MAX_NOFILE 32
+#define NBBY 8 /* number of bits in a byte */
+
+#ifndef FD_SETSIZE
+#define FD_SETSIZE MAX_NOFILE
+#endif /* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+#define MAXSELFD MAX_NOFILE
+typedef int fd_mask; /* int here! VMS prototypes int, not long */
+#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/
+#define NFDSHIFT 5 /* Shift based on above */
+
+typedef fd_mask fd_set;
+#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
+#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
+#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
+#endif
+
+#define PORT 4433
+#define PORT_STR "4433"
+#define PROTOCOL "tcp"
+
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+#ifdef HEADER_X509_H
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+#endif
+int init_client(int *sock, char *server, int port, int type);
+int should_retry(int i);
+int extract_port(char *str, short *port_ptr);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret);
+
+#ifdef HEADER_SSL_H
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg);
+#endif
+
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
Added: vendor-crypto/openssl/dist/apps/s_cb.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_cb.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_cb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,757 @@
+/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#undef USE_SOCKETS
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include "s_apps.h"
+
+#define COOKIE_SECRET_LENGTH 16
+
+int verify_depth=0;
+int verify_error=X509_V_OK;
+unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+int cookie_initialized=0;
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+ char buf[256];
+ X509 *err_cert;
+ int err,depth;
+
+ err_cert=X509_STORE_CTX_get_current_cert(ctx);
+ err= X509_STORE_CTX_get_error(ctx);
+ depth= X509_STORE_CTX_get_error_depth(ctx);
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
+ BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+ if (!ok)
+ {
+ BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+ X509_verify_cert_error_string(err));
+ if (verify_depth >= depth)
+ {
+ ok=1;
+ verify_error=X509_V_OK;
+ }
+ else
+ {
+ ok=0;
+ verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ }
+ }
+ switch (ctx->error)
+ {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
+ BIO_printf(bio_err,"issuer= %s\n",buf);
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ BIO_printf(bio_err,"notBefore=");
+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ BIO_printf(bio_err,"notAfter=");
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ }
+ BIO_printf(bio_err,"verify return:%d\n",ok);
+ return(ok);
+ }
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+ {
+ if (cert_file != NULL)
+ {
+ /*
+ SSL *ssl;
+ X509 *x509;
+ */
+
+ if (SSL_CTX_use_certificate_file(ctx,cert_file,
+ SSL_FILETYPE_PEM) <= 0)
+ {
+ BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+ if (key_file == NULL) key_file=cert_file;
+ if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
+ SSL_FILETYPE_PEM) <= 0)
+ {
+ BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+
+ /*
+ In theory this is no longer needed
+ ssl=SSL_new(ctx);
+ x509=SSL_get_certificate(ssl);
+
+ if (x509 != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp,
+ SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+ SSL_free(ssl);
+ */
+
+ /* If we are using DSA, we can copy the parameters from
+ * the private key */
+
+
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
+ if (!SSL_CTX_check_private_key(ctx))
+ {
+ BIO_printf(bio_err,"Private key does not match the certificate public key\n");
+ return(0);
+ }
+ }
+ return(1);
+ }
+
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+ {
+ if (cert == NULL)
+ return 1;
+ if (SSL_CTX_use_certificate(ctx,cert) <= 0)
+ {
+ BIO_printf(bio_err,"error setting certificate\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+ if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
+ {
+ BIO_printf(bio_err,"error setting private key\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
+ if (!SSL_CTX_check_private_key(ctx))
+ {
+ BIO_printf(bio_err,"Private key does not match the certificate public key\n");
+ return 0;
+ }
+ return 1;
+ }
+
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret)
+ {
+ BIO *out;
+
+ out=(BIO *)BIO_get_callback_arg(bio);
+ if (out == NULL) return(ret);
+
+ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
+ (void *)bio,argp,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ return(ret);
+ }
+ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
+ (void *)bio,argp,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ }
+ return(ret);
+ }
+
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
+ {
+ const char *str;
+ int w;
+
+ w=where& ~SSL_ST_MASK;
+
+ if (w & SSL_ST_CONNECT) str="SSL_connect";
+ else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+ else str="undefined";
+
+ if (where & SSL_CB_LOOP)
+ {
+ BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
+ }
+ else if (where & SSL_CB_ALERT)
+ {
+ str=(where & SSL_CB_READ)?"read":"write";
+ BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
+ }
+ else if (where & SSL_CB_EXIT)
+ {
+ if (ret == 0)
+ BIO_printf(bio_err,"%s:failed in %s\n",
+ str,SSL_state_string_long(s));
+ else if (ret < 0)
+ {
+ BIO_printf(bio_err,"%s:error in %s\n",
+ str,SSL_state_string_long(s));
+ }
+ }
+ }
+
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+ {
+ BIO *bio = arg;
+ const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
+
+ str_write_p = write_p ? ">>>" : "<<<";
+
+ switch (version)
+ {
+ case SSL2_VERSION:
+ str_version = "SSL 2.0";
+ break;
+ case SSL3_VERSION:
+ str_version = "SSL 3.0 ";
+ break;
+ case TLS1_VERSION:
+ str_version = "TLS 1.0 ";
+ break;
+ default:
+ str_version = "???";
+ case DTLS1_VERSION:
+ str_version = "DTLS 1.0 ";
+ break;
+ case DTLS1_BAD_VER:
+ str_version = "DTLS 1.0 (bad) ";
+ break;
+ }
+
+ if (version == SSL2_VERSION)
+ {
+ str_details1 = "???";
+
+ if (len > 0)
+ {
+ switch (((const unsigned char*)buf)[0])
+ {
+ case 0:
+ str_details1 = ", ERROR:";
+ str_details2 = " ???";
+ if (len >= 3)
+ {
+ unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
+
+ switch (err)
+ {
+ case 0x0001:
+ str_details2 = " NO-CIPHER-ERROR";
+ break;
+ case 0x0002:
+ str_details2 = " NO-CERTIFICATE-ERROR";
+ break;
+ case 0x0004:
+ str_details2 = " BAD-CERTIFICATE-ERROR";
+ break;
+ case 0x0006:
+ str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+ break;
+ }
+ }
+
+ break;
+ case 1:
+ str_details1 = ", CLIENT-HELLO";
+ break;
+ case 2:
+ str_details1 = ", CLIENT-MASTER-KEY";
+ break;
+ case 3:
+ str_details1 = ", CLIENT-FINISHED";
+ break;
+ case 4:
+ str_details1 = ", SERVER-HELLO";
+ break;
+ case 5:
+ str_details1 = ", SERVER-VERIFY";
+ break;
+ case 6:
+ str_details1 = ", SERVER-FINISHED";
+ break;
+ case 7:
+ str_details1 = ", REQUEST-CERTIFICATE";
+ break;
+ case 8:
+ str_details1 = ", CLIENT-CERTIFICATE";
+ break;
+ }
+ }
+ }
+
+ if (version == SSL3_VERSION ||
+ version == TLS1_VERSION ||
+ version == DTLS1_VERSION ||
+ version == DTLS1_BAD_VER)
+ {
+ switch (content_type)
+ {
+ case 20:
+ str_content_type = "ChangeCipherSpec";
+ break;
+ case 21:
+ str_content_type = "Alert";
+ break;
+ case 22:
+ str_content_type = "Handshake";
+ break;
+ }
+
+ if (content_type == 21) /* Alert */
+ {
+ str_details1 = ", ???";
+
+ if (len == 2)
+ {
+ switch (((const unsigned char*)buf)[0])
+ {
+ case 1:
+ str_details1 = ", warning";
+ break;
+ case 2:
+ str_details1 = ", fatal";
+ break;
+ }
+
+ str_details2 = " ???";
+ switch (((const unsigned char*)buf)[1])
+ {
+ case 0:
+ str_details2 = " close_notify";
+ break;
+ case 10:
+ str_details2 = " unexpected_message";
+ break;
+ case 20:
+ str_details2 = " bad_record_mac";
+ break;
+ case 21:
+ str_details2 = " decryption_failed";
+ break;
+ case 22:
+ str_details2 = " record_overflow";
+ break;
+ case 30:
+ str_details2 = " decompression_failure";
+ break;
+ case 40:
+ str_details2 = " handshake_failure";
+ break;
+ case 42:
+ str_details2 = " bad_certificate";
+ break;
+ case 43:
+ str_details2 = " unsupported_certificate";
+ break;
+ case 44:
+ str_details2 = " certificate_revoked";
+ break;
+ case 45:
+ str_details2 = " certificate_expired";
+ break;
+ case 46:
+ str_details2 = " certificate_unknown";
+ break;
+ case 47:
+ str_details2 = " illegal_parameter";
+ break;
+ case 48:
+ str_details2 = " unknown_ca";
+ break;
+ case 49:
+ str_details2 = " access_denied";
+ break;
+ case 50:
+ str_details2 = " decode_error";
+ break;
+ case 51:
+ str_details2 = " decrypt_error";
+ break;
+ case 60:
+ str_details2 = " export_restriction";
+ break;
+ case 70:
+ str_details2 = " protocol_version";
+ break;
+ case 71:
+ str_details2 = " insufficient_security";
+ break;
+ case 80:
+ str_details2 = " internal_error";
+ break;
+ case 90:
+ str_details2 = " user_canceled";
+ break;
+ case 100:
+ str_details2 = " no_renegotiation";
+ break;
+ case 110:
+ str_details2 = " unsupported_extension";
+ break;
+ case 111:
+ str_details2 = " certificate_unobtainable";
+ break;
+ case 112:
+ str_details2 = " unrecognized_name";
+ break;
+ case 113:
+ str_details2 = " bad_certificate_status_response";
+ break;
+ case 114:
+ str_details2 = " bad_certificate_hash_value";
+ break;
+ case 115:
+ str_details2 = " unknown_psk_identity";
+ break;
+ }
+ }
+ }
+
+ if (content_type == 22) /* Handshake */
+ {
+ str_details1 = "???";
+
+ if (len > 0)
+ {
+ switch (((const unsigned char*)buf)[0])
+ {
+ case 0:
+ str_details1 = ", HelloRequest";
+ break;
+ case 1:
+ str_details1 = ", ClientHello";
+ break;
+ case 2:
+ str_details1 = ", ServerHello";
+ break;
+ case 11:
+ str_details1 = ", Certificate";
+ break;
+ case 12:
+ str_details1 = ", ServerKeyExchange";
+ break;
+ case 13:
+ str_details1 = ", CertificateRequest";
+ break;
+ case 14:
+ str_details1 = ", ServerHelloDone";
+ break;
+ case 15:
+ str_details1 = ", CertificateVerify";
+ break;
+ case 3:
+ str_details1 = ", HelloVerifyRequest";
+ break;
+ case 16:
+ str_details1 = ", ClientKeyExchange";
+ break;
+ case 20:
+ str_details1 = ", Finished";
+ break;
+ }
+ }
+ }
+ }
+
+ BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
+
+ if (len > 0)
+ {
+ size_t num, i;
+
+ BIO_printf(bio, " ");
+ num = len;
+#if 0
+ if (num > 16)
+ num = 16;
+#endif
+ for (i = 0; i < num; i++)
+ {
+ if (i % 16 == 0 && i > 0)
+ BIO_printf(bio, "\n ");
+ BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
+ }
+ if (i < len)
+ BIO_printf(bio, " ...");
+ BIO_printf(bio, "\n");
+ }
+ (void)BIO_flush(bio);
+ }
+
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg)
+ {
+ BIO *bio = arg;
+ char *extname;
+
+ switch(type)
+ {
+ case TLSEXT_TYPE_server_name:
+ extname = "server name";
+ break;
+
+ case TLSEXT_TYPE_max_fragment_length:
+ extname = "max fragment length";
+ break;
+
+ case TLSEXT_TYPE_client_certificate_url:
+ extname = "client certificate URL";
+ break;
+
+ case TLSEXT_TYPE_trusted_ca_keys:
+ extname = "trusted CA keys";
+ break;
+
+ case TLSEXT_TYPE_truncated_hmac:
+ extname = "truncated HMAC";
+ break;
+
+ case TLSEXT_TYPE_status_request:
+ extname = "status request";
+ break;
+
+ case TLSEXT_TYPE_elliptic_curves:
+ extname = "elliptic curves";
+ break;
+
+ case TLSEXT_TYPE_ec_point_formats:
+ extname = "EC point formats";
+ break;
+
+ case TLSEXT_TYPE_session_ticket:
+ extname = "server ticket";
+ break;
+
+ case TLSEXT_TYPE_renegotiate:
+ extname = "renegotiate";
+ break;
+
+ default:
+ extname = "unknown";
+ break;
+
+ }
+
+ BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+ client_server ? "server": "client",
+ extname, type, len);
+ BIO_dump(bio, (char *)data, len);
+ (void)BIO_flush(bio);
+ }
+
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
+ {
+ unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+ unsigned int length, resultlength;
+ struct sockaddr_in peer;
+
+ /* Initialize a random secret */
+ if (!cookie_initialized)
+ {
+ if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
+ {
+ BIO_printf(bio_err,"error setting random cookie secret\n");
+ return 0;
+ }
+ cookie_initialized = 1;
+ }
+
+ /* Read peer information */
+ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+
+ /* Create buffer with peer's address and port */
+ length = sizeof(peer.sin_addr);
+ length += sizeof(peer.sin_port);
+ buffer = OPENSSL_malloc(length);
+
+ if (buffer == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ return 0;
+ }
+
+ memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
+ memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port));
+
+ /* Calculate HMAC of buffer using the secret */
+ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+ buffer, length, result, &resultlength);
+ OPENSSL_free(buffer);
+
+ memcpy(cookie, result, resultlength);
+ *cookie_len = resultlength;
+
+ return 1;
+ }
+
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
+ {
+ unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+ unsigned int length, resultlength;
+ struct sockaddr_in peer;
+
+ /* If secret isn't initialized yet, the cookie can't be valid */
+ if (!cookie_initialized)
+ return 0;
+
+ /* Read peer information */
+ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+
+ /* Create buffer with peer's address and port */
+ length = sizeof(peer.sin_addr);
+ length += sizeof(peer.sin_port);
+ buffer = (unsigned char*) OPENSSL_malloc(length);
+
+ if (buffer == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ return 0;
+ }
+
+ memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
+ memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port));
+
+ /* Calculate HMAC of buffer using the secret */
+ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+ buffer, length, result, &resultlength);
+ OPENSSL_free(buffer);
+
+ if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
+ return 1;
+
+ return 0;
+ }
Added: vendor-crypto/openssl/dist/apps/s_client.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_client.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_client.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1574 @@
+/* apps/s_client.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+ recursive header file inclusion, resulting in the compiler complaining
+ that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+ is needed to have fileno() declared correctly... So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include "s_apps.h"
+#include "timeouts.h"
+
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#undef PROG
+#define PROG s_client_main
+
+/*#define SSL_HOST_NAME "www.netscape.com" */
+/*#define SSL_HOST_NAME "193.118.187.102" */
+#define SSL_HOST_NAME "localhost"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+
+extern int verify_depth;
+extern int verify_error;
+
+#ifdef FIONBIO
+static int c_nbio=0;
+#endif
+static int c_Pause=0;
+static int c_debug=0;
+#ifndef OPENSSL_NO_TLSEXT
+static int c_tlsextdebug=0;
+static int c_status_req=0;
+#endif
+static int c_msg=0;
+static int c_showcerts=0;
+
+static void sc_usage(void);
+static void print_stuff(BIO *berr,SSL *con,int full);
+#ifndef OPENSSL_NO_TLSEXT
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
+static BIO *bio_c_out=NULL;
+static int c_quiet=0;
+static int c_ign_eof=0;
+
+static void sc_usage(void)
+ {
+ BIO_printf(bio_err,"usage: s_client args\n");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err," -host host - use -connect instead\n");
+ BIO_printf(bio_err," -port port - use -connect instead\n");
+ BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+
+ BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
+ BIO_printf(bio_err," not specified but cert file is.\n");
+ BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
+ BIO_printf(bio_err," -debug - extra output\n");
+#ifdef WATT32
+ BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
+#endif
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
+ BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
+ BIO_printf(bio_err," -state - print the 'ssl' states\n");
+#ifdef FIONBIO
+ BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err," -quiet - no s_client output\n");
+ BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
+ BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
+ BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+ BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+ BIO_printf(bio_err," -tls1 - just use TLSv1\n");
+ BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err," -mtu - set the link layer MTU\n");
+ BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+ BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
+ BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
+ BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err," for those protocols that support it, where\n");
+ BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+ BIO_printf(bio_err," are supported.\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
+ BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -status - request certificate status from server\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+#endif
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ }
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ BIO * biodebug;
+ int ack;
+} tlsextctx;
+
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+ {
+ tlsextctx * p = (tlsextctx *) arg;
+ const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (SSL_get_servername_type(s) != -1)
+ p->ack = !SSL_session_reused(s) && hn != NULL;
+ else
+ BIO_printf(bio_err,"Can't use SSL_get_servername\n");
+
+ return SSL_TLSEXT_ERR_OK;
+ }
+#endif
+enum
+{
+ PROTO_OFF = 0,
+ PROTO_SMTP,
+ PROTO_POP3,
+ PROTO_IMAP,
+ PROTO_FTP,
+ PROTO_XMPP
+};
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int off=0, clr = 0;
+ SSL *con=NULL,*con2=NULL;
+ X509_STORE *store = NULL;
+ int s,k,width,state=0;
+ char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
+ int cbuf_len,cbuf_off;
+ int sbuf_len,sbuf_off;
+ fd_set readfds,writefds;
+ short port=PORT;
+ int full_log=1;
+ char *host=SSL_HOST_NAME;
+ char *cert_file=NULL,*key_file=NULL;
+ int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ X509 *cert = NULL;
+ EVP_PKEY *key = NULL;
+ char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
+ int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
+ int crlf=0;
+ int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
+ SSL_CTX *ctx=NULL;
+ int ret=1,in_init=1,i,nbio_test=0;
+ int starttls_proto = PROTO_OFF;
+ int prexit = 0, vflags = 0;
+ SSL_METHOD *meth=NULL;
+#ifdef sock_type
+#undef sock_type
+#endif
+ int sock_type=SOCK_STREAM;
+ BIO *sbio;
+ char *inrand=NULL;
+ int mbuf_len=0;
+ struct timeval timeout, *timeoutp;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine_id=NULL;
+ char *ssl_client_engine_id=NULL;
+ ENGINE *ssl_client_engine=NULL;
+#endif
+ ENGINE *e=NULL;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ struct timeval tv;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+ char *servername = NULL;
+ tlsextctx tlsextcbp =
+ {NULL,0};
+#endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+ struct sockaddr peer;
+ int peerlen = sizeof(peer);
+ int enable_timeouts = 0 ;
+ long socket_mtu = 0;
+#ifndef OPENSSL_NO_JPAKE
+ char *jpake_secret = NULL;
+#endif
+
+ meth=SSLv23_client_method();
+
+ apps_startup();
+ c_Pause=0;
+ c_quiet=0;
+ c_ign_eof=0;
+ c_debug=0;
+ c_msg=0;
+ c_showcerts=0;
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+
+ verify_depth=0;
+ verify_error=X509_V_OK;
+#ifdef FIONBIO
+ c_nbio=0;
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-host") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+ else if (strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+ port=atoi(*(++argv));
+ if (port == 0) goto bad;
+ }
+ else if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!extract_host_port(*(++argv),&host,NULL,&port))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+ verify=SSL_VERIFY_PEER;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cert_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-sess_out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sess_out = *(++argv);
+ }
+ else if (strcmp(*argv,"-sess_in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sess_in = *(++argv);
+ }
+ else if (strcmp(*argv,"-certform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cert_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-crl_check") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (strcmp(*argv,"-crl_check_all") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ else if (strcmp(*argv,"-prexit") == 0)
+ prexit=1;
+ else if (strcmp(*argv,"-crlf") == 0)
+ crlf=1;
+ else if (strcmp(*argv,"-quiet") == 0)
+ {
+ c_quiet=1;
+ c_ign_eof=1;
+ }
+ else if (strcmp(*argv,"-ign_eof") == 0)
+ c_ign_eof=1;
+ else if (strcmp(*argv,"-no_ign_eof") == 0)
+ c_ign_eof=0;
+ else if (strcmp(*argv,"-pause") == 0)
+ c_Pause=1;
+ else if (strcmp(*argv,"-debug") == 0)
+ c_debug=1;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-tlsextdebug") == 0)
+ c_tlsextdebug=1;
+ else if (strcmp(*argv,"-status") == 0)
+ c_status_req=1;
+#endif
+#ifdef WATT32
+ else if (strcmp(*argv,"-wdebug") == 0)
+ dbug_init();
+#endif
+ else if (strcmp(*argv,"-msg") == 0)
+ c_msg=1;
+ else if (strcmp(*argv,"-showcerts") == 0)
+ c_showcerts=1;
+ else if (strcmp(*argv,"-nbio_test") == 0)
+ nbio_test=1;
+ else if (strcmp(*argv,"-state") == 0)
+ state=1;
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ meth=SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ meth=SSLv3_client_method();
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv,"-tls1") == 0)
+ meth=TLSv1_client_method();
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv,"-dtls1") == 0)
+ {
+ meth=DTLSv1_client_method();
+ sock_type=SOCK_DGRAM;
+ }
+ else if (strcmp(*argv,"-timeout") == 0)
+ enable_timeouts=1;
+ else if (strcmp(*argv,"-mtu") == 0)
+ {
+ if (--argc < 1) goto bad;
+ socket_mtu = atol(*(++argv));
+ }
+#endif
+ else if (strcmp(*argv,"-bugs") == 0)
+ bugs=1;
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg = *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-reconnect") == 0)
+ {
+ reconnect=5;
+ }
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-no_tls1") == 0)
+ off|=SSL_OP_NO_TLSv1;
+ else if (strcmp(*argv,"-no_ssl3") == 0)
+ off|=SSL_OP_NO_SSLv3;
+ else if (strcmp(*argv,"-no_ssl2") == 0)
+ off|=SSL_OP_NO_SSLv2;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
+#endif
+ else if (strcmp(*argv,"-serverpref") == 0)
+ off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv,"-legacy_server_connect") == 0)
+ { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+ else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cipher= *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv,"-nbio") == 0)
+ { c_nbio=1; }
+#endif
+ else if (strcmp(*argv,"-starttls") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ++argv;
+ if (strcmp(*argv,"smtp") == 0)
+ starttls_proto = PROTO_SMTP;
+ else if (strcmp(*argv,"pop3") == 0)
+ starttls_proto = PROTO_POP3;
+ else if (strcmp(*argv,"imap") == 0)
+ starttls_proto = PROTO_IMAP;
+ else if (strcmp(*argv,"ftp") == 0)
+ starttls_proto = PROTO_FTP;
+ else if (strcmp(*argv, "xmpp") == 0)
+ starttls_proto = PROTO_XMPP;
+ else
+ goto bad;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id = *(++argv);
+ }
+ else if (strcmp(*argv,"-ssl_client_engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ssl_client_engine_id = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-servername") == 0)
+ {
+ if (--argc < 1) goto bad;
+ servername= *(++argv);
+ /* meth=TLSv1_client_method(); */
+ }
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv,"-jpake") == 0)
+ {
+ if (--argc < 1) goto bad;
+ jpake_secret = *++argv;
+ }
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop)
+ {
+bad:
+ sc_usage();
+ goto end;
+ }
+
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id)
+ {
+ ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+ if (!ssl_client_engine)
+ {
+ BIO_printf(bio_err,
+ "Error getting client auth engine\n");
+ goto end;
+ }
+ }
+#endif
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (key_file == NULL)
+ key_file = cert_file;
+
+
+ if (key_file)
+
+ {
+
+ key = load_key(bio_err, key_file, key_format, 0, pass, e,
+ "client certificate private key file");
+ if (!key)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
+ if (cert_file)
+
+ {
+ cert = load_cert(bio_err,cert_file,cert_format,
+ NULL, e, "client certificate file");
+
+ if (!cert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ if (bio_c_out == NULL)
+ {
+ if (c_quiet && !c_debug && !c_msg)
+ {
+ bio_c_out=BIO_new(BIO_s_null());
+ }
+ else
+ {
+ if (bio_c_out == NULL)
+ bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+ }
+ }
+
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ if (ssl_client_engine)
+ {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+ {
+ BIO_puts(bio_err, "Error setting client auth engine\n");
+ ERR_print_errors(bio_err);
+ ENGINE_free(ssl_client_engine);
+ goto end;
+ }
+ ENGINE_free(ssl_client_engine);
+ }
+#endif
+
+ if (bugs)
+ SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+ else
+ SSL_CTX_set_options(ctx,off);
+
+ if (clr)
+ SSL_CTX_clear_options(ctx, clr);
+ /* DTLS: partial reads end up discarding unread UDP bytes :-(
+ * Setting read ahead solves this problem.
+ */
+ if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (cipher != NULL)
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#if 0
+ else
+ SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
+#endif
+
+ SSL_CTX_set_verify(ctx,verify,verify_callback);
+ if (!set_cert_key_stuff(ctx,cert,key))
+ goto end;
+
+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx)))
+ {
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL)
+ {
+ tlsextcbp.biodebug = bio_err;
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
+
+ con=SSL_new(ctx);
+ if (sess_in)
+ {
+ SSL_SESSION *sess;
+ BIO *stmp = BIO_new_file(sess_in, "r");
+ if (!stmp)
+ {
+ BIO_printf(bio_err, "Can't open session file %s\n",
+ sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+ BIO_free(stmp);
+ if (!sess)
+ {
+ BIO_printf(bio_err, "Can't open session file %s\n",
+ sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ SSL_set_session(con, sess);
+ SSL_SESSION_free(sess);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL)
+ {
+ if (!SSL_set_tlsext_host_name(con,servername))
+ {
+ BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+ if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+/* SSL_set_cipher_list(con,"RC4-MD5"); */
+
+re_start:
+
+ if (init_client(&s,host,port,sock_type) == 0)
+ {
+ BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+ }
+ BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+
+#ifdef FIONBIO
+ if (c_nbio)
+ {
+ unsigned long l=1;
+ BIO_printf(bio_c_out,"turning on non blocking io\n");
+ if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ if (c_Pause & 0x01) con->debug=1;
+
+ if ( SSL_version(con) == DTLS1_VERSION)
+ {
+
+ sbio=BIO_new_dgram(s,BIO_NOCLOSE);
+ if (getsockname(s, &peer, (void *)&peerlen) < 0)
+ {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+ }
+
+ (void)BIO_ctrl_set_connected(sbio, 1, &peer);
+
+ if ( enable_timeouts)
+ {
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_SND_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+ }
+
+ if (socket_mtu > 28)
+ {
+ SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+ SSL_set_mtu(con, socket_mtu - 28);
+ }
+ else
+ /* want to do MTU discovery */
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+ }
+ else
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+
+ if (nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+
+ if (c_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(sbio,bio_dump_callback);
+ BIO_set_callback_arg(sbio,(char *)bio_c_out);
+ }
+ if (c_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_out);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (c_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_c_out);
+ }
+ if (c_status_req)
+ {
+ SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+ SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+#if 0
+{
+STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
+OCSP_RESPID *id = OCSP_RESPID_new();
+id->value.byKey = ASN1_OCTET_STRING_new();
+id->type = V_OCSP_RESPID_KEY;
+ASN1_STRING_set(id->value.byKey, "Hello World", -1);
+sk_OCSP_RESPID_push(ids, id);
+SSL_set_tlsext_status_ids(con, ids);
+}
+#endif
+ }
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret)
+ jpake_client_auth(bio_c_out, sbio, jpake_secret);
+#endif
+
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_connect_state(con);
+
+ /* ok, lets connect */
+ width=SSL_get_fd(con)+1;
+
+ read_tty=1;
+ write_tty=0;
+ tty_on=0;
+ read_ssl=1;
+ write_ssl=1;
+
+ cbuf_len=0;
+ cbuf_off=0;
+ sbuf_len=0;
+ sbuf_off=0;
+
+ /* This is an ugly hack that does a lot of assumptions */
+ /* We do have to handle multi-line responses which may come
+ in a single packet or not. We therefore have to use
+ BIO_gets() which does need a buffering BIO. So during
+ the initial chitchat we do push a buffering BIO into the
+ chain that is removed again later on to not disturb the
+ rest of the s_client operation. */
+ if (starttls_proto == PROTO_SMTP)
+ {
+ int foundit=0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from SMTP */
+ do
+ {
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
+ /* STARTTLS command requires EHLO... */
+ BIO_printf(fbio,"EHLO openssl.client.net\r\n");
+ (void)BIO_flush(fbio);
+ /* wait for multi-line response to end EHLO SMTP response */
+ do
+ {
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
+ if (strstr(mbuf,"STARTTLS"))
+ foundit=1;
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found starttls in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio,"STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+ else if (starttls_proto == PROTO_POP3)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"STLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+ else if (starttls_proto == PROTO_IMAP)
+ {
+ int foundit=0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ BIO_gets(fbio,mbuf,BUFSIZZ);
+ /* STARTTLS command requires CAPABILITY... */
+ BIO_printf(fbio,". CAPABILITY\r\n");
+ (void)BIO_flush(fbio);
+ /* wait for multi-line CAPABILITY response */
+ do
+ {
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
+ if (strstr(mbuf,"STARTTLS"))
+ foundit=1;
+ }
+ while (mbuf_len>3 && mbuf[0]!='.');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found STARTTLS in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio,". STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+ else if (starttls_proto == PROTO_FTP)
+ {
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from FTP */
+ do
+ {
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
+ }
+ while (mbuf_len>3 && mbuf[3]=='-');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ BIO_printf(sbio,"AUTH TLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+ if (starttls_proto == PROTO_XMPP)
+ {
+ int seen = 0;
+ BIO_printf(sbio,"<stream:stream "
+ "xmlns:stream='http://etherx.jabber.org/streams' "
+ "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
+ {
+ if (strstr(mbuf, "/stream:features>"))
+ goto shut;
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ }
+ BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+ seen = BIO_read(sbio,sbuf,BUFSIZZ);
+ sbuf[seen] = 0;
+ if (!strstr(sbuf, "<proceed"))
+ goto shut;
+ mbuf[0] = 0;
+ }
+
+ for (;;)
+ {
+ FD_ZERO(&readfds);
+ FD_ZERO(&writefds);
+
+ if ((SSL_version(con) == DTLS1_VERSION) &&
+ DTLSv1_get_timeout(con, &timeout))
+ timeoutp = &timeout;
+ else
+ timeoutp = NULL;
+
+ if (SSL_in_init(con) && !SSL_total_renegotiations(con))
+ {
+ in_init=1;
+ tty_on=0;
+ }
+ else
+ {
+ tty_on=1;
+ if (in_init)
+ {
+ in_init=0;
+ if (sess_out)
+ {
+ BIO *stmp = BIO_new_file(sess_out, "w");
+ if (stmp)
+ {
+ PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
+ BIO_free(stmp);
+ }
+ else
+ BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
+ }
+ print_stuff(bio_c_out,con,full_log);
+ if (full_log > 0) full_log--;
+
+ if (starttls_proto)
+ {
+ BIO_printf(bio_err,"%s",mbuf);
+ /* We don't need to know any more */
+ starttls_proto = PROTO_OFF;
+ }
+
+ if (reconnect)
+ {
+ reconnect--;
+ BIO_printf(bio_c_out,"drop connection and then reconnect\n");
+ SSL_shutdown(con);
+ SSL_set_connect_state(con);
+ SHUTDOWN(SSL_get_fd(con));
+ goto re_start;
+ }
+ }
+ }
+
+ ssl_pending = read_ssl && SSL_pending(con);
+
+ if (!ssl_pending)
+ {
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+ if (tty_on)
+ {
+ if (read_tty) FD_SET(fileno(stdin),&readfds);
+ if (write_tty) FD_SET(fileno(stdout),&writefds);
+ }
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con),&readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con),&writefds);
+#else
+ if(!tty_on || !write_tty) {
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con),&readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con),&writefds);
+ }
+#endif
+/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+ tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+
+ /* Note: under VMS with SOCKETSHR the second parameter
+ * is currently of type (int *) whereas under other
+ * systems it is (void *) if you don't have a cast it
+ * will choke the compiler: if you do have a cast then
+ * you can either go for (int *) or (void *).
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+ /* Under Windows/DOS we make the assumption that we can
+ * always write to the tty: therefore if we need to
+ * write to the tty we just fall through. Otherwise
+ * we timeout the select every second and see if there
+ * are any keypresses. Note: this is a hack, in a proper
+ * Windows application we wouldn't do this.
+ */
+ i=0;
+ if(!write_tty) {
+ if(read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,&tv);
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ if(!i && (!_kbhit() || !read_tty) ) continue;
+#else
+ if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
+#endif
+ } else i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,timeoutp);
+ }
+#elif defined(OPENSSL_SYS_NETWARE)
+ if(!write_tty) {
+ if(read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,&tv);
+ } else i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,timeoutp);
+ }
+#else
+ i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,timeoutp);
+#endif
+ if ( i < 0)
+ {
+ BIO_printf(bio_err,"bad select %d\n",
+ get_last_socket_error());
+ goto shut;
+ /* goto end; */
+ }
+ }
+
+ if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
+ {
+ BIO_printf(bio_err,"TIMEOUT occured\n");
+ }
+
+ if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
+ {
+ k=SSL_write(con,&(cbuf[cbuf_off]),
+ (unsigned int)cbuf_len);
+ switch (SSL_get_error(con,k))
+ {
+ case SSL_ERROR_NONE:
+ cbuf_off+=k;
+ cbuf_len-=k;
+ if (k <= 0) goto end;
+ /* we have done a write(con,NULL,0); */
+ if (cbuf_len <= 0)
+ {
+ read_tty=1;
+ write_ssl=0;
+ }
+ else /* if (cbuf_len > 0) */
+ {
+ read_tty=0;
+ write_ssl=1;
+ }
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out,"write W BLOCK\n");
+ write_ssl=1;
+ read_tty=0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out,"write R BLOCK\n");
+ write_tty=0;
+ read_ssl=1;
+ write_ssl=0;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out,"write X BLOCK\n");
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ if (cbuf_len != 0)
+ {
+ BIO_printf(bio_c_out,"shutdown\n");
+ goto shut;
+ }
+ else
+ {
+ read_tty=1;
+ write_ssl=0;
+ break;
+ }
+
+ case SSL_ERROR_SYSCALL:
+ if ((k != 0) || (cbuf_len != 0))
+ {
+ BIO_printf(bio_err,"write:errno=%d\n",
+ get_last_socket_error());
+ goto shut;
+ }
+ else
+ {
+ read_tty=1;
+ write_ssl=0;
+ }
+ break;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ }
+ }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /* Assume Windows/DOS can always write */
+ else if (!ssl_pending && write_tty)
+#else
+ else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
+#endif
+ {
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
+#endif
+ i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
+
+ if (i <= 0)
+ {
+ BIO_printf(bio_c_out,"DONE\n");
+ goto shut;
+ /* goto end; */
+ }
+
+ sbuf_len-=i;;
+ sbuf_off+=i;
+ if (sbuf_len <= 0)
+ {
+ read_ssl=1;
+ write_tty=0;
+ }
+ }
+ else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
+ {
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+#if 1
+ k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+#else
+/* Demo for pending and peek :-) */
+ k=SSL_read(con,sbuf,16);
+{ char zbuf[10240];
+printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
+}
+#endif
+
+ switch (SSL_get_error(con,k))
+ {
+ case SSL_ERROR_NONE:
+ if (k <= 0)
+ goto end;
+ sbuf_off=0;
+ sbuf_len=k;
+
+ read_ssl=0;
+ write_tty=1;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out,"read W BLOCK\n");
+ write_ssl=1;
+ read_tty=0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out,"read R BLOCK\n");
+ write_tty=0;
+ read_ssl=1;
+ if ((read_tty == 0) && (write_ssl == 0))
+ write_ssl=1;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out,"read X BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
+ goto shut;
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_c_out,"closed\n");
+ goto shut;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ /* break; */
+ }
+ }
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ else if (_kbhit())
+#else
+ else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+#endif
+#elif defined (OPENSSL_SYS_NETWARE)
+ else if (_kbhit())
+#else
+ else if (FD_ISSET(fileno(stdin),&readfds))
+#endif
+ {
+ if (crlf)
+ {
+ int j, lf_num;
+
+ i=read(fileno(stdin),cbuf,BUFSIZZ/2);
+ lf_num = 0;
+ /* both loops are skipped when i <= 0 */
+ for (j = 0; j < i; j++)
+ if (cbuf[j] == '\n')
+ lf_num++;
+ for (j = i-1; j >= 0; j--)
+ {
+ cbuf[j+lf_num] = cbuf[j];
+ if (cbuf[j] == '\n')
+ {
+ lf_num--;
+ i++;
+ cbuf[j+lf_num] = '\r';
+ }
+ }
+ assert(lf_num == 0);
+ }
+ else
+ i=read(fileno(stdin),cbuf,BUFSIZZ);
+
+ if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
+ {
+ BIO_printf(bio_err,"DONE\n");
+ goto shut;
+ }
+
+ if ((!c_ign_eof) && (cbuf[0] == 'R'))
+ {
+ BIO_printf(bio_err,"RENEGOTIATING\n");
+ SSL_renegotiate(con);
+ cbuf_len=0;
+ }
+ else
+ {
+ cbuf_len=i;
+ cbuf_off=0;
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(cbuf, cbuf, i);
+#endif
+ }
+
+ write_ssl=1;
+ read_tty=0;
+ }
+ }
+shut:
+ SSL_shutdown(con);
+ SHUTDOWN(SSL_get_fd(con));
+ ret=0;
+end:
+ if(prexit) print_stuff(bio_c_out,con,1);
+ if (con != NULL) SSL_free(con);
+ if (con2 != NULL) SSL_free(con2);
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (cert)
+ X509_free(cert);
+ if (key)
+ EVP_PKEY_free(key);
+ if (pass)
+ OPENSSL_free(pass);
+ if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+ if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
+ if (bio_c_out != NULL)
+ {
+ BIO_free(bio_c_out);
+ bio_c_out=NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+
+static void print_stuff(BIO *bio, SSL *s, int full)
+ {
+ X509 *peer=NULL;
+ char *p;
+ static const char *space=" ";
+ char buf[BUFSIZ];
+ STACK_OF(X509) *sk;
+ STACK_OF(X509_NAME) *sk2;
+ SSL_CIPHER *c;
+ X509_NAME *xn;
+ int j,i;
+#ifndef OPENSSL_NO_COMP
+ const COMP_METHOD *comp, *expansion;
+#endif
+
+ if (full)
+ {
+ int got_a_chain = 0;
+
+ sk=SSL_get_peer_cert_chain(s);
+ if (sk != NULL)
+ {
+ got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
+ BIO_printf(bio,"---\nCertificate chain\n");
+ for (i=0; i<sk_X509_num(sk); i++)
+ {
+ X509_NAME_oneline(X509_get_subject_name(
+ sk_X509_value(sk,i)),buf,sizeof buf);
+ BIO_printf(bio,"%2d s:%s\n",i,buf);
+ X509_NAME_oneline(X509_get_issuer_name(
+ sk_X509_value(sk,i)),buf,sizeof buf);
+ BIO_printf(bio," i:%s\n",buf);
+ if (c_showcerts)
+ PEM_write_bio_X509(bio,sk_X509_value(sk,i));
+ }
+ }
+
+ BIO_printf(bio,"---\n");
+ peer=SSL_get_peer_certificate(s);
+ if (peer != NULL)
+ {
+ BIO_printf(bio,"Server certificate\n");
+ if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+ PEM_write_bio_X509(bio,peer);
+ X509_NAME_oneline(X509_get_subject_name(peer),
+ buf,sizeof buf);
+ BIO_printf(bio,"subject=%s\n",buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer),
+ buf,sizeof buf);
+ BIO_printf(bio,"issuer=%s\n",buf);
+ }
+ else
+ BIO_printf(bio,"no peer certificate available\n");
+
+ sk2=SSL_get_client_CA_list(s);
+ if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
+ {
+ BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
+ for (i=0; i<sk_X509_NAME_num(sk2); i++)
+ {
+ xn=sk_X509_NAME_value(sk2,i);
+ X509_NAME_oneline(xn,buf,sizeof(buf));
+ BIO_write(bio,buf,strlen(buf));
+ BIO_write(bio,"\n",1);
+ }
+ }
+ else
+ {
+ BIO_printf(bio,"---\nNo client certificate CA names sent\n");
+ }
+ p=SSL_get_shared_ciphers(s,buf,sizeof buf);
+ if (p != NULL)
+ {
+ /* This works only for SSL 2. In later protocol
+ * versions, the client does not know what other
+ * ciphers (in addition to the one to be used
+ * in the current connection) the server supports. */
+
+ BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
+ j=i=0;
+ while (*p)
+ {
+ if (*p == ':')
+ {
+ BIO_write(bio,space,15-j%25);
+ i++;
+ j=0;
+ BIO_write(bio,((i%3)?" ":"\n"),1);
+ }
+ else
+ {
+ BIO_write(bio,p,1);
+ j++;
+ }
+ p++;
+ }
+ BIO_write(bio,"\n",1);
+ }
+
+ BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+ BIO_number_read(SSL_get_rbio(s)),
+ BIO_number_written(SSL_get_wbio(s)));
+ }
+ BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
+ c=SSL_get_current_cipher(s);
+ BIO_printf(bio,"%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ if (peer != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(peer);
+ BIO_printf(bio,"Server public key is %d bit\n",
+ EVP_PKEY_bits(pktmp));
+ EVP_PKEY_free(pktmp);
+ }
+ BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+#ifndef OPENSSL_NO_COMP
+ comp=SSL_get_current_compression(s);
+ expansion=SSL_get_current_expansion(s);
+ BIO_printf(bio,"Compression: %s\n",
+ comp ? SSL_COMP_get_name(comp) : "NONE");
+ BIO_printf(bio,"Expansion: %s\n",
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+ SSL_SESSION_print(bio,SSL_get_session(s));
+ BIO_printf(bio,"---\n");
+ if (peer != NULL)
+ X509_free(peer);
+ /* flush, or debugging output gets mixed with http response */
+ (void)BIO_flush(bio);
+ }
+
+#ifndef OPENSSL_NO_TLSEXT
+
+static int ocsp_resp_cb(SSL *s, void *arg)
+ {
+ const unsigned char *p;
+ int len;
+ OCSP_RESPONSE *rsp;
+ len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+ BIO_puts(arg, "OCSP response: ");
+ if (!p)
+ {
+ BIO_puts(arg, "no response sent\n");
+ return 1;
+ }
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+ if (!rsp)
+ {
+ BIO_puts(arg, "response parse error\n");
+ BIO_dump_indent(arg, (char *)p, len, 4);
+ return 0;
+ }
+ BIO_puts(arg, "\n======================================\n");
+ OCSP_RESPONSE_print(arg, rsp, 0);
+ BIO_puts(arg, "======================================\n");
+ OCSP_RESPONSE_free(rsp);
+ return 1;
+ }
+#endif /* ndef OPENSSL_NO_TLSEXT */
Added: vendor-crypto/openssl/dist/apps/s_server.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_server.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_server.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2533 @@
+/* apps/s_server.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/stat.h>
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+
+#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+#include <sys/types.h>
+#endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+ recursive header file inclusion, resulting in the compiler complaining
+ that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+ is needed to have fileno() declared correctly... So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
+static void close_accept_socket(void );
+static void sv_usage(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp,SSL_CTX *ctx);
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+static DH *get_dh512(void);
+#endif
+
+#ifdef MONOLITH
+static void s_server_init(void);
+#endif
+
+#ifndef S_ISDIR
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+# else
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+# endif
+#endif
+
+#ifndef OPENSSL_NO_DH
+static unsigned char dh512_p[]={
+ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+ 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+ 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+ 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+ 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+ 0x47,0x74,0xE8,0x33,
+ };
+static unsigned char dh512_g[]={
+ 0x02,
+ };
+
+static DH *get_dh512(void)
+ {
+ DH *dh=NULL;
+
+ if ((dh=DH_new()) == NULL) return(NULL);
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ return(NULL);
+ return(dh);
+ }
+#endif
+
+
+/* static int load_CA(SSL_CTX *ctx, char *file);*/
+
+#undef BUFSIZZ
+#define BUFSIZZ 16*1024
+static int bufsize=BUFSIZZ;
+static int accept_socket= -1;
+
+#define TEST_CERT "server.pem"
+#ifndef OPENSSL_NO_TLSEXT
+#define TEST_CERT2 "server2.pem"
+#endif
+#undef PROG
+#define PROG s_server_main
+
+extern int verify_depth;
+
+static char *cipher=NULL;
+static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
+static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
+#endif
+static char *s_dcert_file=NULL,*s_dkey_file=NULL;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+static int s_nbio_test=0;
+int s_crlf=0;
+static SSL_CTX *ctx=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static SSL_CTX *ctx2=NULL;
+#endif
+static int www=0;
+
+static BIO *bio_s_out=NULL;
+static int s_debug=0;
+#ifndef OPENSSL_NO_TLSEXT
+static int s_tlsextdebug=0;
+static int s_tlsextstatus=0;
+static int cert_status_cb(SSL *s, void *arg);
+#endif
+static int s_msg=0;
+static int s_quiet=0;
+
+static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
+static char *engine_id=NULL;
+#endif
+static const char *session_id_prefix=NULL;
+
+static int enable_timeouts = 0;
+static long socket_mtu;
+#ifndef OPENSSL_NO_DTLS1
+static int cert_chain = 0;
+#endif
+
+
+#ifdef MONOLITH
+static void s_server_init(void)
+ {
+ accept_socket=-1;
+ cipher=NULL;
+ s_server_verify=SSL_VERIFY_NONE;
+ s_dcert_file=NULL;
+ s_dkey_file=NULL;
+ s_cert_file=TEST_CERT;
+ s_key_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2=TEST_CERT2;
+ s_key_file2=NULL;
+ ctx2=NULL;
+#endif
+#ifdef FIONBIO
+ s_nbio=0;
+#endif
+ s_nbio_test=0;
+ ctx=NULL;
+ www=0;
+
+ bio_s_out=NULL;
+ s_debug=0;
+ s_msg=0;
+ s_quiet=0;
+ hack=0;
+#ifndef OPENSSL_NO_ENGINE
+ engine_id=NULL;
+#endif
+ }
+#endif
+
+static void sv_usage(void)
+ {
+ BIO_printf(bio_err,"usage: s_server [args ...]\n");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
+ BIO_printf(bio_err," -context arg - set session ID context\n");
+ BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use\n");
+ BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
+ " the certificate file.\n");
+ BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
+ BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
+ BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
+ BIO_printf(bio_err," or a default set of parameters is used\n");
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+ " Use \"openssl ecparam -list_curves\" for all names\n" \
+ " (default is sect163r2).\n");
+#endif
+#ifdef FIONBIO
+ BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
+ BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err," -debug - Print more output\n");
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
+ BIO_printf(bio_err," -state - Print the SSL states\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
+ BIO_printf(bio_err," -quiet - No server output\n");
+ BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
+ BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+ BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+ BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
+ BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
+ BIO_printf(bio_err," -timeout - Enable timeouts\n");
+ BIO_printf(bio_err," -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err," -chain - Read a certificate chain\n");
+ BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
+ BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
+ BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
+#ifndef OPENSSL_NO_DH
+ BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
+#endif
+ BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
+ BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
+ BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
+ BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+ BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
+ BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
+ BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
+ BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#endif
+ }
+
+static int local_argc=0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
+static BIO_METHOD methods_ebcdic=
+ {
+ BIO_TYPE_EBCDIC_FILTER,
+ "EBCDIC/ASCII filter",
+ ebcdic_write,
+ ebcdic_read,
+ ebcdic_puts,
+ ebcdic_gets,
+ ebcdic_ctrl,
+ ebcdic_new,
+ ebcdic_free,
+ };
+
+typedef struct
+{
+ size_t alloced;
+ char buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+ return(&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+ EBCDIC_OUTBUFF *wbuf;
+
+ wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+ wbuf->alloced = 1024;
+ wbuf->buff[0] = '\0';
+
+ bi->ptr=(char *)wbuf;
+ bi->init=1;
+ bi->flags=0;
+ return(1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+ if (a == NULL) return(0);
+ if (a->ptr != NULL)
+ OPENSSL_free(a->ptr);
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ return(1);
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+ int ret=0;
+
+ if (out == NULL || outl == 0) return(0);
+ if (b->next_bio == NULL) return(0);
+
+ ret=BIO_read(b->next_bio,out,outl);
+ if (ret > 0)
+ ascii2ebcdic(out,out,ret);
+ return(ret);
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+ EBCDIC_OUTBUFF *wbuf;
+ int ret=0;
+ int num;
+ unsigned char n;
+
+ if ((in == NULL) || (inl <= 0)) return(0);
+ if (b->next_bio == NULL) return(0);
+
+ wbuf=(EBCDIC_OUTBUFF *)b->ptr;
+
+ if (inl > (num = wbuf->alloced))
+ {
+ num = num + num; /* double the size */
+ if (num < inl)
+ num = inl;
+ OPENSSL_free(wbuf);
+ wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+
+ wbuf->alloced = num;
+ wbuf->buff[0] = '\0';
+
+ b->ptr=(char *)wbuf;
+ }
+
+ ebcdic2ascii(wbuf->buff, in, inl);
+
+ ret=BIO_write(b->next_bio, wbuf->buff, inl);
+
+ return(ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ case BIO_CTRL_DUP:
+ ret=0L;
+ break;
+ default:
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+ return(ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+ int i, ret=0;
+ if (bp->next_bio == NULL) return(0);
+/* return(BIO_gets(bp->next_bio,buf,size));*/
+ for (i=0; i<size-1; ++i)
+ {
+ ret = ebcdic_read(bp,&buf[i],1);
+ if (ret <= 0)
+ break;
+ else if (buf[i] == '\n')
+ {
+ ++i;
+ break;
+ }
+ }
+ if (i < size)
+ buf[i] = '\0';
+ return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+ if (bp->next_bio == NULL) return(0);
+ return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ char * servername;
+ BIO * biodebug;
+ int extension_error;
+} tlsextctx;
+
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+ {
+ tlsextctx * p = (tlsextctx *) arg;
+ const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (servername && p->biodebug)
+ BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
+
+ if (!p->servername)
+ return SSL_TLSEXT_ERR_NOACK;
+
+ if (servername)
+ {
+ if (strcasecmp(servername,p->servername))
+ return p->extension_error;
+ if (ctx2)
+ {
+ BIO_printf(p->biodebug,"Swiching server context.\n");
+ SSL_set_SSL_CTX(s,ctx2);
+ }
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+
+typedef struct tlsextstatusctx_st {
+ /* Default responder to use */
+ char *host, *path, *port;
+ int use_ssl;
+ int timeout;
+ BIO *err;
+ int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
+
+/* Certificate Status callback. This is called when a client includes a
+ * certificate status request extension.
+ *
+ * This is a simplified version. It examines certificates each time and
+ * makes one OCSP responder query for each request.
+ *
+ * A full version would store details such as the OCSP certificate IDs and
+ * minimise the number of OCSP responses by caching them until they were
+ * considered "expired".
+ */
+
+static int cert_status_cb(SSL *s, void *arg)
+ {
+ tlsextstatusctx *srctx = arg;
+ BIO *err = srctx->err;
+ char *host, *port, *path;
+ int use_ssl;
+ unsigned char *rspder = NULL;
+ int rspderlen;
+ STACK *aia = NULL;
+ X509 *x = NULL;
+ X509_STORE_CTX inctx;
+ X509_OBJECT obj;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_CERTID *id = NULL;
+ STACK_OF(X509_EXTENSION) *exts;
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ int i;
+#if 0
+STACK_OF(OCSP_RESPID) *ids;
+SSL_get_tlsext_status_ids(s, &ids);
+BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
+#endif
+ if (srctx->verbose)
+ BIO_puts(err, "cert_status: callback called\n");
+ /* Build up OCSP query from server certificate */
+ x = SSL_get_certificate(s);
+ aia = X509_get1_ocsp(x);
+ if (aia)
+ {
+ if (!OCSP_parse_url(sk_value(aia, 0),
+ &host, &port, &path, &use_ssl))
+ {
+ BIO_puts(err, "cert_status: can't parse AIA URL\n");
+ goto err;
+ }
+ if (srctx->verbose)
+ BIO_printf(err, "cert_status: AIA URL: %s\n",
+ sk_value(aia, 0));
+ }
+ else
+ {
+ if (!srctx->host)
+ {
+ BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
+ goto done;
+ }
+ host = srctx->host;
+ path = srctx->path;
+ port = srctx->port;
+ use_ssl = srctx->use_ssl;
+ }
+
+ if (!X509_STORE_CTX_init(&inctx,
+ SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+ NULL, NULL))
+ goto err;
+ if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
+ X509_get_issuer_name(x),&obj) <= 0)
+ {
+ BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
+ X509_STORE_CTX_cleanup(&inctx);
+ goto done;
+ }
+ req = OCSP_REQUEST_new();
+ if (!req)
+ goto err;
+ id = OCSP_cert_to_id(NULL, x, obj.data.x509);
+ X509_free(obj.data.x509);
+ X509_STORE_CTX_cleanup(&inctx);
+ if (!id)
+ goto err;
+ if (!OCSP_request_add0_id(req, id))
+ goto err;
+ id = NULL;
+ /* Add any extensions to the request */
+ SSL_get_tlsext_status_exts(s, &exts);
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
+ {
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ if (!OCSP_REQUEST_add_ext(req, ext, -1))
+ goto err;
+ }
+ resp = process_responder(err, req, host, path, port, use_ssl,
+ srctx->timeout);
+ if (!resp)
+ {
+ BIO_puts(err, "cert_status: error querying responder\n");
+ goto done;
+ }
+ rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+ if (rspderlen <= 0)
+ goto err;
+ SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+ if (srctx->verbose)
+ {
+ BIO_puts(err, "cert_status: ocsp response sent:\n");
+ OCSP_RESPONSE_print(err, resp, 2);
+ }
+ ret = SSL_TLSEXT_ERR_OK;
+ done:
+ if (ret != SSL_TLSEXT_ERR_OK)
+ ERR_print_errors(err);
+ if (aia)
+ {
+ OPENSSL_free(host);
+ OPENSSL_free(path);
+ OPENSSL_free(port);
+ X509_email_free(aia);
+ }
+ if (id)
+ OCSP_CERTID_free(id);
+ if (req)
+ OCSP_REQUEST_free(req);
+ if (resp)
+ OCSP_RESPONSE_free(resp);
+ return ret;
+ err:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ goto done;
+ }
+#endif
+int MAIN(int, char **);
+
+#ifndef OPENSSL_NO_JPAKE
+static char *jpake_secret = NULL;
+#endif
+
+int MAIN(int argc, char *argv[])
+ {
+ X509_STORE *store = NULL;
+ int vflags = 0;
+ short port=PORT;
+ char *CApath=NULL,*CAfile=NULL;
+ unsigned char *context = NULL;
+ char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
+ char *named_curve = NULL;
+#endif
+ int badop=0,bugs=0;
+ int ret=1;
+ int off=0;
+ int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
+ int state=0;
+ SSL_METHOD *meth=NULL;
+ int socket_type=SOCK_STREAM;
+ ENGINE *e=NULL;
+ char *inrand=NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
+ int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ X509 *s_cert = NULL, *s_dcert = NULL;
+ EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+ int no_cache = 0;
+#ifndef OPENSSL_NO_TLSEXT
+ EVP_PKEY *s_key2 = NULL;
+ X509 *s_cert2 = NULL;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
+#endif
+
+ meth=SSLv23_server_method();
+
+ local_argc=argc;
+ local_argv=argv;
+
+ apps_startup();
+#ifdef MONOLITH
+ s_server_init();
+#endif
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ verify_depth=0;
+#ifdef FIONBIO
+ s_nbio=0;
+#endif
+ s_nbio_test=0;
+
+ argc--;
+ argv++;
+
+ while (argc >= 1)
+ {
+ if ((strcmp(*argv,"-port") == 0) ||
+ (strcmp(*argv,"-accept") == 0))
+ {
+ if (--argc < 1) goto bad;
+ if (!extract_port(*(++argv),&port))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+ s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-Verify") == 0)
+ {
+ s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+ SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-context") == 0)
+ {
+ if (--argc < 1) goto bad;
+ context= (unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-certform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg = *(++argv);
+ }
+ else if (strcmp(*argv,"-dhparam") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dhfile = *(++argv);
+ }
+#ifndef OPENSSL_NO_ECDH
+ else if (strcmp(*argv,"-named_curve") == 0)
+ {
+ if (--argc < 1) goto bad;
+ named_curve = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-dcertform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dcert_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-dcert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dcert_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-dkeyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dkey_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-dpass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dpassarg = *(++argv);
+ }
+ else if (strcmp(*argv,"-dkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dkey_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-nocert") == 0)
+ {
+ nocert=1;
+ }
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-no_cache") == 0)
+ no_cache = 1;
+ else if (strcmp(*argv,"-crl_check") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ }
+ else if (strcmp(*argv,"-crl_check_all") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ }
+ else if (strcmp(*argv,"-serverpref") == 0)
+ { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cipher= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv,"-nbio") == 0)
+ { s_nbio=1; }
+#endif
+ else if (strcmp(*argv,"-nbio_test") == 0)
+ {
+#ifdef FIONBIO
+ s_nbio=1;
+#endif
+ s_nbio_test=1;
+ }
+ else if (strcmp(*argv,"-debug") == 0)
+ { s_debug=1; }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-tlsextdebug") == 0)
+ s_tlsextdebug=1;
+ else if (strcmp(*argv,"-status") == 0)
+ s_tlsextstatus=1;
+ else if (strcmp(*argv,"-status_verbose") == 0)
+ {
+ s_tlsextstatus=1;
+ tlscstatp.verbose = 1;
+ }
+ else if (!strcmp(*argv, "-status_timeout"))
+ {
+ s_tlsextstatus=1;
+ if (--argc < 1) goto bad;
+ tlscstatp.timeout = atoi(*(++argv));
+ }
+ else if (!strcmp(*argv, "-status_url"))
+ {
+ s_tlsextstatus=1;
+ if (--argc < 1) goto bad;
+ if (!OCSP_parse_url(*(++argv),
+ &tlscstatp.host,
+ &tlscstatp.port,
+ &tlscstatp.path,
+ &tlscstatp.use_ssl))
+ {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ goto bad;
+ }
+ }
+#endif
+ else if (strcmp(*argv,"-msg") == 0)
+ { s_msg=1; }
+ else if (strcmp(*argv,"-hack") == 0)
+ { hack=1; }
+ else if (strcmp(*argv,"-state") == 0)
+ { state=1; }
+ else if (strcmp(*argv,"-crlf") == 0)
+ { s_crlf=1; }
+ else if (strcmp(*argv,"-quiet") == 0)
+ { s_quiet=1; }
+ else if (strcmp(*argv,"-bugs") == 0)
+ { bugs=1; }
+ else if (strcmp(*argv,"-no_tmp_rsa") == 0)
+ { no_tmp_rsa=1; }
+ else if (strcmp(*argv,"-no_dhe") == 0)
+ { no_dhe=1; }
+ else if (strcmp(*argv,"-no_ecdhe") == 0)
+ { no_ecdhe=1; }
+ else if (strcmp(*argv,"-www") == 0)
+ { www=1; }
+ else if (strcmp(*argv,"-WWW") == 0)
+ { www=2; }
+ else if (strcmp(*argv,"-HTTP") == 0)
+ { www=3; }
+ else if (strcmp(*argv,"-no_ssl2") == 0)
+ { off|=SSL_OP_NO_SSLv2; }
+ else if (strcmp(*argv,"-no_ssl3") == 0)
+ { off|=SSL_OP_NO_SSLv3; }
+ else if (strcmp(*argv,"-no_tls1") == 0)
+ { off|=SSL_OP_NO_TLSv1; }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
+#endif
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ { meth=SSLv2_server_method(); }
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ { meth=SSLv3_server_method(); }
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv,"-tls1") == 0)
+ { meth=TLSv1_server_method(); }
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv,"-dtls1") == 0)
+ {
+ meth=DTLSv1_server_method();
+ socket_type = SOCK_DGRAM;
+ }
+ else if (strcmp(*argv,"-timeout") == 0)
+ enable_timeouts = 1;
+ else if (strcmp(*argv,"-mtu") == 0)
+ {
+ if (--argc < 1) goto bad;
+ socket_mtu = atol(*(++argv));
+ }
+ else if (strcmp(*argv, "-chain") == 0)
+ cert_chain = 1;
+#endif
+ else if (strcmp(*argv, "-id_prefix") == 0)
+ {
+ if (--argc < 1) goto bad;
+ session_id_prefix = *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-servername") == 0)
+ {
+ if (--argc < 1) goto bad;
+ tlsextcbp.servername= *(++argv);
+ }
+ else if (strcmp(*argv,"-servername_fatal") == 0)
+ { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
+ else if (strcmp(*argv,"-cert2") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_file2= *(++argv);
+ }
+ else if (strcmp(*argv,"-key2") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_file2= *(++argv);
+ }
+
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv,"-jpake") == 0)
+ {
+ if (--argc < 1) goto bad;
+ jpake_secret = *(++argv);
+ }
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop)
+ {
+bad:
+ sv_usage();
+ goto end;
+ }
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM)
+ {
+ BIO_printf(bio_err,
+ "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
+
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+#endif
+
+ if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
+ if (s_key_file == NULL)
+ s_key_file = s_cert_file;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_key_file2 == NULL)
+ s_key_file2 = s_cert_file2;
+#endif
+
+ if (nocert == 0)
+ {
+ s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+ "server certificate private key file");
+ if (!s_key)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
+ NULL, e, "server certificate file");
+
+ if (!s_cert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (tlsextcbp.servername)
+ {
+ s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
+ "second server certificate private key file");
+ if (!s_key2)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_cert2)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ }
+ if (s_dcert_file)
+ {
+
+ if (s_dkey_file == NULL)
+ s_dkey_file = s_dcert_file;
+
+ s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
+ 0, dpass, e,
+ "second certificate private key file");
+ if (!s_dkey)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_dcert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ if (bio_s_out == NULL)
+ {
+ if (s_quiet && !s_debug && !s_msg)
+ {
+ bio_s_out=BIO_new(BIO_s_null());
+ }
+ else
+ {
+ if (bio_s_out == NULL)
+ bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+ }
+ }
+
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ if (nocert)
+#endif
+ {
+ s_cert_file=NULL;
+ s_key_file=NULL;
+ s_dcert_file=NULL;
+ s_dkey_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2=NULL;
+ s_key_file2=NULL;
+#endif
+ }
+
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (session_id_prefix)
+ {
+ if(strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+"warning: id_prefix is too long, only one new session will be possible\n");
+ else if(strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+"warning: id_prefix is too long if you use SSLv2\n");
+ if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
+ {
+ BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx,1);
+ if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+ if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx,off);
+ /* DTLS: partial reads end up discarding unread UDP bytes :-(
+ * Setting read ahead solves this problem.
+ */
+ if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx,128);
+
+#if 0
+ if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+#endif
+
+#if 0
+ if (s_cert_file == NULL)
+ {
+ BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
+ goto end;
+ }
+#endif
+
+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx)))
+ {
+ /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_cert2)
+ {
+ ctx2=SSL_CTX_new(meth);
+ if (ctx2 == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (ctx2)
+ {
+ BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
+
+ if (session_id_prefix)
+ {
+ if(strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if(strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
+ {
+ BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx2,1);
+ if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
+ if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx2,off);
+
+ /* DTLS: partial reads end up discarding unread UDP bytes :-(
+ * Setting read ahead solves this problem.
+ */
+ if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
+
+
+ if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
+
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx2,128);
+
+ if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx2)))
+ {
+ ERR_print_errors(bio_err);
+ }
+ store = SSL_CTX_get_cert_store(ctx2);
+ X509_STORE_set_flags(store, vflags);
+ }
+#endif
+
+
+#ifndef OPENSSL_NO_DH
+ if (!no_dhe)
+ {
+ DH *dh=NULL;
+
+ if (dhfile)
+ dh = load_dh_param(dhfile);
+ else if (s_cert_file)
+ dh = load_dh_param(s_cert_file);
+
+ if (dh != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+ dh=get_dh512();
+ }
+ (void)BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_dh(ctx,dh);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ if (!dhfile)
+ {
+ DH *dh2=load_dh_param(s_cert_file2);
+ if (dh2 != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+ (void)BIO_flush(bio_s_out);
+
+ DH_free(dh);
+ dh = dh2;
+ }
+ }
+ SSL_CTX_set_tmp_dh(ctx2,dh);
+ }
+#endif
+ DH_free(dh);
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (!no_ecdhe)
+ {
+ EC_KEY *ecdh=NULL;
+
+ if (named_curve)
+ {
+ int nid = OBJ_sn2nid(named_curve);
+
+ if (nid == 0)
+ {
+ BIO_printf(bio_err, "unknown curve name (%s)\n",
+ named_curve);
+ goto end;
+ }
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ named_curve);
+ goto end;
+ }
+ }
+
+ if (ecdh != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
+ ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
+ if (ecdh == NULL)
+ {
+ BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
+ goto end;
+ }
+ }
+ (void)BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_ecdh(ctx,ecdh);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
+#endif
+ EC_KEY_free(ecdh);
+ }
+#endif
+
+ if (!set_cert_key_stuff(ctx,s_cert,s_key))
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
+ goto end;
+#endif
+ if (s_dcert != NULL)
+ {
+ if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_RSA
+#if 1
+ if (!no_tmp_rsa)
+ {
+ SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
+#endif
+ }
+#else
+ if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
+ {
+ RSA *rsa;
+
+ BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
+ BIO_flush(bio_s_out);
+
+ rsa=RSA_generate_key(512,RSA_F4,NULL);
+
+ if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ RSA_free(rsa);
+ BIO_printf(bio_s_out,"\n");
+ }
+#endif
+#endif
+
+ if (cipher != NULL)
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
+ {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#endif
+ }
+ SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+ SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
+ sizeof s_server_session_id_context);
+
+ /* Set DTLS cookie generation and verification callbacks */
+ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+ SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
+ SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
+ sizeof s_server_session_id_context);
+
+ tlsextcbp.biodebug = bio_s_out;
+ SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
+ if (CAfile != NULL)
+ {
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
+#endif
+ }
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ if (www)
+ do_server(port,socket_type,&accept_socket,www_body, context);
+ else
+ do_server(port,socket_type,&accept_socket,sv_body, context);
+ print_stats(bio_s_out,ctx);
+ ret=0;
+end:
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (s_cert)
+ X509_free(s_cert);
+ if (s_dcert)
+ X509_free(s_dcert);
+ if (s_key)
+ EVP_PKEY_free(s_key);
+ if (s_dkey)
+ EVP_PKEY_free(s_dkey);
+ if (pass)
+ OPENSSL_free(pass);
+ if (dpass)
+ OPENSSL_free(dpass);
+#ifndef OPENSSL_NO_TLSEXT
+ if (tlscstatp.host)
+ OPENSSL_free(tlscstatp.host);
+ if (tlscstatp.port)
+ OPENSSL_free(tlscstatp.port);
+ if (tlscstatp.path)
+ OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ if (s_cert2)
+ X509_free(s_cert2);
+ if (s_key2)
+ EVP_PKEY_free(s_key2);
+#endif
+ if (bio_s_out != NULL)
+ {
+ BIO_free(bio_s_out);
+ bio_s_out=NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+ {
+ BIO_printf(bio,"%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ssl_ctx));
+ BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ssl_ctx));
+ BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
+ SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+ BIO_printf(bio,"%4ld client connects that finished\n",
+ SSL_CTX_sess_connect_good(ssl_ctx));
+ BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
+ SSL_CTX_sess_accept(ssl_ctx));
+ BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
+ SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+ BIO_printf(bio,"%4ld server accepts that finished\n",
+ SSL_CTX_sess_accept_good(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
+ SSL_CTX_sess_cache_full(ssl_ctx),
+ SSL_CTX_sess_get_cache_size(ssl_ctx));
+ }
+
+static int sv_body(char *hostname, int s, unsigned char *context)
+ {
+ char *buf=NULL;
+ fd_set readfds;
+ int ret=1,width;
+ int k,i;
+ unsigned long l;
+ SSL *con=NULL;
+ BIO *sbio;
+ struct timeval timeout;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ struct timeval tv;
+#else
+ struct timeval *timeoutp;
+#endif
+
+ if ((buf=OPENSSL_malloc(bufsize)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto err;
+ }
+#ifdef FIONBIO
+ if (s_nbio)
+ {
+ unsigned long sl=1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"turning on non blocking io\n");
+ if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+ ERR_print_errors(bio_err);
+ }
+#endif
+
+ if (con == NULL) {
+ con=SSL_new(ctx);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+ if (s_tlsextstatus)
+ {
+ SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+ tlscstatp.err = bio_err;
+ SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
+ KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
+ KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if(context)
+ SSL_set_session_id_context(con, context,
+ strlen((char *)context));
+ }
+ SSL_clear(con);
+
+ if (SSL_version(con) == DTLS1_VERSION)
+ {
+
+ sbio=BIO_new_dgram(s,BIO_NOCLOSE);
+
+ if ( enable_timeouts)
+ {
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_SND_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+ }
+
+
+ if (socket_mtu > 28)
+ {
+ SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+ SSL_set_mtu(con, socket_mtu - 28);
+ }
+ else
+ /* want to do MTU discovery */
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+ /* turn on cookie exchange */
+ SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+ }
+ else
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+
+ if (s_nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+#ifndef OPENSSL_NO_JPAKE
+ if(jpake_secret)
+ jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
+
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_accept_state(con);
+ /* SSL_set_fd(con,s); */
+
+ if (s_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
+ }
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
+
+ width=s+1;
+ for (;;)
+ {
+ int read_from_terminal;
+ int read_from_sslcon;
+
+ read_from_terminal = 0;
+ read_from_sslcon = SSL_pending(con);
+
+ if (!read_from_sslcon)
+ {
+ FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+ FD_SET(fileno(stdin),&readfds);
+#endif
+ FD_SET(s,&readfds);
+ /* Note: under VMS with SOCKETSHR the second parameter is
+ * currently of type (int *) whereas under other systems
+ * it is (void *) if you don't have a cast it will choke
+ * the compiler: if you do have a cast then you can either
+ * go for (int *) or (void *).
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
+ * on sockets. As a workaround we timeout the select every
+ * second and check for any keypress. In a proper Windows
+ * application we wouldn't do this because it is inefficient.
+ */
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,NULL,NULL,&tv);
+ if((i < 0) || (!i && !_kbhit() ) )continue;
+ if(_kbhit())
+ read_from_terminal = 1;
+#else
+ if ((SSL_version(con) == DTLS1_VERSION) &&
+ DTLSv1_get_timeout(con, &timeout))
+ timeoutp = &timeout;
+ else
+ timeoutp = NULL;
+
+ i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
+
+ if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
+ {
+ BIO_printf(bio_err,"TIMEOUT occured\n");
+ }
+
+ if (i <= 0) continue;
+ if (FD_ISSET(fileno(stdin),&readfds))
+ read_from_terminal = 1;
+#endif
+ if (FD_ISSET(s,&readfds))
+ read_from_sslcon = 1;
+ }
+ if (read_from_terminal)
+ {
+ if (s_crlf)
+ {
+ int j, lf_num;
+
+ i=read(fileno(stdin), buf, bufsize/2);
+ lf_num = 0;
+ /* both loops are skipped when i <= 0 */
+ for (j = 0; j < i; j++)
+ if (buf[j] == '\n')
+ lf_num++;
+ for (j = i-1; j >= 0; j--)
+ {
+ buf[j+lf_num] = buf[j];
+ if (buf[j] == '\n')
+ {
+ lf_num--;
+ i++;
+ buf[j+lf_num] = '\r';
+ }
+ }
+ assert(lf_num == 0);
+ }
+ else
+ i=read(fileno(stdin),buf,bufsize);
+ if (!s_quiet)
+ {
+ if ((i <= 0) || (buf[0] == 'Q'))
+ {
+ BIO_printf(bio_s_out,"DONE\n");
+ SHUTDOWN(s);
+ close_accept_socket();
+ ret= -11;
+ goto err;
+ }
+ if ((i <= 0) || (buf[0] == 'q'))
+ {
+ BIO_printf(bio_s_out,"DONE\n");
+ if (SSL_version(con) != DTLS1_VERSION)
+ SHUTDOWN(s);
+ /* close_accept_socket();
+ ret= -11;*/
+ goto err;
+ }
+ if ((buf[0] == 'r') &&
+ ((buf[1] == '\n') || (buf[1] == '\r')))
+ {
+ SSL_renegotiate(con);
+ i=SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n",i);
+ i=0; /*13; */
+ continue;
+ /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
+ }
+ if ((buf[0] == 'R') &&
+ ((buf[1] == '\n') || (buf[1] == '\r')))
+ {
+ SSL_set_verify(con,
+ SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
+ SSL_renegotiate(con);
+ i=SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n",i);
+ i=0; /* 13; */
+ continue;
+ /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
+ }
+ if (buf[0] == 'P')
+ {
+ static const char *str="Lets print some clear text\n";
+ BIO_write(SSL_get_wbio(con),str,strlen(str));
+ }
+ if (buf[0] == 'S')
+ {
+ print_stats(bio_s_out,SSL_get_SSL_CTX(con));
+ }
+ }
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf,buf,i);
+#endif
+ l=k=0;
+ for (;;)
+ {
+ /* should do a select for the write */
+#ifdef RENEG
+{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
+#endif
+ k=SSL_write(con,&(buf[l]),(unsigned int)i);
+ switch (SSL_get_error(con,k))
+ {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_s_out,"Write BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ BIO_printf(bio_s_out,"ERROR\n");
+ ERR_print_errors(bio_err);
+ ret=1;
+ goto err;
+ /* break; */
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_s_out,"DONE\n");
+ ret=1;
+ goto err;
+ }
+ l+=k;
+ i-=k;
+ if (i <= 0) break;
+ }
+ }
+ if (read_from_sslcon)
+ {
+ if (!SSL_is_init_finished(con))
+ {
+ i=init_ssl_connection(con);
+
+ if (i < 0)
+ {
+ ret=0;
+ goto err;
+ }
+ else if (i == 0)
+ {
+ ret=1;
+ goto err;
+ }
+ }
+ else
+ {
+again:
+ i=SSL_read(con,(char *)buf,bufsize);
+ switch (SSL_get_error(con,i))
+ {
+ case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(buf,buf,i);
+#endif
+ if (write(fileno(stdout),buf,
+ (unsigned int)i) != i)
+ goto err;
+
+ if (SSL_pending(con)) goto again;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_s_out,"Read BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ BIO_printf(bio_s_out,"ERROR\n");
+ ERR_print_errors(bio_err);
+ ret=1;
+ goto err;
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_s_out,"DONE\n");
+ ret=1;
+ goto err;
+ }
+ }
+ }
+ }
+err:
+ BIO_printf(bio_s_out,"shutting down SSL\n");
+#if 1
+ SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(con);
+#endif
+ if (con != NULL) SSL_free(con);
+ BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,bufsize);
+ OPENSSL_free(buf);
+ }
+ if (ret >= 0)
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ return(ret);
+ }
+
+static void close_accept_socket(void)
+ {
+ BIO_printf(bio_err,"shutdown accept socket\n");
+ if (accept_socket >= 0)
+ {
+ SHUTDOWN2(accept_socket);
+ }
+ }
+
+static int init_ssl_connection(SSL *con)
+ {
+ int i;
+ const char *str;
+ X509 *peer;
+ long verify_error;
+ MS_STATIC char buf[BUFSIZ];
+
+ if ((i=SSL_accept(con)) <= 0)
+ {
+ if (BIO_sock_should_retry(i))
+ {
+ BIO_printf(bio_s_out,"DELAY\n");
+ return(1);
+ }
+
+ BIO_printf(bio_err,"ERROR\n");
+ verify_error=SSL_get_verify_result(con);
+ if (verify_error != X509_V_OK)
+ {
+ BIO_printf(bio_err,"verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ }
+ else
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+
+ PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
+
+ peer=SSL_get_peer_certificate(con);
+ if (peer != NULL)
+ {
+ BIO_printf(bio_s_out,"Client certificate\n");
+ PEM_write_bio_X509(bio_s_out,peer);
+ X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
+ BIO_printf(bio_s_out,"subject=%s\n",buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
+ BIO_printf(bio_s_out,"issuer=%s\n",buf);
+ X509_free(peer);
+ }
+
+ if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
+ BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
+ str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+ if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+ if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+ TLS1_FLAGS_TLS_PADDING_BUG)
+ BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
+#ifndef OPENSSL_NO_KRB5
+ if (con->kssl_ctx->client_princ != NULL)
+ {
+ BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
+ con->kssl_ctx->client_princ);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+ return(1);
+ }
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+ {
+ DH *ret=NULL;
+ BIO *bio;
+
+ if ((bio=BIO_new_file(dhfile,"r")) == NULL)
+ goto err;
+ ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
+err:
+ if (bio != NULL) BIO_free(bio);
+ return(ret);
+ }
+#endif
+
+#if 0
+static int load_CA(SSL_CTX *ctx, char *file)
+ {
+ FILE *in;
+ X509 *x=NULL;
+
+ if ((in=fopen(file,"r")) == NULL)
+ return(0);
+
+ for (;;)
+ {
+ if (PEM_read_X509(in,&x,NULL) == NULL)
+ break;
+ SSL_CTX_add_client_CA(ctx,x);
+ }
+ if (x != NULL) X509_free(x);
+ fclose(in);
+ return(1);
+ }
+#endif
+
+static int www_body(char *hostname, int s, unsigned char *context)
+ {
+ char *buf=NULL;
+ int ret=1;
+ int i,j,k,dot;
+ struct stat st_buf;
+ SSL *con;
+ SSL_CIPHER *c;
+ BIO *io,*ssl_bio,*sbio;
+#ifdef RENEG
+ long total_bytes;
+#endif
+
+ buf=OPENSSL_malloc(bufsize);
+ if (buf == NULL) return(0);
+ io=BIO_new(BIO_f_buffer());
+ ssl_bio=BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL)) goto err;
+
+#ifdef FIONBIO
+ if (s_nbio)
+ {
+ unsigned long sl=1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"turning on non blocking io\n");
+ if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+ ERR_print_errors(bio_err);
+ }
+#endif
+
+ /* lets make the output buffer a reasonable size */
+ if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
+
+ if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if(context) SSL_set_session_id_context(con, context,
+ strlen((char *)context));
+
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+ if (s_nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_accept_state(con);
+
+ /* SSL_set_fd(con,s); */
+ BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
+ BIO_push(io,ssl_bio);
+#ifdef CHARSET_EBCDIC
+ io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
+#endif
+
+ if (s_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
+ }
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
+
+ for (;;)
+ {
+ if (hack)
+ {
+ i=SSL_accept(con);
+
+ switch (SSL_get_error(con,i))
+ {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ continue;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ case SSL_ERROR_ZERO_RETURN:
+ ret=1;
+ goto err;
+ /* break; */
+ }
+
+ SSL_renegotiate(con);
+ SSL_write(con,NULL,0);
+ }
+
+ i=BIO_gets(io,buf,bufsize-1);
+ if (i < 0) /* error */
+ {
+ if (!BIO_should_retry(io))
+ {
+ if (!s_quiet)
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"read R BLOCK\n");
+#if defined(OPENSSL_SYS_NETWARE)
+ delay(1000);
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+ sleep(1);
+#endif
+ continue;
+ }
+ }
+ else if (i == 0) /* end of input */
+ {
+ ret=1;
+ goto end;
+ }
+
+ /* else we have data */
+ if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
+ ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
+ {
+ char *p;
+ X509 *peer;
+ STACK_OF(SSL_CIPHER) *sk;
+ static const char *space=" ";
+
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+ BIO_puts(io,"<pre>\n");
+/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+ BIO_puts(io,"\n");
+ for (i=0; i<local_argc; i++)
+ {
+ BIO_puts(io,local_argv[i]);
+ BIO_write(io," ",1);
+ }
+ BIO_puts(io,"\n");
+
+ /* The following is evil and should not really
+ * be done */
+ BIO_printf(io,"Ciphers supported in s_server binary\n");
+ sk=SSL_get_ciphers(con);
+ j=sk_SSL_CIPHER_num(sk);
+ for (i=0; i<j; i++)
+ {
+ c=sk_SSL_CIPHER_value(sk,i);
+ BIO_printf(io,"%-11s:%-25s",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ if ((((i+1)%2) == 0) && (i+1 != j))
+ BIO_puts(io,"\n");
+ }
+ BIO_puts(io,"\n");
+ p=SSL_get_shared_ciphers(con,buf,bufsize);
+ if (p != NULL)
+ {
+ BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
+ j=i=0;
+ while (*p)
+ {
+ if (*p == ':')
+ {
+ BIO_write(io,space,26-j);
+ i++;
+ j=0;
+ BIO_write(io,((i%3)?" ":"\n"),1);
+ }
+ else
+ {
+ BIO_write(io,p,1);
+ j++;
+ }
+ p++;
+ }
+ BIO_puts(io,"\n");
+ }
+ BIO_printf(io,((con->hit)
+ ?"---\nReused, "
+ :"---\nNew, "));
+ c=SSL_get_current_cipher(con);
+ BIO_printf(io,"%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ SSL_SESSION_print(io,SSL_get_session(con));
+ BIO_printf(io,"---\n");
+ print_stats(io,SSL_get_SSL_CTX(con));
+ BIO_printf(io,"---\n");
+ peer=SSL_get_peer_certificate(con);
+ if (peer != NULL)
+ {
+ BIO_printf(io,"Client certificate\n");
+ X509_print(io,peer);
+ PEM_write_bio_X509(io,peer);
+ }
+ else
+ BIO_puts(io,"no client certificate available\n");
+ BIO_puts(io,"</BODY></HTML>\r\n\r\n");
+ break;
+ }
+ else if ((www == 2 || www == 3)
+ && (strncmp("GET /",buf,5) == 0))
+ {
+ BIO *file;
+ char *p,*e;
+ static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+ /* skip the '/' */
+ p= &(buf[5]);
+
+ dot = 1;
+ for (e=p; *e != '\0'; e++)
+ {
+ if (e[0] == ' ')
+ break;
+
+ switch (dot)
+ {
+ case 1:
+ dot = (e[0] == '.') ? 2 : 0;
+ break;
+ case 2:
+ dot = (e[0] == '.') ? 3 : 0;
+ break;
+ case 3:
+ dot = (e[0] == '/') ? -1 : 0;
+ break;
+ }
+ if (dot == 0)
+ dot = (e[0] == '/') ? 1 : 0;
+ }
+ dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
+
+ if (*e == '\0')
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+ break;
+ }
+ *e='\0';
+
+ if (dot)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+ break;
+ }
+
+ if (*p == '/')
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is an invalid path\r\n",p);
+ break;
+ }
+
+#if 0
+ /* append if a directory lookup */
+ if (e[-1] == '/')
+ strcat(p,"index.html");
+#endif
+
+ /* if a directory, do the index thang */
+ if (stat(p,&st_buf) < 0)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"Error accessing '%s'\r\n",p);
+ ERR_print_errors(io);
+ break;
+ }
+ if (S_ISDIR(st_buf.st_mode))
+ {
+#if 0 /* must check buffer size */
+ strcat(p,"/index.html");
+#else
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is a directory\r\n",p);
+ break;
+#endif
+ }
+
+ if ((file=BIO_new_file(p,"r")) == NULL)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"Error opening '%s'\r\n",p);
+ ERR_print_errors(io);
+ break;
+ }
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"FILE:%s\n",p);
+
+ if (www == 2)
+ {
+ i=strlen(p);
+ if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ else
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ }
+ /* send the file */
+#ifdef RENEG
+ total_bytes=0;
+#endif
+ for (;;)
+ {
+ i=BIO_read(file,buf,bufsize);
+ if (i <= 0) break;
+
+#ifdef RENEG
+ total_bytes+=i;
+ fprintf(stderr,"%d\n",i);
+ if (total_bytes > 3*1024)
+ {
+ total_bytes=0;
+ fprintf(stderr,"RENEGOTIATE\n");
+ SSL_renegotiate(con);
+ }
+#endif
+
+ for (j=0; j<i; )
+ {
+#ifdef RENEG
+{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+#endif
+ k=BIO_write(io,&(buf[j]),i-j);
+ if (k <= 0)
+ {
+ if (!BIO_should_retry(io))
+ goto write_error;
+ else
+ {
+ BIO_printf(bio_s_out,"rwrite W BLOCK\n");
+ }
+ }
+ else
+ {
+ j+=k;
+ }
+ }
+ }
+write_error:
+ BIO_free(file);
+ break;
+ }
+ }
+
+ for (;;)
+ {
+ i=(int)BIO_flush(io);
+ if (i <= 0)
+ {
+ if (!BIO_should_retry(io))
+ break;
+ }
+ else
+ break;
+ }
+end:
+#if 1
+ /* make sure we re-use sessions */
+ SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ /* This kills performance */
+/* SSL_shutdown(con); A shutdown gets sent in the
+ * BIO_free_all(io) procession */
+#endif
+
+err:
+
+ if (ret >= 0)
+ BIO_printf(bio_s_out,"ACCEPT\n");
+
+ if (buf != NULL) OPENSSL_free(buf);
+ if (io != NULL) BIO_free_all(io);
+/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+ return(ret);
+ }
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+ {
+ BIGNUM *bn = NULL;
+ static RSA *rsa_tmp=NULL;
+
+ if (!rsa_tmp && ((bn = BN_new()) == NULL))
+ BIO_printf(bio_err,"Allocation error in generating RSA key\n");
+ if (!rsa_tmp && bn)
+ {
+ if (!s_quiet)
+ {
+ BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+ (void)BIO_flush(bio_err);
+ }
+ if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+ !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+ {
+ if(rsa_tmp) RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ if (!s_quiet)
+ {
+ BIO_printf(bio_err,"\n");
+ (void)BIO_flush(bio_err);
+ }
+ BN_free(bn);
+ }
+ return(rsa_tmp);
+ }
+#endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+ {
+ unsigned int count = 0;
+ do {
+ RAND_pseudo_bytes(id, *id_len);
+ /* Prefix the session_id with the required prefix. NB: If our
+ * prefix is too long, clip it - but there will be worse effects
+ * anyway, eg. the server could only possibly create 1 session
+ * ID (ie. the prefix!) so all future session negotiations will
+ * fail due to conflicts. */
+ memcpy(id, session_id_prefix,
+ (strlen(session_id_prefix) < *id_len) ?
+ strlen(session_id_prefix) : *id_len);
+ }
+ while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++count < MAX_SESSION_ID_ATTEMPTS));
+ if(count >= MAX_SESSION_ID_ATTEMPTS)
+ return 0;
+ return 1;
+ }
Added: vendor-crypto/openssl/dist/apps/s_socket.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_socket.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_socket.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,622 @@
+/* apps/s_socket.c - socket-related functions used by s_client and s_server */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+
+#ifdef FLAT_INC
+#include "e_os2.h"
+#else
+#include "../e_os2.h"
+#endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+ recursive header file inclusion, resulting in the compiler complaining
+ that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+ is needed to have fileno() declared correctly... So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include <openssl/ssl.h>
+
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+#include "netdb.h"
+#endif
+
+static struct hostent *GetHostByName(char *name);
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+static void ssl_sock_cleanup(void);
+#endif
+static int ssl_sock_init(void);
+static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+static int init_server(int *sock, int port, int type);
+static int init_server_long(int *sock, int port,char *ip, int type);
+static int do_accept(int acc_sock, int *sock, char **host);
+static int host_ip(char *str, unsigned char ip[4]);
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+static int wsa_init_done=0;
+#endif
+
+#ifdef OPENSSL_SYS_WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done=0;
+
+#ifdef OPENSSL_SYS_WIN16
+static HWND topWnd=0;
+static FARPROC lpTopWndProc=NULL;
+static FARPROC lpTopHookProc=NULL;
+extern HINSTANCE _hInstance; /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+ LPARAM lParam)
+ {
+ if (hwnd == topWnd)
+ {
+ switch(message)
+ {
+ case WM_DESTROY:
+ case WM_CLOSE:
+ SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
+ ssl_sock_cleanup();
+ break;
+ }
+ }
+ return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
+ }
+
+static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
+ {
+ topWnd=hwnd;
+ return(FALSE);
+ }
+
+#endif /* OPENSSL_SYS_WIN32 */
+#endif /* OPENSSL_SYS_WINDOWS */
+
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void)
+ {
+ if (wsa_init_done)
+ {
+ wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
+ WSACancelBlockingCall();
+#endif
+ WSACleanup();
+ }
+ }
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+static void sock_cleanup(void)
+ {
+ if (wsa_init_done)
+ {
+ wsa_init_done=0;
+ WSACleanup();
+ }
+ }
+#endif
+
+static int ssl_sock_init(void)
+ {
+#ifdef WATT32
+ extern int _watt_do_exit;
+ _watt_do_exit = 0;
+ if (sock_init())
+ return (0);
+#elif defined(OPENSSL_SYS_WINDOWS)
+ if (!wsa_init_done)
+ {
+ int err;
+
+#ifdef SIGINT
+ signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
+#endif
+ wsa_init_done=1;
+ memset(&wsa_state,0,sizeof(wsa_state));
+ if (WSAStartup(0x0101,&wsa_state)!=0)
+ {
+ err=WSAGetLastError();
+ BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
+ return(0);
+ }
+
+#ifdef OPENSSL_SYS_WIN16
+ EnumTaskWindows(GetCurrentTask(),enumproc,0L);
+ lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
+ lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
+
+ SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
+#endif /* OPENSSL_SYS_WIN16 */
+ }
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ WORD wVerReq;
+ WSADATA wsaData;
+ int err;
+
+ if (!wsa_init_done)
+ {
+
+# ifdef SIGINT
+ signal(SIGINT,(void (*)(int))sock_cleanup);
+# endif
+
+ wsa_init_done=1;
+ wVerReq = MAKEWORD( 2, 0 );
+ err = WSAStartup(wVerReq,&wsaData);
+ if (err != 0)
+ {
+ BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
+ return(0);
+ }
+ }
+#endif /* OPENSSL_SYS_WINDOWS */
+ return(1);
+ }
+
+int init_client(int *sock, char *host, int port, int type)
+ {
+ unsigned char ip[4];
+ short p=0;
+
+ if (!host_ip(host,&(ip[0])))
+ {
+ return(0);
+ }
+ if (p != 0) port=p;
+ return(init_client_ip(sock,ip,port,type));
+ }
+
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+ {
+ unsigned long addr;
+ struct sockaddr_in them;
+ int s,i;
+
+ if (!ssl_sock_init()) return(0);
+
+ memset((char *)&them,0,sizeof(them));
+ them.sin_family=AF_INET;
+ them.sin_port=htons((unsigned short)port);
+ addr=(unsigned long)
+ ((unsigned long)ip[0]<<24L)|
+ ((unsigned long)ip[1]<<16L)|
+ ((unsigned long)ip[2]<< 8L)|
+ ((unsigned long)ip[3]);
+ them.sin_addr.s_addr=htonl(addr);
+
+ if (type == SOCK_STREAM)
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ else /* ( type == SOCK_DGRAM) */
+ s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+#ifndef OPENSSL_SYS_MPE
+ if (type == SOCK_STREAM)
+ {
+ i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+ }
+#endif
+
+ if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+ { close(s); perror("connect"); return(0); }
+ *sock=s;
+ return(1);
+ }
+
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ {
+ int sock;
+ char *name = NULL;
+ int accept_socket;
+ int i;
+
+ if (!init_server(&accept_socket,port,type)) return(0);
+
+ if (ret != NULL)
+ {
+ *ret=accept_socket;
+ /* return(1);*/
+ }
+ for (;;)
+ {
+ if (type==SOCK_STREAM)
+ {
+ if (do_accept(accept_socket,&sock,&name) == 0)
+ {
+ SHUTDOWN(accept_socket);
+ return(0);
+ }
+ }
+ else
+ sock = accept_socket;
+ i=(*cb)(name,sock, context);
+ if (name != NULL) OPENSSL_free(name);
+ if (type==SOCK_STREAM)
+ SHUTDOWN2(sock);
+ if (i < 0)
+ {
+ SHUTDOWN2(accept_socket);
+ return(i);
+ }
+ }
+ }
+
+static int init_server_long(int *sock, int port, char *ip, int type)
+ {
+ int ret=0;
+ struct sockaddr_in server;
+ int s= -1;
+
+ if (!ssl_sock_init()) return(0);
+
+ memset((char *)&server,0,sizeof(server));
+ server.sin_family=AF_INET;
+ server.sin_port=htons((unsigned short)port);
+ if (ip == NULL)
+ server.sin_addr.s_addr=INADDR_ANY;
+ else
+/* Added for T3E, address-of fails on bit field (beckman at acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
+ memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+ memcpy(&server.sin_addr,ip,4);
+#endif
+
+ if (type == SOCK_STREAM)
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+ s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ (void *) &j, sizeof j);
+ }
+#endif
+ if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+ {
+#ifndef OPENSSL_SYS_WINDOWS
+ perror("bind");
+#endif
+ goto err;
+ }
+ /* Make it 128 for linux */
+ if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+ *sock=s;
+ ret=1;
+err:
+ if ((ret == 0) && (s != -1))
+ {
+ SHUTDOWN(s);
+ }
+ return(ret);
+ }
+
+static int init_server(int *sock, int port, int type)
+ {
+ return(init_server_long(sock, port, NULL, type));
+ }
+
+static int do_accept(int acc_sock, int *sock, char **host)
+ {
+ int ret;
+ struct hostent *h1,*h2;
+ static struct sockaddr_in from;
+ int len;
+/* struct linger ling; */
+
+ if (!ssl_sock_init()) return(0);
+
+#ifndef OPENSSL_SYS_WINDOWS
+redoit:
+#endif
+
+ memset((char *)&from,0,sizeof(from));
+ len=sizeof(from);
+ /* Note: under VMS with SOCKETSHR the fourth parameter is currently
+ * of type (int *) whereas under other systems it is (void *) if
+ * you don't have a cast it will choke the compiler: if you do
+ * have a cast then you can either go for (int *) or (void *).
+ */
+ ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
+ if (ret == INVALID_SOCKET)
+ {
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ int i;
+ i=WSAGetLastError();
+ BIO_printf(bio_err,"accept error %d\n",i);
+#else
+ if (errno == EINTR)
+ {
+ /*check_timeout(); */
+ goto redoit;
+ }
+ fprintf(stderr,"errno=%d ",errno);
+ perror("accept");
+#endif
+ return(0);
+ }
+
+/*
+ ling.l_onoff=1;
+ ling.l_linger=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+ if (i < 0) { perror("linger"); return(0); }
+ i=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+*/
+
+ if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+ sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+ h1=gethostbyaddr((char *)&from.sin_addr,
+ sizeof(struct in_addr),AF_INET);
+#endif
+ if (h1 == NULL)
+ {
+ BIO_printf(bio_err,"bad gethostbyaddr\n");
+ *host=NULL;
+ /* return(0); */
+ }
+ else
+ {
+ if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+ {
+ perror("OPENSSL_malloc");
+ return(0);
+ }
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+
+ h2=GetHostByName(*host);
+ if (h2 == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ return(0);
+ }
+ if (h2->h_addrtype != AF_INET)
+ {
+ BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ return(0);
+ }
+ }
+end:
+ *sock=ret;
+ return(1);
+ }
+
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+ short *port_ptr)
+ {
+ char *h,*p;
+
+ h=str;
+ p=strchr(str,':');
+ if (p == NULL)
+ {
+ BIO_printf(bio_err,"no port defined\n");
+ return(0);
+ }
+ *(p++)='\0';
+
+ if ((ip != NULL) && !host_ip(str,ip))
+ goto err;
+ if (host_ptr != NULL) *host_ptr=h;
+
+ if (!extract_port(p,port_ptr))
+ goto err;
+ return(1);
+err:
+ return(0);
+ }
+
+static int host_ip(char *str, unsigned char ip[4])
+ {
+ unsigned int in[4];
+ int i;
+
+ if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+ {
+ for (i=0; i<4; i++)
+ if (in[i] > 255)
+ {
+ BIO_printf(bio_err,"invalid IP address\n");
+ goto err;
+ }
+ ip[0]=in[0];
+ ip[1]=in[1];
+ ip[2]=in[2];
+ ip[3]=in[3];
+ }
+ else
+ { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!ssl_sock_init()) return(0);
+
+ he=GetHostByName(str);
+ if (he == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+ if ((short)he->h_addrtype != AF_INET)
+ {
+ BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ return(0);
+ }
+ ip[0]=he->h_addr_list[0][0];
+ ip[1]=he->h_addr_list[0][1];
+ ip[2]=he->h_addr_list[0][2];
+ ip[3]=he->h_addr_list[0][3];
+ }
+ return(1);
+err:
+ return(0);
+ }
+
+int extract_port(char *str, short *port_ptr)
+ {
+ int i;
+ struct servent *s;
+
+ i=atoi(str);
+ if (i != 0)
+ *port_ptr=(unsigned short)i;
+ else
+ {
+ s=getservbyname(str,"tcp");
+ if (s == NULL)
+ {
+ BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+ return(0);
+ }
+ *port_ptr=ntohs((unsigned short)s->s_port);
+ }
+ return(1);
+ }
+
+#define GHBN_NUM 4
+static struct ghbn_cache_st
+ {
+ char name[128];
+ struct hostent ent;
+ unsigned long order;
+ } ghbn_cache[GHBN_NUM];
+
+static unsigned long ghbn_hits=0L;
+static unsigned long ghbn_miss=0L;
+
+static struct hostent *GetHostByName(char *name)
+ {
+ struct hostent *ret;
+ int i,lowi=0;
+ unsigned long low= (unsigned long)-1;
+
+ for (i=0; i<GHBN_NUM; i++)
+ {
+ if (low > ghbn_cache[i].order)
+ {
+ low=ghbn_cache[i].order;
+ lowi=i;
+ }
+ if (ghbn_cache[i].order > 0)
+ {
+ if (strncmp(name,ghbn_cache[i].name,128) == 0)
+ break;
+ }
+ }
+ if (i == GHBN_NUM) /* no hit*/
+ {
+ ghbn_miss++;
+ ret=gethostbyname(name);
+ if (ret == NULL) return(NULL);
+ /* else add to cache */
+ if(strlen(name) < sizeof ghbn_cache[0].name)
+ {
+ strcpy(ghbn_cache[lowi].name,name);
+ memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+ ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ }
+ return(ret);
+ }
+ else
+ {
+ ghbn_hits++;
+ ret= &(ghbn_cache[i].ent);
+ ghbn_cache[i].order=ghbn_miss+ghbn_hits;
+ return(ret);
+ }
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/apps/s_time.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_time.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/s_time.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,735 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define NO_SHUTDOWN
+
+/*-----------------------------------------
+ s_time - SSL client connection timer program
+ Written and donated by Larry Streepy <streepy at healthcare.com>
+ -----------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define USE_SOCKETS
+#include "apps.h"
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "s_apps.h"
+#include <openssl/err.h>
+#ifdef WIN32_STUFF
+#include "winmain.h"
+#include "wintext.h"
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
+
+#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+/* The following if from times(3) man page. It may need to be changed
+*/
+#ifndef HZ
+# ifdef _SC_CLK_TCK
+# define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
+#endif
+
+#undef PROG
+#define PROG s_time_main
+
+#undef ioctl
+#define ioctl ioctlsocket
+
+#define SSL_CONNECT_NAME "localhost:4433"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+
+#define MYBUFSIZ 1024*8
+
+#undef min
+#undef max
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+
+#undef SECONDS
+#define SECONDS 30
+extern int verify_depth;
+extern int verify_error;
+
+static void s_time_usage(void);
+static int parseArgs( int argc, char **argv );
+static SSL *doConnection( SSL *scon );
+static void s_time_init(void);
+
+/***********************************************************************
+ * Static data declarations
+ */
+
+/* static char *port=PORT_STR;*/
+static char *host=SSL_CONNECT_NAME;
+static char *t_cert_file=NULL;
+static char *t_key_file=NULL;
+static char *CApath=NULL;
+static char *CAfile=NULL;
+static char *tm_cipher=NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx=NULL;
+static SSL_METHOD *s_time_meth=NULL;
+static char *s_www_path=NULL;
+static long bytes_read=0;
+static int st_bugs=0;
+static int perform=0;
+#ifdef FIONBIO
+static int t_nbio=0;
+#endif
+#ifdef OPENSSL_SYS_WIN32
+static int exitNow = 0; /* Set when it's time to exit main */
+#endif
+
+static void s_time_init(void)
+ {
+ host=SSL_CONNECT_NAME;
+ t_cert_file=NULL;
+ t_key_file=NULL;
+ CApath=NULL;
+ CAfile=NULL;
+ tm_cipher=NULL;
+ tm_verify = SSL_VERIFY_NONE;
+ maxTime = SECONDS;
+ tm_ctx=NULL;
+ s_time_meth=NULL;
+ s_www_path=NULL;
+ bytes_read=0;
+ st_bugs=0;
+ perform=0;
+
+#ifdef FIONBIO
+ t_nbio=0;
+#endif
+#ifdef OPENSSL_SYS_WIN32
+ exitNow = 0; /* Set when it's time to exit main */
+#endif
+ }
+
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage(void)
+{
+ static char umsg[] = "\
+-time arg - max number of seconds to collect data, default %d\n\
+-verify arg - turn on peer certificate verification, arg == depth\n\
+-cert arg - certificate file to use, PEM format assumed\n\
+-key arg - RSA file to use, PEM format assumed, key is in cert file\n\
+ file if not specified by this option\n\
+-CApath arg - PEM format directory of CA's\n\
+-CAfile arg - PEM format file of CA's\n\
+-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
+
+ printf( "usage: s_time <args>\n\n" );
+
+ printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+#ifdef FIONBIO
+ printf("-nbio - Run with non-blocking IO\n");
+ printf("-ssl2 - Just use SSLv2\n");
+ printf("-ssl3 - Just use SSLv3\n");
+ printf("-bugs - Turn on SSL bug compatibility\n");
+ printf("-new - Just time new connections\n");
+ printf("-reuse - Just time connection reuse\n");
+ printf("-www page - Retrieve 'page' from the site\n");
+#endif
+ printf( umsg,SECONDS );
+}
+
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(int argc, char **argv)
+{
+ int badop = 0;
+
+ verify_depth=0;
+ verify_error=X509_V_OK;
+
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+#if 0
+ else if( strcmp(*argv,"-host") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+ else if( strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+ port= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-reuse") == 0)
+ perform=2;
+ else if (strcmp(*argv,"-new") == 0)
+ perform=1;
+ else if( strcmp(*argv,"-verify") == 0) {
+
+ tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+
+ } else if( strcmp(*argv,"-cert") == 0) {
+
+ if (--argc < 1) goto bad;
+ t_cert_file= *(++argv);
+
+ } else if( strcmp(*argv,"-key") == 0) {
+
+ if (--argc < 1) goto bad;
+ t_key_file= *(++argv);
+
+ } else if( strcmp(*argv,"-CApath") == 0) {
+
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+
+ } else if( strcmp(*argv,"-CAfile") == 0) {
+
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+
+ } else if( strcmp(*argv,"-cipher") == 0) {
+
+ if (--argc < 1) goto bad;
+ tm_cipher= *(++argv);
+ }
+#ifdef FIONBIO
+ else if(strcmp(*argv,"-nbio") == 0) {
+ t_nbio=1;
+ }
+#endif
+ else if(strcmp(*argv,"-www") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_www_path= *(++argv);
+ if(strlen(s_www_path) > MYBUFSIZ-100)
+ {
+ BIO_printf(bio_err,"-www option too long\n");
+ badop=1;
+ }
+ }
+ else if(strcmp(*argv,"-bugs") == 0)
+ st_bugs=1;
+#ifndef OPENSSL_NO_SSL2
+ else if(strcmp(*argv,"-ssl2") == 0)
+ s_time_meth=SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if(strcmp(*argv,"-ssl3") == 0)
+ s_time_meth=SSLv3_client_method();
+#endif
+ else if( strcmp(*argv,"-time") == 0) {
+
+ if (--argc < 1) goto bad;
+ maxTime= atoi(*(++argv));
+ }
+ else {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+ if (perform == 0) perform=3;
+
+ if(badop) {
+bad:
+ s_time_usage();
+ return -1;
+ }
+
+ return 0; /* Valid args */
+}
+
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START 0
+#define STOP 1
+
+static double tm_Time_F(int s)
+ {
+ static double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if(s == START) {
+ times(&tstart);
+ return(0);
+ } else {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#elif defined(OPENSSL_SYS_NETWARE)
+ static clock_t tstart,tend;
+
+ if (s == START)
+ {
+ tstart=clock();
+ return(0);
+ }
+ else
+ {
+ tend=clock();
+ ret=(double)((double)(tend)-(double)(tstart));
+ return((ret < 0.001)?0.001:ret);
+ }
+#elif defined(OPENSSL_SYS_VXWORKS)
+ {
+ static unsigned long tick_start, tick_end;
+
+ if( s == START )
+ {
+ tick_start = tickGet();
+ return 0;
+ }
+ else
+ {
+ tick_end = tickGet();
+ ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+ return((ret == 0.0)?1e-6:ret);
+ }
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if(s == START) {
+ ftime(&tstart);
+ return(0);
+ } else {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#endif
+}
+
+/***********************************************************************
+ * MAIN - main processing area for client
+ * real name depends on MONOLITH
+ */
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ double totalTime = 0.0;
+ int nConn = 0;
+ SSL *scon=NULL;
+ long finishtime=0;
+ int ret=1,i;
+ MS_STATIC char buf[1024*8];
+ int ver;
+
+ apps_startup();
+ s_time_init();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ s_time_meth=SSLv23_client_method();
+#elif !defined(OPENSSL_NO_SSL3)
+ s_time_meth=SSLv3_client_method();
+#elif !defined(OPENSSL_NO_SSL2)
+ s_time_meth=SSLv2_client_method();
+#endif
+
+ /* parse the command line arguments */
+ if( parseArgs( argc, argv ) < 0 )
+ goto end;
+
+ OpenSSL_add_ssl_algorithms();
+ if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+
+ SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+
+ if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
+ SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
+ if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
+ goto end;
+
+ SSL_load_error_strings();
+
+ if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ {
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+
+ if (tm_cipher == NULL)
+ tm_cipher = getenv("SSL_CIPHER");
+
+ if (tm_cipher == NULL ) {
+ fprintf( stderr, "No CIPHER specified\n" );
+ }
+
+ if (!(perform & 1)) goto next;
+ printf( "Collecting connection statistics for %d seconds\n", maxTime );
+
+ /* Loop and time how long it takes to make connections */
+
+ bytes_read=0;
+ finishtime=(long)time(NULL)+maxTime;
+ tm_Time_F(START);
+ for (;;)
+ {
+ if (finishtime < (long)time(NULL)) break;
+#ifdef WIN32_STUFF
+
+ if( flushWinMsgs(0) == -1 )
+ goto end;
+
+ if( waitingToDie || exitNow ) /* we're dead */
+ goto end;
+#endif
+
+ if( (scon = doConnection( NULL )) == NULL )
+ goto end;
+
+ if (s_www_path != NULL)
+ {
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+ bytes_read+=i;
+ }
+
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn += 1;
+ if (SSL_session_reused(scon))
+ ver='r';
+ else
+ {
+ ver=SSL_version(scon);
+ if (ver == TLS1_VERSION)
+ ver='t';
+ else if (ver == SSL3_VERSION)
+ ver='3';
+ else if (ver == SSL2_VERSION)
+ ver='2';
+ else
+ ver='*';
+ }
+ fputc(ver,stdout);
+ fflush(stdout);
+
+ SSL_free( scon );
+ scon=NULL;
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+ i=(int)((long)time(NULL)-finishtime+maxTime);
+ printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+ /* Now loop and time connections using the same session id over and over */
+
+next:
+ if (!(perform & 2)) goto end;
+ printf( "\n\nNow timing with session id reuse.\n" );
+
+ /* Get an SSL object so we can reuse the session id */
+ if( (scon = doConnection( NULL )) == NULL )
+ {
+ fprintf( stderr, "Unable to get connection\n" );
+ goto end;
+ }
+
+ if (s_www_path != NULL)
+ {
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while (SSL_read(scon,buf,sizeof(buf)) > 0)
+ ;
+ }
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn = 0;
+ totalTime = 0.0;
+
+ finishtime=(long)time(NULL)+maxTime;
+
+ printf( "starting\n" );
+ bytes_read=0;
+ tm_Time_F(START);
+
+ for (;;)
+ {
+ if (finishtime < (long)time(NULL)) break;
+
+#ifdef WIN32_STUFF
+ if( flushWinMsgs(0) == -1 )
+ goto end;
+
+ if( waitingToDie || exitNow ) /* we're dead */
+ goto end;
+#endif
+
+ if( (doConnection( scon )) == NULL )
+ goto end;
+
+ if (s_www_path)
+ {
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+ bytes_read+=i;
+ }
+
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn += 1;
+ if (SSL_session_reused(scon))
+ ver='r';
+ else
+ {
+ ver=SSL_version(scon);
+ if (ver == TLS1_VERSION)
+ ver='t';
+ else if (ver == SSL3_VERSION)
+ ver='3';
+ else if (ver == SSL2_VERSION)
+ ver='2';
+ else
+ ver='*';
+ }
+ fputc(ver,stdout);
+ fflush(stdout);
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+
+
+ printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+ ret=0;
+end:
+ if (scon != NULL) SSL_free(scon);
+
+ if (tm_ctx != NULL)
+ {
+ SSL_CTX_free(tm_ctx);
+ tm_ctx=NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+/***********************************************************************
+ * doConnection - make a connection
+ * Args:
+ * scon = earlier ssl connection for session id, or NULL
+ * Returns:
+ * SSL * = the connection pointer.
+ */
+static SSL *doConnection(SSL *scon)
+ {
+ BIO *conn;
+ SSL *serverCon;
+ int width, i;
+ fd_set readfds;
+
+ if ((conn=BIO_new(BIO_s_connect())) == NULL)
+ return(NULL);
+
+/* BIO_set_conn_port(conn,port);*/
+ BIO_set_conn_hostname(conn,host);
+
+ if (scon == NULL)
+ serverCon=SSL_new(tm_ctx);
+ else
+ {
+ serverCon=scon;
+ SSL_set_connect_state(serverCon);
+ }
+
+ SSL_set_bio(serverCon,conn,conn);
+
+#if 0
+ if( scon != NULL )
+ SSL_set_session(serverCon,SSL_get_session(scon));
+#endif
+
+ /* ok, lets connect */
+ for(;;) {
+ i=SSL_connect(serverCon);
+ if (BIO_sock_should_retry(i))
+ {
+ BIO_printf(bio_err,"DELAY\n");
+
+ i=SSL_get_fd(serverCon);
+ width=i+1;
+ FD_ZERO(&readfds);
+ FD_SET(i,&readfds);
+ /* Note: under VMS with SOCKETSHR the 2nd parameter
+ * is currently of type (int *) whereas under other
+ * systems it is (void *) if you don't have a cast it
+ * will choke the compiler: if you do have a cast then
+ * you can either go for (int *) or (void *).
+ */
+ select(width,(void *)&readfds,NULL,NULL,NULL);
+ continue;
+ }
+ break;
+ }
+ if(i <= 0)
+ {
+ BIO_printf(bio_err,"ERROR\n");
+ if (verify_error != X509_V_OK)
+ BIO_printf(bio_err,"verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ else
+ ERR_print_errors(bio_err);
+ if (scon == NULL)
+ SSL_free(serverCon);
+ return NULL;
+ }
+
+ return serverCon;
+ }
+
+
Added: vendor-crypto/openssl/dist/apps/server.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/server.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/server.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,369 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+itAE+OjGF+PFKbwX8Q==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs at thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs at thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/server.srl
===================================================================
--- vendor-crypto/openssl/dist/apps/server.srl (rev 0)
+++ vendor-crypto/openssl/dist/apps/server.srl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1 @@
+01
Added: vendor-crypto/openssl/dist/apps/server2.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/server2.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/server2.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,376 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs at thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs at thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/sess_id.c
===================================================================
--- vendor-crypto/openssl/dist/apps/sess_id.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/sess_id.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,320 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG sess_id_main
+
+static const char *sess_id_usage[]={
+"usage: sess_id args\n",
+"\n",
+" -inform arg - input format - default PEM (DER or PEM)\n",
+" -outform arg - output format - default PEM\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -text - print ssl session id details\n",
+" -cert - output certificate \n",
+" -noout - no CRL output\n",
+" -context arg - set the session ID context\n",
+NULL
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ SSL_SESSION *x=NULL;
+ int ret=1,i,num,badops=0;
+ BIO *out=NULL;
+ int informat,outformat;
+ char *infile=NULL,*outfile=NULL,*context=NULL;
+ int cert=0,noout=0,text=0;
+ const char **pp;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-text") == 0)
+ text= ++num;
+ else if (strcmp(*argv,"-cert") == 0)
+ cert= ++num;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else if (strcmp(*argv,"-context") == 0)
+ {
+ if(--argc < 1) goto bad;
+ context=*++argv;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=sess_id_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x=load_sess_id(infile,informat);
+ if (x == NULL) { goto end; }
+
+ if(context)
+ {
+ x->sid_ctx_length=strlen(context);
+ if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+ {
+ BIO_printf(bio_err,"Context too long\n");
+ goto end;
+ }
+ memcpy(x->sid_ctx,context,x->sid_ctx_length);
+ }
+
+#ifdef undef
+ /* just testing for memory leaks :-) */
+ {
+ SSL_SESSION *s;
+ char buf[1024*10],*p;
+ int i;
+
+ s=SSL_SESSION_new();
+
+ p= &buf;
+ i=i2d_SSL_SESSION(x,&p);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ SSL_SESSION_free(s);
+ }
+#endif
+
+ if (!noout || text)
+ {
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (text)
+ {
+ SSL_SESSION_print(out,x);
+
+ if (cert)
+ {
+ if (x->peer == NULL)
+ BIO_puts(out,"No certificate present\n");
+ else
+ X509_print(out,x->peer);
+ }
+ }
+
+ if (!noout && !cert)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_SSL_SESSION_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_SSL_SESSION(out,x);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+ goto end;
+ }
+ }
+ else if (!noout && (x->peer != NULL)) /* just print the certificate */
+ {
+ if (outformat == FORMAT_ASN1)
+ i=(int)i2d_X509_bio(out,x->peer);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509(out,x->peer);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err,"unable to write X509\n");
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (out != NULL) BIO_free_all(out);
+ if (x != NULL) SSL_SESSION_free(x);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+ {
+ SSL_SESSION *x=NULL;
+ BIO *in=NULL;
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x=d2i_SSL_SESSION_bio(in,NULL);
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL)
+ {
+ BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+end:
+ if (in != NULL) BIO_free(in);
+ return(x);
+ }
+
Added: vendor-crypto/openssl/dist/apps/set/set-g-ca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set-g-ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set-g-ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
+Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
+6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
+vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
+SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
+AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
+9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
+a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/set/set-m-ca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set-m-ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set-m-ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
+Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
+7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
+FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
+SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
+GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
+EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
+x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/set/set_b_ca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set_b_ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set_b_ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
+b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
+9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
+ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
+3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
+J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
+mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
+EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
+IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
+jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
+NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
+ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
+DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
+43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
+9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
+VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
+WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
+lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/set/set_c_ca.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set_c_ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set_c_ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
+Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
+Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
+pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
+RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
+u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
+XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
++IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/set/set_d_ct.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set_d_ct.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set_d_ct.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
+NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
+MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
+cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
+MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
+/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
+HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
+IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
+NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
+IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
+BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
+ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
+MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
+c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
+mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
+ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
+UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/set/set_root.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/set/set_root.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/set/set_root.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
+zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
+rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
+/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
+g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
+ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
+AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
+OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
+Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
+y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
+vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
+O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
+DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
+vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
+bxCrVJLd8tu9WgA=
+-----END CERTIFICATE-----
Added: vendor-crypto/openssl/dist/apps/smime.c
===================================================================
--- vendor-crypto/openssl/dist/apps/smime.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/smime.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,801 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+#undef PROG
+#define PROG smime_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP 0x10
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT 2
+#define SMIME_SIGN (3 | SMIME_OP)
+#define SMIME_VERIFY 4
+#define SMIME_PK7OUT 5
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+ const EVP_CIPHER *cipher = NULL;
+ PKCS7 *p7 = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ int badarg = 0;
+ int flags = PKCS7_DETACHED;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp (*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp (*args, "-pk7out"))
+ operation = SMIME_PK7OUT;
+#ifndef OPENSSL_NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp (*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp (*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp (*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp (*args, "-nosmimecap"))
+ flags |= PKCS7_NOSMIMECAP;
+ else if (!strcmp (*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= PKCS7_NOSIGS;
+ else if (!strcmp (*args, "-nooldmime"))
+ flags |= PKCS7_NOOLDMIMETYPE;
+ else if (!strcmp (*args, "-crlfeol"))
+ flags |= PKCS7_CRLFEOL;
+ else if (!strcmp(*args,"-rand"))
+ {
+ if (args[1])
+ {
+ args++;
+ inrand = *args;
+ }
+ else
+ badarg = 1;
+ need_rand = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args,"-engine"))
+ {
+ if (args[1])
+ {
+ args++;
+ engine = *args;
+ }
+ else badarg = 1;
+ }
+#endif
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (args[1])
+ {
+ args++;
+ passargin = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-to"))
+ {
+ if (args[1])
+ {
+ args++;
+ to = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-from"))
+ {
+ if (args[1])
+ {
+ args++;
+ from = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-subject"))
+ {
+ if (args[1])
+ {
+ args++;
+ subject = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-signer"))
+ {
+ if (args[1])
+ {
+ args++;
+ signerfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-recip"))
+ {
+ if (args[1])
+ {
+ args++;
+ recipfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-inkey"))
+ {
+ if (args[1])
+ {
+ args++;
+ keyfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-keyform"))
+ {
+ if (args[1])
+ {
+ args++;
+ keyform = str2fmt(*args);
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-certfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ certfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ CAfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (args[1])
+ {
+ args++;
+ CApath = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-in"))
+ {
+ if (args[1])
+ {
+ args++;
+ infile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-inform"))
+ {
+ if (args[1])
+ {
+ args++;
+ informat = str2fmt(*args);
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-outform"))
+ {
+ if (args[1])
+ {
+ args++;
+ outformat = str2fmt(*args);
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (!strcmp (*args, "-content"))
+ {
+ if (args[1])
+ {
+ args++;
+ contfile = *args;
+ }
+ else
+ badarg = 1;
+ }
+ else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else
+ badarg = 1;
+ args++;
+ }
+
+
+ if (operation == SMIME_SIGN)
+ {
+ if (!signerfile)
+ {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ }
+ else if (operation == SMIME_DECRYPT)
+ {
+ if (!recipfile && !keyfile)
+ {
+ BIO_printf(bio_err, "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ if (!*args)
+ {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ }
+ else if (!operation)
+ badarg = 1;
+
+ if (badarg)
+ {
+ BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (operation != SMIME_SIGN)
+ flags &= ~PKCS7_DETACHED;
+
+ if (operation & SMIME_OP)
+ {
+ if (flags & PKCS7_BINARY)
+ inmode = "rb";
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ }
+ else
+ {
+ if (flags & PKCS7_BINARY)
+ outmode = "wb";
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT)
+ {
+ if (!cipher)
+ {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+ encerts = sk_X509_new_null();
+ while (*args)
+ {
+ if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file")))
+ {
+#if 0 /* An appropriate message is already printed */
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
+ goto end;
+ }
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (signerfile && (operation == SMIME_SIGN))
+ {
+ if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate")))
+ {
+#if 0 /* An appropri message has already been printed */
+ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
+ goto end;
+ }
+ }
+
+ if (certfile)
+ {
+ if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file")))
+ {
+#if 0 /* An appropriate message has already been printed */
+ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT))
+ {
+ if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file")))
+ {
+#if 0 /* An appropriate message has alrady been printed */
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT)
+ {
+ if (!keyfile)
+ keyfile = recipfile;
+ }
+ else if (operation == SMIME_SIGN)
+ {
+ if (!keyfile)
+ keyfile = signerfile;
+ }
+ else keyfile = NULL;
+
+ if (keyfile)
+ {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file(infile, inmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file(outfile, outmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (operation == SMIME_VERIFY)
+ {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, smime_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+
+ ret = 3;
+
+ if (operation == SMIME_ENCRYPT)
+ p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+ else if (operation == SMIME_SIGN)
+ {
+ /* If detached data and SMIME output enable partial
+ * signing.
+ */
+ if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
+ flags |= PKCS7_STREAM;
+ p7 = PKCS7_sign(signer, key, other, in, flags);
+ }
+ else
+ {
+ if (informat == FORMAT_SMIME)
+ p7 = SMIME_read_PKCS7(in, &indata);
+ else if (informat == FORMAT_PEM)
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p7 = d2i_PKCS7_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+ goto end;
+ }
+
+ if (!p7)
+ {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile)
+ {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb")))
+ {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ }
+
+ if (!p7)
+ {
+ BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
+ if (!PKCS7_decrypt(p7, key, recip, out, flags))
+ {
+ BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_VERIFY)
+ {
+ STACK_OF(X509) *signers;
+ if (PKCS7_verify(p7, other, store, indata, out, flags))
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ signers = PKCS7_get0_signers(p7, other, flags);
+ if (!save_certs(signerfile, signers))
+ {
+ BIO_printf(bio_err, "Error writing signers to %s\n",
+ signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ }
+ else if (operation == SMIME_PK7OUT)
+ PEM_write_bio_PKCS7(out, p7);
+ else
+ {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (outformat == FORMAT_SMIME)
+ SMIME_write_PKCS7(out, p7, in, flags);
+ else if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS7(out,p7);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS7_bio(out,p7);
+ else
+ {
+ BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+ goto end;
+ }
+ }
+ ret = 0;
+end:
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ if (ret) ERR_print_errors(bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ PKCS7_free(p7);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin) OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+ {
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp) return 0;
+ for(i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+ }
+
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+ {
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+ }
Added: vendor-crypto/openssl/dist/apps/speed.c
===================================================================
--- vendor-crypto/openssl/dist/apps/speed.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/speed.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2946 @@
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#ifndef OPENSSL_NO_SPEED
+
+#undef SECONDS
+#define SECONDS 3
+#define RSA_SECONDS 10
+#define DSA_SECONDS 10
+#define ECDSA_SECONDS 10
+#define ECDH_SECONDS 10
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#undef PROG
+#define PROG speed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
+# define USE_TOD
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+# define TIMES
+#endif
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
+# define TIMEB
+#endif
+
+#if defined(OPENSSL_SYS_NETWARE)
+#undef TIMES
+#undef TIMEB
+#include <time.h>
+#endif
+
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+#ifdef USE_TOD
+# include <sys/time.h>
+# include <sys/resource.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifdef TIMEB
+#include <sys/timeb.h>
+#endif
+
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+#error "It seems neither struct tms nor struct timeb is supported in this platform!"
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+#include <openssl/camellia.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+#include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+#include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_MD4
+#include <openssl/md4.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+#ifndef OPENSSL_NO_HMAC
+#include <openssl/hmac.h>
+#endif
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+#include <openssl/ripemd.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+#include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_RC5
+#include <openssl/rc5.h>
+#endif
+#ifndef OPENSSL_NO_RC2
+#include <openssl/rc2.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+#include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_SEED
+#include <openssl/seed.h>
+#endif
+#ifndef OPENSSL_NO_BF
+#include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+#include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#include "./testdsa.h"
+#endif
+#ifndef OPENSSL_NO_ECDSA
+#include <openssl/ecdsa.h>
+#endif
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
+
+/*
+ * The following "HZ" timing stuff should be sync'd up with the code in
+ * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
+ * this code is more up to date than libcrypto's so there may be features to
+ * migrate over first. This is used in two places further down AFAICS.
+ * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
+ * either speed.c should be using it or it should go because it's obviously not
+ * useful enough. Anyone want to do a janitorial job on this?
+ */
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# if defined(_SC_CLK_TCK) \
+ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+# define HZ sysconf(_SC_CLK_TCK)
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
+#endif
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+# define HAVE_FORK 0
+# else
+# define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8+1)
+int run=0;
+
+static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
+static int mr=0;
+static int usertime=1;
+
+static double Time_F(int s);
+static void print_message(const char *s,long num,int length);
+static void pkey_print_message(const char *str, const char *str2,
+ long num, int bits, int sec);
+static void print_result(int alg,int run_no,int count,double time_used);
+#ifndef NO_FORK
+static int do_multi(int multi);
+#endif
+
+#define ALGOR_NUM 28
+#define SIZE_NUM 5
+#define RSA_NUM 4
+#define DSA_NUM 3
+
+#define EC_NUM 16
+#define MAX_ECDH_SIZE 256
+
+static const char *names[ALGOR_NUM]={
+ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
+ "des cbc","des ede3","idea cbc","seed cbc",
+ "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
+ "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+ "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
+ "evp","sha256","sha512",
+ "aes-128 ige","aes-192 ige","aes-256 ige"};
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+#ifndef OPENSSL_NO_RSA
+static double rsa_results[RSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_DSA
+static double dsa_results[DSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_ECDSA
+static double ecdsa_results[EC_NUM][2];
+#endif
+#ifndef OPENSSL_NO_ECDH
+static double ecdh_results[EC_NUM][1];
+#endif
+
+#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+static SIGRETTYPE sig_done(int sig);
+static SIGRETTYPE sig_done(int sig)
+ {
+ signal(SIGALRM,sig_done);
+ run=0;
+#ifdef LINT
+ sig=sig;
+#endif
+ }
+#endif
+
+#define START 0
+#define STOP 1
+
+#if defined(OPENSSL_SYS_NETWARE)
+
+ /* for NetWare the best we can do is use clock() which returns the
+ * time, in hundredths of a second, since the NLM began executing
+ */
+static double Time_F(int s)
+ {
+ double ret;
+
+ static clock_t tstart,tend;
+
+ if (s == START)
+ {
+ tstart=clock();
+ return(0);
+ }
+ else
+ {
+ tend=clock();
+ ret=(double)((double)(tend)-(double)(tstart));
+ return((ret < 0.001)?0.001:ret);
+ }
+ }
+
+#else
+
+static double Time_F(int s)
+ {
+ double ret;
+
+#ifdef USE_TOD
+ if(usertime)
+ {
+ static struct rusage tstart,tend;
+
+ getrusage_used = 1;
+ if (s == START)
+ {
+ getrusage(RUSAGE_SELF,&tstart);
+ return(0);
+ }
+ else
+ {
+ long i;
+
+ getrusage(RUSAGE_SELF,&tend);
+ i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
+ ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
+ +((double)i)/1000000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+ }
+ else
+ {
+ static struct timeval tstart,tend;
+ long i;
+
+ gettimeofday_used = 1;
+ if (s == START)
+ {
+ gettimeofday(&tstart,NULL);
+ return(0);
+ }
+ else
+ {
+ gettimeofday(&tend,NULL);
+ i=(long)tend.tv_usec-(long)tstart.tv_usec;
+ ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+ }
+#else /* ndef USE_TOD */
+
+# ifdef TIMES
+ if (usertime)
+ {
+ static struct tms tstart,tend;
+
+ times_used = 1;
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret = HZ;
+ ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;
+ return((ret < 1e-3)?1e-3:ret);
+ }
+ }
+# endif /* times() */
+# if defined(TIMES) && defined(TIMEB)
+ else
+# endif
+# ifdef OPENSSL_SYS_VXWORKS
+ {
+ static unsigned long tick_start, tick_end;
+
+ if( s == START )
+ {
+ tick_start = tickGet();
+ return 0;
+ }
+ else
+ {
+ tick_end = tickGet();
+ ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+ return((ret < 0.001)?0.001:ret);
+ }
+ }
+# elif defined(TIMEB)
+ {
+ static struct timeb tstart,tend;
+ long i;
+
+ ftime_used = 1;
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+ }
+# endif
+#endif
+ }
+#endif /* if defined(OPENSSL_SYS_NETWARE) */
+
+
+#ifndef OPENSSL_NO_ECDH
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+ {
+#ifndef OPENSSL_NO_SHA
+ if (*outlen < SHA_DIGEST_LENGTH)
+ return NULL;
+ else
+ *outlen = SHA_DIGEST_LENGTH;
+ return SHA1(in, inlen, out);
+#else
+ return NULL;
+#endif /* OPENSSL_NO_SHA */
+ }
+#endif /* OPENSSL_NO_ECDH */
+
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ unsigned char *buf=NULL,*buf2=NULL;
+ int mret=1;
+ long count=0,save_count=0;
+ int i,j,k;
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+ long rsa_count;
+#endif
+#ifndef OPENSSL_NO_RSA
+ unsigned rsa_num;
+#endif
+ unsigned char md[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_MD2
+ unsigned char md2[MD2_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_MDC2
+ unsigned char mdc2[MDC2_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_MD4
+ unsigned char md4[MD4_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_MD5
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ unsigned char hmac[MD5_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_SHA
+ unsigned char sha[SHA_DIGEST_LENGTH];
+#ifndef OPENSSL_NO_SHA256
+ unsigned char sha256[SHA256_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_SHA512
+ unsigned char sha512[SHA512_DIGEST_LENGTH];
+#endif
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+ unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_RC4
+ RC4_KEY rc4_ks;
+#endif
+#ifndef OPENSSL_NO_RC5
+ RC5_32_KEY rc5_ks;
+#endif
+#ifndef OPENSSL_NO_RC2
+ RC2_KEY rc2_ks;
+#endif
+#ifndef OPENSSL_NO_IDEA
+ IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef OPENSSL_NO_SEED
+ SEED_KEY_SCHEDULE seed_ks;
+#endif
+#ifndef OPENSSL_NO_BF
+ BF_KEY bf_ks;
+#endif
+#ifndef OPENSSL_NO_CAST
+ CAST_KEY cast_ks;
+#endif
+ static const unsigned char key16[16]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+#ifndef OPENSSL_NO_AES
+ static const unsigned char key24[24]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ static const unsigned char key32[32]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+ 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ static const unsigned char ckey24[24]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ static const unsigned char ckey32[32]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+ 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#endif
+#ifndef OPENSSL_NO_AES
+#define MAX_BLOCK_SIZE 128
+#else
+#define MAX_BLOCK_SIZE 64
+#endif
+ unsigned char DES_iv[8];
+ unsigned char iv[2*MAX_BLOCK_SIZE/8];
+#ifndef OPENSSL_NO_DES
+ static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+ static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+ static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ DES_key_schedule sch;
+ DES_key_schedule sch2;
+ DES_key_schedule sch3;
+#endif
+#ifndef OPENSSL_NO_AES
+ AES_KEY aes_ks1, aes_ks2, aes_ks3;
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
+#define D_MD2 0
+#define D_MDC2 1
+#define D_MD4 2
+#define D_MD5 3
+#define D_HMAC 4
+#define D_SHA1 5
+#define D_RMD160 6
+#define D_RC4 7
+#define D_CBC_DES 8
+#define D_EDE3_DES 9
+#define D_CBC_IDEA 10
+#define D_CBC_SEED 11
+#define D_CBC_RC2 12
+#define D_CBC_RC5 13
+#define D_CBC_BF 14
+#define D_CBC_CAST 15
+#define D_CBC_128_AES 16
+#define D_CBC_192_AES 17
+#define D_CBC_256_AES 18
+#define D_CBC_128_CML 19
+#define D_CBC_192_CML 20
+#define D_CBC_256_CML 21
+#define D_EVP 22
+#define D_SHA256 23
+#define D_SHA512 24
+#define D_IGE_128_AES 25
+#define D_IGE_192_AES 26
+#define D_IGE_256_AES 27
+ double d=0.0;
+ long c[ALGOR_NUM][SIZE_NUM];
+#define R_DSA_512 0
+#define R_DSA_1024 1
+#define R_DSA_2048 2
+#define R_RSA_512 0
+#define R_RSA_1024 1
+#define R_RSA_2048 2
+#define R_RSA_4096 3
+
+#define R_EC_P160 0
+#define R_EC_P192 1
+#define R_EC_P224 2
+#define R_EC_P256 3
+#define R_EC_P384 4
+#define R_EC_P521 5
+#define R_EC_K163 6
+#define R_EC_K233 7
+#define R_EC_K283 8
+#define R_EC_K409 9
+#define R_EC_K571 10
+#define R_EC_B163 11
+#define R_EC_B233 12
+#define R_EC_B283 13
+#define R_EC_B409 14
+#define R_EC_B571 15
+
+#ifndef OPENSSL_NO_RSA
+ RSA *rsa_key[RSA_NUM];
+ long rsa_c[RSA_NUM][2];
+ static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
+ static unsigned char *rsa_data[RSA_NUM]=
+ {test512,test1024,test2048,test4096};
+ static int rsa_data_length[RSA_NUM]={
+ sizeof(test512),sizeof(test1024),
+ sizeof(test2048),sizeof(test4096)};
+#endif
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa_key[DSA_NUM];
+ long dsa_c[DSA_NUM][2];
+ static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
+#ifndef OPENSSL_NO_EC
+ /* We only test over the following curves as they are representative,
+ * To add tests over more curves, simply add the curve NID
+ * and curve name to the following arrays and increase the
+ * EC_NUM value accordingly.
+ */
+ static unsigned int test_curves[EC_NUM] =
+ {
+ /* Prime Curves */
+ NID_secp160r1,
+ NID_X9_62_prime192v1,
+ NID_secp224r1,
+ NID_X9_62_prime256v1,
+ NID_secp384r1,
+ NID_secp521r1,
+ /* Binary Curves */
+ NID_sect163k1,
+ NID_sect233k1,
+ NID_sect283k1,
+ NID_sect409k1,
+ NID_sect571k1,
+ NID_sect163r2,
+ NID_sect233r1,
+ NID_sect283r1,
+ NID_sect409r1,
+ NID_sect571r1
+ };
+ static const char * test_curves_names[EC_NUM] =
+ {
+ /* Prime Curves */
+ "secp160r1",
+ "nistp192",
+ "nistp224",
+ "nistp256",
+ "nistp384",
+ "nistp521",
+ /* Binary Curves */
+ "nistk163",
+ "nistk233",
+ "nistk283",
+ "nistk409",
+ "nistk571",
+ "nistb163",
+ "nistb233",
+ "nistb283",
+ "nistb409",
+ "nistb571"
+ };
+ static int test_curves_bits[EC_NUM] =
+ {
+ 160, 192, 224, 256, 384, 521,
+ 163, 233, 283, 409, 571,
+ 163, 233, 283, 409, 571
+ };
+
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ unsigned char ecdsasig[256];
+ unsigned int ecdsasiglen;
+ EC_KEY *ecdsa[EC_NUM];
+ long ecdsa_c[EC_NUM][2];
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
+ unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
+ int secret_size_a, secret_size_b;
+ int ecdh_checks = 0;
+ int secret_idx = 0;
+ long ecdh_c[EC_NUM][2];
+#endif
+
+ int rsa_doit[RSA_NUM];
+ int dsa_doit[DSA_NUM];
+#ifndef OPENSSL_NO_ECDSA
+ int ecdsa_doit[EC_NUM];
+#endif
+#ifndef OPENSSL_NO_ECDH
+ int ecdh_doit[EC_NUM];
+#endif
+ int doit[ALGOR_NUM];
+ int pr_header=0;
+ const EVP_CIPHER *evp_cipher=NULL;
+ const EVP_MD *evp_md=NULL;
+ int decrypt=0;
+#ifndef NO_FORK
+ int multi=0;
+#endif
+
+#ifndef TIMES
+ usertime=-1;
+#endif
+
+ apps_startup();
+ memset(results, 0, sizeof(results));
+#ifndef OPENSSL_NO_DSA
+ memset(dsa_key,0,sizeof(dsa_key));
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ for (i=0; i<EC_NUM; i++)
+ {
+ ecdh_a[i] = NULL;
+ ecdh_b[i] = NULL;
+ }
+#endif
+
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_RSA
+ memset(rsa_key,0,sizeof(rsa_key));
+ for (i=0; i<RSA_NUM; i++)
+ rsa_key[i]=NULL;
+#endif
+
+ if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+
+ memset(c,0,sizeof(c));
+ memset(DES_iv,0,sizeof(DES_iv));
+ memset(iv,0,sizeof(iv));
+
+ for (i=0; i<ALGOR_NUM; i++)
+ doit[i]=0;
+ for (i=0; i<RSA_NUM; i++)
+ rsa_doit[i]=0;
+ for (i=0; i<DSA_NUM; i++)
+ dsa_doit[i]=0;
+#ifndef OPENSSL_NO_ECDSA
+ for (i=0; i<EC_NUM; i++)
+ ecdsa_doit[i]=0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ for (i=0; i<EC_NUM; i++)
+ ecdh_doit[i]=0;
+#endif
+
+
+ j=0;
+ argc--;
+ argv++;
+ while (argc)
+ {
+ if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
+ {
+ usertime = 0;
+ j--; /* Otherwise, -elapsed gets confused with
+ an algorithm. */
+ }
+ else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no EVP given\n");
+ goto end;
+ }
+ evp_cipher=EVP_get_cipherbyname(*argv);
+ if(!evp_cipher)
+ {
+ evp_md=EVP_get_digestbyname(*argv);
+ }
+ if(!evp_cipher && !evp_md)
+ {
+ BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+ goto end;
+ }
+ doit[D_EVP]=1;
+ }
+ else if (argc > 0 && !strcmp(*argv,"-decrypt"))
+ {
+ decrypt=1;
+ j--; /* Otherwise, -elapsed gets confused with
+ an algorithm. */
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no engine given\n");
+ goto end;
+ }
+ setup_engine(bio_err, *argv, 0);
+ /* j will be increased again further down. We just
+ don't want speed to confuse an engine with an
+ algorithm, especially when none is given (which
+ means all of them should be run) */
+ j--;
+ }
+#endif
+#ifndef NO_FORK
+ else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no multi count given\n");
+ goto end;
+ }
+ multi=atoi(argv[0]);
+ if(multi <= 0)
+ {
+ BIO_printf(bio_err,"bad multi count\n");
+ goto end;
+ }
+ j--; /* Otherwise, -mr gets confused with
+ an algorithm. */
+ }
+#endif
+ else if (argc > 0 && !strcmp(*argv,"-mr"))
+ {
+ mr=1;
+ j--; /* Otherwise, -mr gets confused with
+ an algorithm. */
+ }
+ else
+#ifndef OPENSSL_NO_MD2
+ if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_MDC2
+ if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_MD4
+ if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_MD5
+ if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_MD5
+ if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_SHA
+ if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
+ else
+ if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1,
+ doit[D_SHA256]=1,
+ doit[D_SHA512]=1;
+ else
+#ifndef OPENSSL_NO_SHA256
+ if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_SHA512
+ if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
+ else
+#endif
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+ if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
+ else
+ if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
+ else
+ if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_RC4
+ if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_DES
+ if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
+ else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_AES
+ if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
+ else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
+ else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
+ else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
+ else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
+ else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
+ else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
+ else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_RSA
+#if 0 /* was: #ifdef RSAref */
+ if (strcmp(*argv,"rsaref") == 0)
+ {
+ RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+ j--;
+ }
+ else
+#endif
+#ifndef RSA_NULL
+ if (strcmp(*argv,"openssl") == 0)
+ {
+ RSA_set_default_method(RSA_PKCS1_SSLeay());
+ j--;
+ }
+ else
+#endif
+#endif /* !OPENSSL_NO_RSA */
+ if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
+ else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
+ else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
+ else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
+ else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
+ else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
+ else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
+ else
+#ifndef OPENSSL_NO_RC2
+ if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
+ else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_RC5
+ if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
+ else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_IDEA
+ if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
+ else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_SEED
+ if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
+ else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_BF
+ if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
+ else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+ else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_CAST
+ if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
+ else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
+ else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_DES
+ if (strcmp(*argv,"des") == 0)
+ {
+ doit[D_CBC_DES]=1;
+ doit[D_EDE3_DES]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_AES
+ if (strcmp(*argv,"aes") == 0)
+ {
+ doit[D_CBC_128_AES]=1;
+ doit[D_CBC_192_AES]=1;
+ doit[D_CBC_256_AES]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ if (strcmp(*argv,"camellia") == 0)
+ {
+ doit[D_CBC_128_CML]=1;
+ doit[D_CBC_192_CML]=1;
+ doit[D_CBC_256_CML]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_RSA
+ if (strcmp(*argv,"rsa") == 0)
+ {
+ rsa_doit[R_RSA_512]=1;
+ rsa_doit[R_RSA_1024]=1;
+ rsa_doit[R_RSA_2048]=1;
+ rsa_doit[R_RSA_4096]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (strcmp(*argv,"dsa") == 0)
+ {
+ dsa_doit[R_DSA_512]=1;
+ dsa_doit[R_DSA_1024]=1;
+ dsa_doit[R_DSA_2048]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+ else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
+ else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
+ else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+ else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
+ else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+ else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
+ else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
+ else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
+ else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
+ else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
+ else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
+ else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
+ else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
+ else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
+ else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
+ else if (strcmp(*argv,"ecdsa") == 0)
+ {
+ for (i=0; i < EC_NUM; i++)
+ ecdsa_doit[i]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+ else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
+ else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
+ else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+ else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
+ else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+ else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
+ else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
+ else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
+ else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
+ else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
+ else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
+ else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
+ else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
+ else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
+ else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
+ else if (strcmp(*argv,"ecdh") == 0)
+ {
+ for (i=0; i < EC_NUM; i++)
+ ecdh_doit[i]=1;
+ }
+ else
+#endif
+ {
+ BIO_printf(bio_err,"Error: bad option or value\n");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err,"Available values:\n");
+#ifndef OPENSSL_NO_MD2
+ BIO_printf(bio_err,"md2 ");
+#endif
+#ifndef OPENSSL_NO_MDC2
+ BIO_printf(bio_err,"mdc2 ");
+#endif
+#ifndef OPENSSL_NO_MD4
+ BIO_printf(bio_err,"md4 ");
+#endif
+#ifndef OPENSSL_NO_MD5
+ BIO_printf(bio_err,"md5 ");
+#ifndef OPENSSL_NO_HMAC
+ BIO_printf(bio_err,"hmac ");
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA1
+ BIO_printf(bio_err,"sha1 ");
+#endif
+#ifndef OPENSSL_NO_SHA256
+ BIO_printf(bio_err,"sha256 ");
+#endif
+#ifndef OPENSSL_NO_SHA512
+ BIO_printf(bio_err,"sha512 ");
+#endif
+#ifndef OPENSSL_NO_RIPEMD160
+ BIO_printf(bio_err,"rmd160");
+#endif
+#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+ !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
+ BIO_printf(bio_err,"\n");
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,"idea-cbc ");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,"seed-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err,"rc2-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC5
+ BIO_printf(bio_err,"rc5-cbc ");
+#endif
+#ifndef OPENSSL_NO_BF
+ BIO_printf(bio_err,"bf-cbc");
+#endif
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
+ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
+ BIO_printf(bio_err,"\n");
+#endif
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err,"des-cbc des-ede3 ");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
+ BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC4
+ BIO_printf(bio_err,"rc4");
+#endif
+ BIO_printf(bio_err,"\n");
+
+#ifndef OPENSSL_NO_RSA
+ BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
+#endif
+
+#ifndef OPENSSL_NO_DSA
+ BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+ BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+ BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+ BIO_printf(bio_err,"ecdsa\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
+ BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
+ BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
+ BIO_printf(bio_err,"ecdh\n");
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,"idea ");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,"seed ");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err,"rc2 ");
+#endif
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err,"des ");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err,"aes ");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err,"camellia ");
+#endif
+#ifndef OPENSSL_NO_RSA
+ BIO_printf(bio_err,"rsa ");
+#endif
+#ifndef OPENSSL_NO_BF
+ BIO_printf(bio_err,"blowfish");
+#endif
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+ !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
+ !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
+ !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
+ BIO_printf(bio_err,"\n");
+#endif
+
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err,"Available options:\n");
+#if defined(TIMES) || defined(USE_TOD)
+ BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err,"-evp e use EVP e.\n");
+ BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
+ BIO_printf(bio_err,"-mr produce machine readable output.\n");
+#ifndef NO_FORK
+ BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
+#endif
+ goto end;
+ }
+ argc--;
+ argv++;
+ j++;
+ }
+
+#ifndef NO_FORK
+ if(multi && do_multi(multi))
+ goto show_res;
+#endif
+
+ if (j == 0)
+ {
+ for (i=0; i<ALGOR_NUM; i++)
+ {
+ if (i != D_EVP)
+ doit[i]=1;
+ }
+ for (i=0; i<RSA_NUM; i++)
+ rsa_doit[i]=1;
+ for (i=0; i<DSA_NUM; i++)
+ dsa_doit[i]=1;
+ }
+ for (i=0; i<ALGOR_NUM; i++)
+ if (doit[i]) pr_header++;
+
+ if (usertime == 0 && !mr)
+ BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
+ if (usertime <= 0 && !mr)
+ {
+ BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+ BIO_printf(bio_err,"program when this computer is idle.\n");
+ }
+
+#ifndef OPENSSL_NO_RSA
+ for (i=0; i<RSA_NUM; i++)
+ {
+ const unsigned char *p;
+
+ p=rsa_data[i];
+ rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
+ if (rsa_key[i] == NULL)
+ {
+ BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
+ goto end;
+ }
+#if 0
+ else
+ {
+ BIO_printf(bio_err,mr ? "+RK:%d:"
+ : "Loaded RSA key, %d bit modulus and e= 0x",
+ BN_num_bits(rsa_key[i]->n));
+ BN_print(bio_err,rsa_key[i]->e);
+ BIO_printf(bio_err,"\n");
+ }
+#endif
+ }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+ dsa_key[0]=get_dsa512();
+ dsa_key[1]=get_dsa1024();
+ dsa_key[2]=get_dsa2048();
+#endif
+
+#ifndef OPENSSL_NO_DES
+ DES_set_key_unchecked(&key,&sch);
+ DES_set_key_unchecked(&key2,&sch2);
+ DES_set_key_unchecked(&key3,&sch3);
+#endif
+#ifndef OPENSSL_NO_AES
+ AES_set_encrypt_key(key16,128,&aes_ks1);
+ AES_set_encrypt_key(key24,192,&aes_ks2);
+ AES_set_encrypt_key(key32,256,&aes_ks3);
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ Camellia_set_key(key16,128,&camellia_ks1);
+ Camellia_set_key(ckey24,192,&camellia_ks2);
+ Camellia_set_key(ckey32,256,&camellia_ks3);
+#endif
+#ifndef OPENSSL_NO_IDEA
+ idea_set_encrypt_key(key16,&idea_ks);
+#endif
+#ifndef OPENSSL_NO_SEED
+ SEED_set_key(key16,&seed_ks);
+#endif
+#ifndef OPENSSL_NO_RC4
+ RC4_set_key(&rc4_ks,16,key16);
+#endif
+#ifndef OPENSSL_NO_RC2
+ RC2_set_key(&rc2_ks,16,key16,128);
+#endif
+#ifndef OPENSSL_NO_RC5
+ RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
+#ifndef OPENSSL_NO_BF
+ BF_set_key(&bf_ks,16,key16);
+#endif
+#ifndef OPENSSL_NO_CAST
+ CAST_set_key(&cast_ks,16,key16);
+#endif
+#ifndef OPENSSL_NO_RSA
+ memset(rsa_c,0,sizeof(rsa_c));
+#endif
+#ifndef SIGALRM
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
+ count=10;
+ do {
+ long it;
+ count*=2;
+ Time_F(START);
+ for (it=count; it; it--)
+ DES_ecb_encrypt((DES_cblock *)buf,
+ (DES_cblock *)buf,
+ &sch,DES_ENCRYPT);
+ d=Time_F(STOP);
+ } while (d <3);
+ save_count=count;
+ c[D_MD2][0]=count/10;
+ c[D_MDC2][0]=count/10;
+ c[D_MD4][0]=count;
+ c[D_MD5][0]=count;
+ c[D_HMAC][0]=count;
+ c[D_SHA1][0]=count;
+ c[D_RMD160][0]=count;
+ c[D_RC4][0]=count*5;
+ c[D_CBC_DES][0]=count;
+ c[D_EDE3_DES][0]=count/3;
+ c[D_CBC_IDEA][0]=count;
+ c[D_CBC_SEED][0]=count;
+ c[D_CBC_RC2][0]=count;
+ c[D_CBC_RC5][0]=count;
+ c[D_CBC_BF][0]=count;
+ c[D_CBC_CAST][0]=count;
+ c[D_CBC_128_AES][0]=count;
+ c[D_CBC_192_AES][0]=count;
+ c[D_CBC_256_AES][0]=count;
+ c[D_CBC_128_CML][0]=count;
+ c[D_CBC_192_CML][0]=count;
+ c[D_CBC_256_CML][0]=count;
+ c[D_SHA256][0]=count;
+ c[D_SHA512][0]=count;
+ c[D_IGE_128_AES][0]=count;
+ c[D_IGE_192_AES][0]=count;
+ c[D_IGE_256_AES][0]=count;
+
+ for (i=1; i<SIZE_NUM; i++)
+ {
+ c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
+ c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
+ c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
+ c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
+ c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
+ c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+ c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
+ c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
+ c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
+ }
+ for (i=1; i<SIZE_NUM; i++)
+ {
+ long l0,l1;
+
+ l0=(long)lengths[i-1];
+ l1=(long)lengths[i];
+ c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
+ c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
+ c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
+ c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
+ c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
+ c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+ c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
+ c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+ c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
+ c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
+ c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
+ c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
+ c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
+ c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
+ c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
+ c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
+ c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
+ c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
+ }
+#ifndef OPENSSL_NO_RSA
+ rsa_c[R_RSA_512][0]=count/2000;
+ rsa_c[R_RSA_512][1]=count/400;
+ for (i=1; i<RSA_NUM; i++)
+ {
+ rsa_c[i][0]=rsa_c[i-1][0]/8;
+ rsa_c[i][1]=rsa_c[i-1][1]/4;
+ if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
+ rsa_doit[i]=0;
+ else
+ {
+ if (rsa_c[i][0] == 0)
+ {
+ rsa_c[i][0]=1;
+ rsa_c[i][1]=20;
+ }
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+ dsa_c[R_DSA_512][0]=count/1000;
+ dsa_c[R_DSA_512][1]=count/1000/2;
+ for (i=1; i<DSA_NUM; i++)
+ {
+ dsa_c[i][0]=dsa_c[i-1][0]/4;
+ dsa_c[i][1]=dsa_c[i-1][1]/4;
+ if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
+ dsa_doit[i]=0;
+ else
+ {
+ if (dsa_c[i] == 0)
+ {
+ dsa_c[i][0]=1;
+ dsa_c[i][1]=1;
+ }
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ ecdsa_c[R_EC_P160][0]=count/1000;
+ ecdsa_c[R_EC_P160][1]=count/1000/2;
+ for (i=R_EC_P192; i<=R_EC_P521; i++)
+ {
+ ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+ ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i]=0;
+ else
+ {
+ if (ecdsa_c[i] == 0)
+ {
+ ecdsa_c[i][0]=1;
+ ecdsa_c[i][1]=1;
+ }
+ }
+ }
+ ecdsa_c[R_EC_K163][0]=count/1000;
+ ecdsa_c[R_EC_K163][1]=count/1000/2;
+ for (i=R_EC_K233; i<=R_EC_K571; i++)
+ {
+ ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+ ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i]=0;
+ else
+ {
+ if (ecdsa_c[i] == 0)
+ {
+ ecdsa_c[i][0]=1;
+ ecdsa_c[i][1]=1;
+ }
+ }
+ }
+ ecdsa_c[R_EC_B163][0]=count/1000;
+ ecdsa_c[R_EC_B163][1]=count/1000/2;
+ for (i=R_EC_B233; i<=R_EC_B571; i++)
+ {
+ ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+ ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i]=0;
+ else
+ {
+ if (ecdsa_c[i] == 0)
+ {
+ ecdsa_c[i][0]=1;
+ ecdsa_c[i][1]=1;
+ }
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ ecdh_c[R_EC_P160][0]=count/1000;
+ ecdh_c[R_EC_P160][1]=count/1000;
+ for (i=R_EC_P192; i<=R_EC_P521; i++)
+ {
+ ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+ ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i]=0;
+ else
+ {
+ if (ecdh_c[i] == 0)
+ {
+ ecdh_c[i][0]=1;
+ ecdh_c[i][1]=1;
+ }
+ }
+ }
+ ecdh_c[R_EC_K163][0]=count/1000;
+ ecdh_c[R_EC_K163][1]=count/1000;
+ for (i=R_EC_K233; i<=R_EC_K571; i++)
+ {
+ ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+ ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i]=0;
+ else
+ {
+ if (ecdh_c[i] == 0)
+ {
+ ecdh_c[i][0]=1;
+ ecdh_c[i][1]=1;
+ }
+ }
+ }
+ ecdh_c[R_EC_B163][0]=count/1000;
+ ecdh_c[R_EC_B163][1]=count/1000;
+ for (i=R_EC_B233; i<=R_EC_B571; i++)
+ {
+ ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+ ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i]=0;
+ else
+ {
+ if (ecdh_c[i] == 0)
+ {
+ ecdh_c[i][0]=1;
+ ecdh_c[i][1]=1;
+ }
+ }
+ }
+#endif
+
+#define COND(d) (count < (d))
+#define COUNT(d) (d)
+#else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+#endif /* OPENSSL_NO_DES */
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+ signal(SIGALRM,sig_done);
+#endif /* SIGALRM */
+
+#ifndef OPENSSL_NO_MD2
+ if (doit[D_MD2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MD2][j]); count++)
+ EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD2,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_MDC2
+ if (doit[D_MDC2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MDC2][j]); count++)
+ EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MDC2,j,count,d);
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_MD4
+ if (doit[D_MD4])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MD4][j]); count++)
+ EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD4,j,count,d);
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_MD5
+ if (doit[D_MD5])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MD5][j]); count++)
+ EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD5,j,count,d);
+ }
+ }
+#endif
+
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+ if (doit[D_HMAC])
+ {
+ HMAC_CTX hctx;
+
+ HMAC_CTX_init(&hctx);
+ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+ 16,EVP_md5(), NULL);
+
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+ {
+ HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+ HMAC_Update(&hctx,buf,lengths[j]);
+ HMAC_Final(&hctx,&(hmac[0]),NULL);
+ }
+ d=Time_F(STOP);
+ print_result(D_HMAC,j,count,d);
+ }
+ HMAC_CTX_cleanup(&hctx);
+ }
+#endif
+#ifndef OPENSSL_NO_SHA
+ if (doit[D_SHA1])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_SHA1][j]); count++)
+ EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
+ d=Time_F(STOP);
+ print_result(D_SHA1,j,count,d);
+ }
+ }
+
+#ifndef OPENSSL_NO_SHA256
+ if (doit[D_SHA256])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_SHA256][j]); count++)
+ SHA256(buf,lengths[j],sha256);
+ d=Time_F(STOP);
+ print_result(D_SHA256,j,count,d);
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_SHA512
+ if (doit[D_SHA512])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_SHA512][j]); count++)
+ SHA512(buf,lengths[j],sha512);
+ d=Time_F(STOP);
+ print_result(D_SHA512,j,count,d);
+ }
+ }
+#endif
+
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+ if (doit[D_RMD160])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+ EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
+ d=Time_F(STOP);
+ print_result(D_RMD160,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_RC4
+ if (doit[D_RC4])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_RC4][j]); count++)
+ RC4(&rc4_ks,(unsigned int)lengths[j],
+ buf,buf);
+ d=Time_F(STOP);
+ print_result(D_RC4,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_DES
+ if (doit[D_CBC_DES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
+ DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
+ &DES_iv,DES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_DES,j,count,d);
+ }
+ }
+
+ if (doit[D_EDE3_DES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
+ DES_ede3_cbc_encrypt(buf,buf,lengths[j],
+ &sch,&sch2,&sch3,
+ &DES_iv,DES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_EDE3_DES,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_AES
+ if (doit[D_CBC_128_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks1,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_128_AES,j,count,d);
+ }
+ }
+ if (doit[D_CBC_192_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks2,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_192_AES,j,count,d);
+ }
+ }
+ if (doit[D_CBC_256_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks3,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_256_AES,j,count,d);
+ }
+ }
+
+ if (doit[D_IGE_128_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks1,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_128_AES,j,count,d);
+ }
+ }
+ if (doit[D_IGE_192_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks2,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_192_AES,j,count,d);
+ }
+ }
+ if (doit[D_IGE_256_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks3,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_256_AES,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ if (doit[D_CBC_128_CML])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
+ Camellia_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&camellia_ks1,
+ iv,CAMELLIA_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_128_CML,j,count,d);
+ }
+ }
+ if (doit[D_CBC_192_CML])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
+ Camellia_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&camellia_ks2,
+ iv,CAMELLIA_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_192_CML,j,count,d);
+ }
+ }
+ if (doit[D_CBC_256_CML])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
+ Camellia_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&camellia_ks3,
+ iv,CAMELLIA_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_256_CML,j,count,d);
+ }
+ }
+
+#endif
+#ifndef OPENSSL_NO_IDEA
+ if (doit[D_CBC_IDEA])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
+ idea_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&idea_ks,
+ iv,IDEA_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_IDEA,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_SEED
+ if (doit[D_CBC_SEED])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
+ SEED_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&seed_ks,iv,1);
+ d=Time_F(STOP);
+ print_result(D_CBC_SEED,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_RC2
+ if (doit[D_CBC_RC2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
+ RC2_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&rc2_ks,
+ iv,RC2_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_RC2,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_RC5
+ if (doit[D_CBC_RC5])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
+ RC5_32_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&rc5_ks,
+ iv,RC5_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_RC5,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_BF
+ if (doit[D_CBC_BF])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
+ BF_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&bf_ks,
+ iv,BF_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_BF,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_CAST
+ if (doit[D_CBC_CAST])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
+ CAST_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&cast_ks,
+ iv,CAST_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_CAST,j,count,d);
+ }
+ }
+#endif
+
+ if (doit[D_EVP])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ if (evp_cipher)
+ {
+ EVP_CIPHER_CTX ctx;
+ int outl;
+
+ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
+ /* -O3 -fschedule-insns messes up an
+ * optimization here! names[D_EVP]
+ * somehow becomes NULL */
+ print_message(names[D_EVP],save_count,
+ lengths[j]);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if(decrypt)
+ EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ else
+ EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ Time_F(START);
+ if(decrypt)
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+ else
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+ if(decrypt)
+ EVP_DecryptFinal_ex(&ctx,buf,&outl);
+ else
+ EVP_EncryptFinal_ex(&ctx,buf,&outl);
+ d=Time_F(STOP);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ if (evp_md)
+ {
+ names[D_EVP]=OBJ_nid2ln(evp_md->type);
+ print_message(names[D_EVP],save_count,
+ lengths[j]);
+
+ Time_F(START);
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+
+ d=Time_F(STOP);
+ }
+ print_result(D_EVP,j,count,d);
+ }
+ }
+
+ RAND_pseudo_bytes(buf,36);
+#ifndef OPENSSL_NO_RSA
+ for (j=0; j<RSA_NUM; j++)
+ {
+ int ret;
+ if (!rsa_doit[j]) continue;
+ ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+ pkey_print_message("private","rsa",
+ rsa_c[j][0],rsa_bits[j],
+ RSA_SECONDS);
+/* RSA_blinding_on(rsa_key[j],NULL); */
+ Time_F(START);
+ for (count=0,run=1; COND(rsa_c[j][0]); count++)
+ {
+ ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
+ &rsa_num, rsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,
+ "RSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %d bit private RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][0]=d/(double)count;
+ rsa_count=count;
+ }
+
+#if 1
+ ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_doit[j] = 0;
+ }
+ else
+ {
+ pkey_print_message("public","rsa",
+ rsa_c[j][1],rsa_bits[j],
+ RSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(rsa_c[j][1]); count++)
+ {
+ ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ rsa_num, rsa_key[j]);
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,
+ "RSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %d bit public RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][1]=d/(double)count;
+ }
+#endif
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<RSA_NUM; j++)
+ rsa_doit[j]=0;
+ }
+ }
+#endif
+
+ RAND_pseudo_bytes(buf,20);
+#ifndef OPENSSL_NO_DSA
+ if (RAND_status() != 1)
+ {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j=0; j<DSA_NUM; j++)
+ {
+ unsigned int kk;
+ int ret;
+
+ if (!dsa_doit[j]) continue;
+/* DSA_generate_key(dsa_key[j]); */
+/* DSA_sign_setup(dsa_key[j],NULL); */
+ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+ &kk,dsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+ pkey_print_message("sign","dsa",
+ dsa_c[j][0],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(dsa_c[j][0]); count++)
+ {
+ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+ &kk,dsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,
+ "DSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][0]=d/(double)count;
+ rsa_count=count;
+ }
+
+ ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+ kk,dsa_key[j]);
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ dsa_doit[j] = 0;
+ }
+ else
+ {
+ pkey_print_message("verify","dsa",
+ dsa_c[j][1],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(dsa_c[j][1]); count++)
+ {
+ ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+ kk,dsa_key[j]);
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,
+ "DSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][1]=d/(double)count;
+ }
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<DSA_NUM; j++)
+ dsa_doit[j]=0;
+ }
+ }
+ if (rnd_fake) RAND_cleanup();
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ if (RAND_status() != 1)
+ {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j=0; j<EC_NUM; j++)
+ {
+ int ret;
+
+ if (!ecdsa_doit[j]) continue; /* Ignore Curve */
+ ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ if (ecdsa[j] == NULL)
+ {
+ BIO_printf(bio_err,"ECDSA failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+#if 1
+ EC_KEY_precompute_mult(ecdsa[j], NULL);
+#endif
+ /* Perform ECDSA signature test */
+ EC_KEY_generate_key(ecdsa[j]);
+ ret = ECDSA_sign(0, buf, 20, ecdsasig,
+ &ecdsasiglen, ecdsa[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+ pkey_print_message("sign","ecdsa",
+ ecdsa_c[j][0],
+ test_curves_bits[j],
+ ECDSA_SECONDS);
+
+ Time_F(START);
+ for (count=0,run=1; COND(ecdsa_c[j][0]);
+ count++)
+ {
+ ret=ECDSA_sign(0, buf, 20,
+ ecdsasig, &ecdsasiglen,
+ ecdsa[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err, "ECDSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+
+ BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
+ "%ld %d bit ECDSA signs in %.2fs \n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][0]=d/(double)count;
+ rsa_count=count;
+ }
+
+ /* Perform ECDSA verification test */
+ ret=ECDSA_verify(0, buf, 20, ecdsasig,
+ ecdsasiglen, ecdsa[j]);
+ if (ret != 1)
+ {
+ BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ ecdsa_doit[j] = 0;
+ }
+ else
+ {
+ pkey_print_message("verify","ecdsa",
+ ecdsa_c[j][1],
+ test_curves_bits[j],
+ ECDSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
+ {
+ ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+ if (ret != 1)
+ {
+ BIO_printf(bio_err, "ECDSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
+ : "%ld %d bit ECDSA verify in %.2fs\n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][1]=d/(double)count;
+ }
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<EC_NUM; j++)
+ ecdsa_doit[j]=0;
+ }
+ }
+ }
+ if (rnd_fake) RAND_cleanup();
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (RAND_status() != 1)
+ {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j=0; j<EC_NUM; j++)
+ {
+ if (!ecdh_doit[j]) continue;
+ ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
+ {
+ BIO_printf(bio_err,"ECDH failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+ /* generate two ECDH key pairs */
+ if (!EC_KEY_generate_key(ecdh_a[j]) ||
+ !EC_KEY_generate_key(ecdh_b[j]))
+ {
+ BIO_printf(bio_err,"ECDH key generation failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
+ {
+ /* If field size is not more than 24 octets, then use SHA-1 hash of result;
+ * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
+ */
+ int field_size, outlen;
+ void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
+ field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+ if (field_size <= 24 * 8)
+ {
+ outlen = KDF1_SHA1_len;
+ kdf = KDF1_SHA1;
+ }
+ else
+ {
+ outlen = (field_size+7)/8;
+ kdf = NULL;
+ }
+ secret_size_a = ECDH_compute_key(secret_a, outlen,
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
+ secret_size_b = ECDH_compute_key(secret_b, outlen,
+ EC_KEY_get0_public_key(ecdh_a[j]),
+ ecdh_b[j], kdf);
+ if (secret_size_a != secret_size_b)
+ ecdh_checks = 0;
+ else
+ ecdh_checks = 1;
+
+ for (secret_idx = 0;
+ (secret_idx < secret_size_a)
+ && (ecdh_checks == 1);
+ secret_idx++)
+ {
+ if (secret_a[secret_idx] != secret_b[secret_idx])
+ ecdh_checks = 0;
+ }
+
+ if (ecdh_checks == 0)
+ {
+ BIO_printf(bio_err,"ECDH computations don't match.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+
+ pkey_print_message("","ecdh",
+ ecdh_c[j][0],
+ test_curves_bits[j],
+ ECDH_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(ecdh_c[j][0]); count++)
+ {
+ ECDH_compute_key(secret_a, outlen,
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
+ count, test_curves_bits[j], d);
+ ecdh_results[j][0]=d/(double)count;
+ rsa_count=count;
+ }
+ }
+
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<EC_NUM; j++)
+ ecdh_doit[j]=0;
+ }
+ }
+ if (rnd_fake) RAND_cleanup();
+#endif
+#ifndef NO_FORK
+show_res:
+#endif
+ if(!mr)
+ {
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+ printf("options:");
+ printf("%s ",BN_options());
+#ifndef OPENSSL_NO_MD2
+ printf("%s ",MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+ printf("%s ",RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+ printf("%s ",DES_options());
+#endif
+#ifndef OPENSSL_NO_AES
+ printf("%s ",AES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+ printf("%s ",idea_options());
+#endif
+#ifndef OPENSSL_NO_BF
+ printf("%s ",BF_options());
+#endif
+ fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ printf("available timing options: ");
+#ifdef TIMES
+ printf("TIMES ");
+#endif
+#ifdef TIMEB
+ printf("TIMEB ");
+#endif
+#ifdef USE_TOD
+ printf("USE_TOD ");
+#endif
+#ifdef HZ
+#define as_string(s) (#s)
+ {
+ double dbl = HZ;
+ printf("HZ=%g", dbl);
+ }
+# ifdef _SC_CLK_TCK
+ printf(" [sysconf value]");
+# endif
+#endif
+ printf("\n");
+ printf("timing function used: %s%s%s%s%s%s%s\n",
+ (ftime_used ? "ftime" : ""),
+ (ftime_used + times_used > 1 ? "," : ""),
+ (times_used ? "times" : ""),
+ (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
+ (gettimeofday_used ? "gettimeofday" : ""),
+ (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
+ (getrusage_used ? "getrusage" : ""));
+ }
+
+ if (pr_header)
+ {
+ if(mr)
+ fprintf(stdout,"+H");
+ else
+ {
+ fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout,"type ");
+ }
+ for (j=0; j<SIZE_NUM; j++)
+ fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
+ fprintf(stdout,"\n");
+ }
+
+ for (k=0; k<ALGOR_NUM; k++)
+ {
+ if (!doit[k]) continue;
+ if(mr)
+ fprintf(stdout,"+F:%d:%s",k,names[k]);
+ else
+ fprintf(stdout,"%-13s",names[k]);
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ if (results[k][j] > 10000 && !mr)
+ fprintf(stdout," %11.2fk",results[k][j]/1e3);
+ else
+ fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
+ }
+ fprintf(stdout,"\n");
+ }
+#ifndef OPENSSL_NO_RSA
+ j=1;
+ for (k=0; k<RSA_NUM; k++)
+ {
+ if (!rsa_doit[k]) continue;
+ if (j && !mr)
+ {
+ printf("%18ssign verify sign/s verify/s\n"," ");
+ j=0;
+ }
+ if(mr)
+ fprintf(stdout,"+F2:%u:%u:%f:%f\n",
+ k,rsa_bits[k],rsa_results[k][0],
+ rsa_results[k][1]);
+ else
+ fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
+ }
+#endif
+#ifndef OPENSSL_NO_DSA
+ j=1;
+ for (k=0; k<DSA_NUM; k++)
+ {
+ if (!dsa_doit[k]) continue;
+ if (j && !mr)
+ {
+ printf("%18ssign verify sign/s verify/s\n"," ");
+ j=0;
+ }
+ if(mr)
+ fprintf(stdout,"+F3:%u:%u:%f:%f\n",
+ k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+ else
+ fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+ }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ j=1;
+ for (k=0; k<EC_NUM; k++)
+ {
+ if (!ecdsa_doit[k]) continue;
+ if (j && !mr)
+ {
+ printf("%30ssign verify sign/s verify/s\n"," ");
+ j=0;
+ }
+
+ if (mr)
+ fprintf(stdout,"+F4:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdsa_results[k][0],ecdsa_results[k][1]);
+ else
+ fprintf(stdout,
+ "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdsa_results[k][0],ecdsa_results[k][1],
+ 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
+ }
+#endif
+
+
+#ifndef OPENSSL_NO_ECDH
+ j=1;
+ for (k=0; k<EC_NUM; k++)
+ {
+ if (!ecdh_doit[k]) continue;
+ if (j && !mr)
+ {
+ printf("%30sop op/s\n"," ");
+ j=0;
+ }
+ if (mr)
+ fprintf(stdout,"+F5:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdh_results[k][0], 1.0/ecdh_results[k][0]);
+
+ else
+ fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdh_results[k][0], 1.0/ecdh_results[k][0]);
+ }
+#endif
+
+ mret=0;
+
+end:
+ ERR_print_errors(bio_err);
+ if (buf != NULL) OPENSSL_free(buf);
+ if (buf2 != NULL) OPENSSL_free(buf2);
+#ifndef OPENSSL_NO_RSA
+ for (i=0; i<RSA_NUM; i++)
+ if (rsa_key[i] != NULL)
+ RSA_free(rsa_key[i]);
+#endif
+#ifndef OPENSSL_NO_DSA
+ for (i=0; i<DSA_NUM; i++)
+ if (dsa_key[i] != NULL)
+ DSA_free(dsa_key[i]);
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ for (i=0; i<EC_NUM; i++)
+ if (ecdsa[i] != NULL)
+ EC_KEY_free(ecdsa[i]);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ for (i=0; i<EC_NUM; i++)
+ {
+ if (ecdh_a[i] != NULL)
+ EC_KEY_free(ecdh_a[i]);
+ if (ecdh_b[i] != NULL)
+ EC_KEY_free(ecdh_b[i]);
+ }
+#endif
+
+ apps_shutdown();
+ OPENSSL_EXIT(mret);
+ }
+
+static void print_message(const char *s, long num, int length)
+ {
+#ifdef SIGALRM
+ BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
+ : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+ (void)BIO_flush(bio_err);
+ alarm(SECONDS);
+#else
+ BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
+ : "Doing %s %ld times on %d size blocks: ",s,num,length);
+ (void)BIO_flush(bio_err);
+#endif
+#ifdef LINT
+ num=num;
+#endif
+ }
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+ int bits, int tm)
+ {
+#ifdef SIGALRM
+ BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
+ : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+ (void)BIO_flush(bio_err);
+ alarm(RSA_SECONDS);
+#else
+ BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
+ : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+ (void)BIO_flush(bio_err);
+#endif
+#ifdef LINT
+ num=num;
+#endif
+ }
+
+static void print_result(int alg,int run_no,int count,double time_used)
+ {
+ BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
+ : "%d %s's in %.2fs\n",count,names[alg],time_used);
+ results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+ }
+
+#ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+ {
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, sizeof isdelim);
+ isdelim[0] = 1;
+
+ while (*delim)
+ {
+ isdelim[(unsigned char)(*delim)] = 1;
+ delim++;
+ }
+
+ while (!isdelim[(unsigned char)(**string)])
+ {
+ (*string)++;
+ }
+
+ if (**string)
+ {
+ **string = 0;
+ (*string)++;
+ }
+
+ return token;
+ }
+
+static int do_multi(int multi)
+ {
+ int n;
+ int fd[2];
+ int *fds;
+ static char sep[]=":";
+
+ fds=malloc(multi*sizeof *fds);
+ for(n=0 ; n < multi ; ++n)
+ {
+ if (pipe(fd) == -1)
+ {
+ fprintf(stderr, "pipe failure\n");
+ exit(1);
+ }
+ fflush(stdout);
+ fflush(stderr);
+ if(fork())
+ {
+ close(fd[1]);
+ fds[n]=fd[0];
+ }
+ else
+ {
+ close(fd[0]);
+ close(1);
+ if (dup(fd[1]) == -1)
+ {
+ fprintf(stderr, "dup failed\n");
+ exit(1);
+ }
+ close(fd[1]);
+ mr=1;
+ usertime=0;
+ return 0;
+ }
+ printf("Forked child %d\n",n);
+ }
+
+ /* for now, assume the pipe is long enough to take all the output */
+ for(n=0 ; n < multi ; ++n)
+ {
+ FILE *f;
+ char buf[1024];
+ char *p;
+
+ f=fdopen(fds[n],"r");
+ while(fgets(buf,sizeof buf,f))
+ {
+ p=strchr(buf,'\n');
+ if(p)
+ *p='\0';
+ if(buf[0] != '+')
+ {
+ fprintf(stderr,"Don't understand line '%s' from child %d\n",
+ buf,n);
+ continue;
+ }
+ printf("Got: %s from %d\n",buf,n);
+ if(!strncmp(buf,"+F:",3))
+ {
+ int alg;
+ int j;
+
+ p=buf+3;
+ alg=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+ for(j=0 ; j < SIZE_NUM ; ++j)
+ results[alg][j]+=atof(sstrsep(&p,sep));
+ }
+ else if(!strncmp(buf,"+F2:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+ else
+ rsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ else
+ rsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+F2:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+ else
+ rsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ else
+ rsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+F3:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+ else
+ dsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+ else
+ dsa_results[k][1]=d;
+ }
+#ifndef OPENSSL_NO_ECDSA
+ else if(!strncmp(buf,"+F4:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
+ else
+ ecdsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
+ else
+ ecdsa_results[k][1]=d;
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ else if(!strncmp(buf,"+F5:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
+ else
+ ecdh_results[k][0]=d;
+
+ }
+#endif
+
+ else if(!strncmp(buf,"+H:",3))
+ {
+ }
+ else
+ fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
+ }
+ }
+ return 1;
+ }
+#endif
+#endif
Added: vendor-crypto/openssl/dist/apps/spkac.c
===================================================================
--- vendor-crypto/openssl/dist/apps/spkac.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/spkac.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,308 @@
+/* apps/spkac.c */
+
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999. Based on an original idea by Massimiliano Pala
+ * (madwolf at openca.org).
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG spkac_main
+
+/* -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int i,badops=0, ret = 1;
+ BIO *in = NULL,*out = NULL;
+ int verify=0,noout=0,pubkey=0;
+ char *infile = NULL,*outfile = NULL,*prog;
+ char *passargin = NULL, *passin = NULL;
+ const char *spkac = "SPKAC", *spksect = "default";
+ char *spkstr = NULL;
+ char *challenge = NULL, *keyfile = NULL;
+ CONF *conf = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ apps_startup();
+
+ if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-challenge") == 0)
+ {
+ if (--argc < 1) goto bad;
+ challenge= *(++argv);
+ }
+ else if (strcmp(*argv,"-spkac") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spkac= *(++argv);
+ }
+ else if (strcmp(*argv,"-spksect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spksect= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey=1;
+ else if (strcmp(*argv,"-verify") == 0)
+ verify=1;
+ else badops = 1;
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options]\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -challenge arg challenge string\n");
+ BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err," -noout don't print SPKAC\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
+ BIO_printf(bio_err," -verify verify SPKAC signature\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if(keyfile) {
+ pkey = load_key(bio_err,
+ strcmp(keyfile, "-") ? keyfile : NULL,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if(!pkey) {
+ goto end;
+ }
+ spki = NETSCAPE_SPKI_new();
+ if(challenge) ASN1_STRING_set(spki->spkac->challenge,
+ challenge, (int)strlen(challenge));
+ NETSCAPE_SPKI_set_pubkey(spki, pkey);
+ NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+ spkstr = NETSCAPE_SPKI_b64_encode(spki);
+
+ if (outfile) out = BIO_new_file(outfile, "w");
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if(!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(out, "SPKAC=%s\n", spkstr);
+ OPENSSL_free(spkstr);
+ ret = 0;
+ goto end;
+ }
+
+
+
+ if (infile) in = BIO_new_file(infile, "r");
+ else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if(!in) {
+ BIO_printf(bio_err, "Error opening input file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, NULL);
+
+ if(!i) {
+ BIO_printf(bio_err, "Error parsing config file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spkstr = NCONF_get_string(conf, spksect, spkac);
+
+ if(!spkstr) {
+ BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+ if(!spki) {
+ BIO_printf(bio_err, "Error loading SPKAC\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile) out = BIO_new_file(outfile, "w");
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if(!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if(!noout) NETSCAPE_SPKI_print(out, spki);
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ if(verify) {
+ i = NETSCAPE_SPKI_verify(spki, pkey);
+ if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ else {
+ BIO_printf(bio_err, "Signature Failure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
+
+ ret = 0;
+
+end:
+ NCONF_free(conf);
+ NETSCAPE_SPKI_free(spki);
+ BIO_free(in);
+ BIO_free_all(out);
+ EVP_PKEY_free(pkey);
+ if(passin) OPENSSL_free(passin);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
Added: vendor-crypto/openssl/dist/apps/testCA.pem
===================================================================
--- vendor-crypto/openssl/dist/apps/testCA.pem (rev 0)
+++ vendor-crypto/openssl/dist/apps/testCA.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
Added: vendor-crypto/openssl/dist/apps/testdsa.h
===================================================================
--- vendor-crypto/openssl/dist/apps/testdsa.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/testdsa.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,217 @@
+/* NOCW */
+/* used by apps/speed.c */
+DSA *get_dsa512(void );
+DSA *get_dsa1024(void );
+DSA *get_dsa2048(void );
+static unsigned char dsa512_priv[] = {
+ 0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
+ 0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
+ };
+static unsigned char dsa512_pub[] = {
+ 0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
+ 0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
+ 0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
+ 0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
+ 0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
+ 0xbe,0xba,0x0a,0x6b,0xc8,
+ };
+static unsigned char dsa512_p[]={
+ 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
+ 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
+ 0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
+ 0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
+ 0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
+ 0xA2,0x76,0x7D,0x31,
+ };
+static unsigned char dsa512_q[]={
+ 0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
+ 0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
+ };
+static unsigned char dsa512_g[]={
+ 0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
+ 0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
+ 0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
+ 0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
+ 0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
+ 0xA2,0x03,0x9D,0x20,
+ };
+
+DSA *get_dsa512()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
+ dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
+ dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
+ dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
+static unsigned char dsa1024_priv[]={
+ 0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
+ 0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
+ };
+static unsigned char dsa1024_pub[]={
+ 0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
+ 0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
+ 0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
+ 0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
+ 0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
+ 0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
+ 0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
+ 0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
+ 0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
+ 0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
+ 0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
+ };
+static unsigned char dsa1024_p[]={
+ 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
+ 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
+ 0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
+ 0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
+ 0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
+ 0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
+ 0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
+ 0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
+ 0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
+ 0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
+ 0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
+ };
+static unsigned char dsa1024_q[]={
+ 0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
+ 0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
+ };
+static unsigned char dsa1024_g[]={
+ 0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
+ 0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
+ 0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
+ 0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
+ 0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
+ 0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
+ 0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
+ 0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
+ 0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
+ 0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
+ 0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
+ };
+
+DSA *get_dsa1024()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
+ dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
+ dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
+ dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
+static unsigned char dsa2048_priv[]={
+ 0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
+ 0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
+ };
+static unsigned char dsa2048_pub[]={
+ 0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
+ 0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
+ 0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
+ 0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
+ 0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
+ 0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
+ 0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
+ 0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
+ 0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
+ 0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
+ 0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
+ 0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
+ 0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
+ 0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
+ 0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
+ 0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
+ 0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
+ 0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
+ 0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
+ 0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
+ 0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
+ 0x8b,0x33,0xb7,0xce,
+ };
+static unsigned char dsa2048_p[]={
+ 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
+ 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
+ 0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
+ 0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
+ 0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
+ 0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
+ 0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
+ 0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
+ 0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
+ 0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
+ 0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
+ 0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
+ 0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
+ 0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
+ 0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
+ 0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
+ 0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
+ 0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
+ 0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
+ 0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
+ 0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
+ 0xF8,0x68,0xCF,0x9B,
+ };
+static unsigned char dsa2048_q[]={
+ 0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
+ 0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
+ };
+static unsigned char dsa2048_g[]={
+ 0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
+ 0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
+ 0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
+ 0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
+ 0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
+ 0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
+ 0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
+ 0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
+ 0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
+ 0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
+ 0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
+ 0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
+ 0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
+ 0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
+ 0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
+ 0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
+ 0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
+ 0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
+ 0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
+ 0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
+ 0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
+ 0xF8,0xB2,0xE5,0x38,
+ };
+
+DSA *get_dsa2048()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
+ dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
+ dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
+ dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
Added: vendor-crypto/openssl/dist/apps/testrsa.h
===================================================================
--- vendor-crypto/openssl/dist/apps/testrsa.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/testrsa.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,518 @@
+/* apps/testrsa.h */
+/* used by apps/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static unsigned char test512[]={
+ 0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
+ 0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
+ 0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
+ 0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
+ 0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
+ 0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
+ 0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
+ 0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
+ 0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
+ 0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
+ 0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
+ 0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
+ 0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
+ 0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
+ 0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
+ 0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
+ 0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
+ 0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
+ 0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
+ 0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
+ 0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
+ 0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
+ 0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
+ 0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
+ 0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
+ 0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
+ 0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
+ 0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
+ 0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
+ 0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
+ 0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
+ 0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
+ };
+
+static unsigned char test1024[]={
+ 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
+ 0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
+ 0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
+ 0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
+ 0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
+ 0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
+ 0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
+ 0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
+ 0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
+ 0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
+ 0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
+ 0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
+ 0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
+ 0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
+ 0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
+ 0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
+ 0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
+ 0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
+ 0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
+ 0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
+ 0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
+ 0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
+ 0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
+ 0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
+ 0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
+ 0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
+ 0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
+ 0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
+ 0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
+ 0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
+ 0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
+ 0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
+ 0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
+ 0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
+ 0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
+ 0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
+ 0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
+ 0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
+ 0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
+ 0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
+ 0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
+ 0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
+ 0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
+ 0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
+ 0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
+ 0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
+ 0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
+ 0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
+ 0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
+ 0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
+ 0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
+ 0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
+ 0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
+ 0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
+ 0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
+ 0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
+ 0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
+ 0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
+ 0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
+ 0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
+ 0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
+ };
+
+static unsigned char test2048[]={
+ 0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
+ 0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
+ 0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
+ 0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
+ 0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
+ 0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
+ 0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
+ 0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
+ 0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
+ 0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
+ 0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
+ 0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
+ 0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
+ 0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
+ 0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
+ 0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
+ 0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
+ 0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
+ 0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
+ 0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
+ 0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
+ 0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
+ 0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
+ 0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
+ 0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
+ 0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
+ 0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
+ 0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
+ 0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
+ 0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
+ 0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
+ 0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
+ 0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
+ 0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
+ 0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
+ 0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
+ 0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
+ 0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
+ 0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
+ 0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
+ 0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
+ 0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
+ 0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
+ 0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
+ 0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
+ 0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
+ 0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
+ 0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
+ 0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
+ 0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
+ 0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
+ 0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
+ 0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
+ 0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
+ 0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
+ 0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
+ 0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
+ 0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
+ 0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
+ 0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
+ 0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
+ 0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
+ 0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
+ 0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
+ 0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
+ 0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
+ 0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
+ 0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
+ 0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
+ 0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
+ 0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
+ 0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
+ 0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
+ 0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
+ 0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
+ 0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
+ 0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
+ 0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
+ 0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
+ 0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
+ 0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
+ 0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
+ 0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
+ 0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
+ 0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
+ 0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
+ 0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
+ 0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
+ 0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
+ 0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
+ 0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
+ 0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
+ 0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
+ 0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
+ 0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
+ 0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
+ 0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
+ 0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
+ 0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
+ 0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
+ 0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
+ 0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
+ 0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
+ 0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
+ 0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
+ 0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
+ 0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
+ 0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
+ 0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
+ 0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
+ 0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
+ 0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
+ 0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
+ 0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
+ 0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
+ 0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
+ 0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
+ 0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
+ 0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
+ 0x95,
+ };
+
+static unsigned char test4096[]={
+ 0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
+ 0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
+ 0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
+ 0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
+ 0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
+ 0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
+ 0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
+ 0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
+ 0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
+ 0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
+ 0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
+ 0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
+ 0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
+ 0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
+ 0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
+ 0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
+ 0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
+ 0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
+ 0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
+ 0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
+ 0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
+ 0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
+ 0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
+ 0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
+ 0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
+ 0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
+ 0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
+ 0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
+ 0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
+ 0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
+ 0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
+ 0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
+ 0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
+ 0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
+ 0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
+ 0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
+ 0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
+ 0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
+ 0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
+ 0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
+ 0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
+ 0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
+ 0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
+ 0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
+ 0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
+ 0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
+ 0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
+ 0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
+ 0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
+ 0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
+ 0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
+ 0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
+ 0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
+ 0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
+ 0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
+ 0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
+ 0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
+ 0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
+ 0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
+ 0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
+ 0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
+ 0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
+ 0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
+ 0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
+ 0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
+ 0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
+ 0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
+ 0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
+ 0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
+ 0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
+ 0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
+ 0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
+ 0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
+ 0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
+ 0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
+ 0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
+ 0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
+ 0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
+ 0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
+ 0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
+ 0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
+ 0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
+ 0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
+ 0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
+ 0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
+ 0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
+ 0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
+ 0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
+ 0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
+ 0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
+ 0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
+ 0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
+ 0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
+ 0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
+ 0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
+ 0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
+ 0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
+ 0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
+ 0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
+ 0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
+ 0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
+ 0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
+ 0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
+ 0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
+ 0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
+ 0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
+ 0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
+ 0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
+ 0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
+ 0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
+ 0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
+ 0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
+ 0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
+ 0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
+ 0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
+ 0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
+ 0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
+ 0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
+ 0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
+ 0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
+ 0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
+ 0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
+ 0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
+ 0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
+ 0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
+ 0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
+ 0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
+ 0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
+ 0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
+ 0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
+ 0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
+ 0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
+ 0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
+ 0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
+ 0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
+ 0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
+ 0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
+ 0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
+ 0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
+ 0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
+ 0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
+ 0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
+ 0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
+ 0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
+ 0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
+ 0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
+ 0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
+ 0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
+ 0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
+ 0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
+ 0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
+ 0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
+ 0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
+ 0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
+ 0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
+ 0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
+ 0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
+ 0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
+ 0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
+ 0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
+ 0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
+ 0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
+ 0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
+ 0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
+ 0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
+ 0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
+ 0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
+ 0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
+ 0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
+ 0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
+ 0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
+ 0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
+ 0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
+ 0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
+ 0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
+ 0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
+ 0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
+ 0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
+ 0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
+ 0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
+ 0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
+ 0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
+ 0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
+ 0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
+ 0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
+ 0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
+ 0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
+ 0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
+ 0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
+ 0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
+ 0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
+ 0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
+ 0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
+ 0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
+ 0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
+ 0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
+ 0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
+ 0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
+ 0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
+ 0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
+ 0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
+ 0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
+ 0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
+ 0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
+ 0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
+ 0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
+ 0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
+ 0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
+ 0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
+ 0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
+ 0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
+ 0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
+ 0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
+ 0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
+ 0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
+ 0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
+ 0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
+ 0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
+ 0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
+ 0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
+ 0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
+ 0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
+ 0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
+ 0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
+ 0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
+ 0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
+ 0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
+ 0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
+ 0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
+ 0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
+ 0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
+ 0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
+ 0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
+ 0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
+ 0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
+ };
Added: vendor-crypto/openssl/dist/apps/timeouts.h
===================================================================
--- vendor-crypto/openssl/dist/apps/timeouts.h (rev 0)
+++ vendor-crypto/openssl/dist/apps/timeouts.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,67 @@
+/* apps/timeouts.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef INCLUDED_TIMEOUTS_H
+#define INCLUDED_TIMEOUTS_H
+
+/* numbers in us */
+#define DGRAM_RCV_TIMEOUT 250000
+#define DGRAM_SND_TIMEOUT 250000
+
+#endif /* ! INCLUDED_TIMEOUTS_H */
Added: vendor-crypto/openssl/dist/apps/verify.c
===================================================================
--- vendor-crypto/openssl/dist/apps/verify.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/verify.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,369 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG verify_main
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
+static STACK_OF(X509) *load_untrusted(char *file);
+static int v_verbose=0, vflags = 0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int i,ret=1, badarg = 0;
+ int purpose = -1;
+ char *CApath=NULL,*CAfile=NULL;
+ char *untfile = NULL, *trustfile = NULL;
+ STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+ X509_STORE *cert_ctx=NULL;
+ X509_LOOKUP *lookup=NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ cert_ctx=X509_STORE_new();
+ if (cert_ctx == NULL) goto end;
+ X509_STORE_set_verify_cb_func(cert_ctx,cb);
+
+ ERR_load_crypto_strings();
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argc--;
+ argv++;
+ for (;;)
+ {
+ if (argc >= 1)
+ {
+ if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (argc-- < 1) goto end;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (argc-- < 1) goto end;
+ CAfile= *(++argv);
+ }
+ else if (args_verify(&argv, &argc, &badarg, bio_err,
+ &vpm))
+ {
+ if (badarg)
+ goto end;
+ continue;
+ }
+ else if (strcmp(*argv,"-untrusted") == 0)
+ {
+ if (argc-- < 1) goto end;
+ untfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-trusted") == 0)
+ {
+ if (argc-- < 1) goto end;
+ trustfile= *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto end;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-help") == 0)
+ goto end;
+ else if (strcmp(*argv,"-verbose") == 0)
+ v_verbose=1;
+ else if (argv[0][0] == '-')
+ goto end;
+ else
+ break;
+ argc--;
+ argv++;
+ }
+ else
+ break;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (vpm)
+ X509_STORE_set1_param(cert_ctx, vpm);
+
+ lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+ if (lookup == NULL) abort();
+ if (CAfile) {
+ i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
+ if(!i) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) abort();
+ if (CApath) {
+ i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
+ if(!i) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+
+ if(untfile) {
+ if(!(untrusted = load_untrusted(untfile))) {
+ BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if(trustfile) {
+ if(!(trusted = load_untrusted(trustfile))) {
+ BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
+ else
+ for (i=0; i<argc; i++)
+ check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
+ ret=0;
+end:
+ if (ret == 1) {
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," [-engine e]");
+#endif
+ BIO_printf(bio_err," cert1 cert2 ...\n");
+ BIO_printf(bio_err,"recognized usages:\n");
+ for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+ X509_PURPOSE *ptmp;
+ ptmp = X509_PURPOSE_get0(i);
+ BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
+ }
+ }
+ if (vpm) X509_VERIFY_PARAM_free(vpm);
+ if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+ sk_X509_pop_free(untrusted, X509_free);
+ sk_X509_pop_free(trusted, X509_free);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
+ {
+ X509 *x=NULL;
+ int i=0,ret=0;
+ X509_STORE_CTX *csc;
+
+ x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
+ if (x == NULL)
+ goto end;
+ fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
+
+ csc = X509_STORE_CTX_new();
+ if (csc == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ X509_STORE_set_flags(ctx, vflags);
+ if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
+ if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
+ i=X509_verify_cert(csc);
+ X509_STORE_CTX_free(csc);
+
+ ret=0;
+end:
+ if (i > 0)
+ {
+ fprintf(stdout,"OK\n");
+ ret=1;
+ }
+ else
+ ERR_print_errors(bio_err);
+ if (x != NULL) X509_free(x);
+
+ return(ret);
+ }
+
+static STACK_OF(X509) *load_untrusted(char *certfile)
+{
+ STACK_OF(X509_INFO) *sk=NULL;
+ STACK_OF(X509) *stack=NULL, *ret=NULL;
+ BIO *in=NULL;
+ X509_INFO *xi;
+
+ if(!(stack = sk_X509_new_null())) {
+ BIO_printf(bio_err,"memory allocation failure\n");
+ goto end;
+ }
+
+ if(!(in=BIO_new_file(certfile, "r"))) {
+ BIO_printf(bio_err,"error opening the file, %s\n",certfile);
+ goto end;
+ }
+
+ /* This loads from a file, a stack of x509/crl/pkey sets */
+ if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
+ BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+ goto end;
+ }
+
+ /* scan over it and pull out the certs */
+ while (sk_X509_INFO_num(sk))
+ {
+ xi=sk_X509_INFO_shift(sk);
+ if (xi->x509 != NULL)
+ {
+ sk_X509_push(stack,xi->x509);
+ xi->x509=NULL;
+ }
+ X509_INFO_free(xi);
+ }
+ if(!sk_X509_num(stack)) {
+ BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
+ sk_X509_free(stack);
+ goto end;
+ }
+ ret=stack;
+end:
+ BIO_free(in);
+ sk_X509_INFO_free(sk);
+ return(ret);
+ }
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
+ {
+ char buf[256];
+
+ if (!ok)
+ {
+ if (ctx->current_cert)
+ {
+ X509_NAME_oneline(
+ X509_get_subject_name(ctx->current_cert),buf,
+ sizeof buf);
+ printf("%s\n",buf);
+ }
+ printf("error %d at %d depth lookup:%s\n",ctx->error,
+ ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error));
+ if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
+ /* since we are just checking the certificates, it is
+ * ok if they are self signed. But we should still warn
+ * the user.
+ */
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+ /* Continue after extension errors too */
+ if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
+ if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
+ if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
+ if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+ if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
+ if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
+ if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
+
+ if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
+ policies_print(NULL, ctx);
+ return ok;
+
+ }
+ if ((ctx->error == X509_V_OK) && (ok == 2))
+ policies_print(NULL, ctx);
+ if (!v_verbose)
+ ERR_clear_error();
+ return(ok);
+ }
Added: vendor-crypto/openssl/dist/apps/version.c
===================================================================
--- vendor-crypto/openssl/dist/apps/version.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/version.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,217 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+
+#undef PROG
+#define PROG version_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i,ret=0;
+ int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (argc == 1) version=1;
+ for (i=1; i<argc; i++)
+ {
+ if (strcmp(argv[i],"-v") == 0)
+ version=1;
+ else if (strcmp(argv[i],"-b") == 0)
+ date=1;
+ else if (strcmp(argv[i],"-f") == 0)
+ cflags=1;
+ else if (strcmp(argv[i],"-o") == 0)
+ options=1;
+ else if (strcmp(argv[i],"-p") == 0)
+ platform=1;
+ else if (strcmp(argv[i],"-d") == 0)
+ dir=1;
+ else if (strcmp(argv[i],"-a") == 0)
+ date=version=cflags=options=platform=dir=1;
+ else
+ {
+ BIO_printf(bio_err,"usage:version -[avbofpd]\n");
+ ret=1;
+ goto end;
+ }
+ }
+
+ if (version)
+ {
+ if (SSLeay() == SSLEAY_VERSION_NUMBER)
+ {
+ printf("%s\n",SSLeay_version(SSLEAY_VERSION));
+ }
+ else
+ {
+ printf("%s (Library: %s)\n",
+ OPENSSL_VERSION_TEXT,
+ SSLeay_version(SSLEAY_VERSION));
+ }
+ }
+ if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+ if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
+ if (options)
+ {
+ printf("options: ");
+ printf("%s ",BN_options());
+#ifndef OPENSSL_NO_MD2
+ printf("%s ",MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+ printf("%s ",RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+ printf("%s ",DES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+ printf("%s ",idea_options());
+#endif
+#ifndef OPENSSL_NO_BF
+ printf("%s ",BF_options());
+#endif
+ printf("\n");
+ }
+ if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
+end:
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
Added: vendor-crypto/openssl/dist/apps/winrand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/winrand.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/winrand.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,148 @@
+/* apps/winrand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* Usage: winrand [filename]
+ *
+ * Collects entropy from mouse movements and other events and writes
+ * random data to filename or .rnd
+ */
+
+#include <windows.h>
+#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
+LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
+const char *filename;
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+ PSTR cmdline, int iCmdShow)
+ {
+ static char appname[] = "OpenSSL";
+ HWND hwnd;
+ MSG msg;
+ WNDCLASSEX wndclass;
+ char buffer[200];
+
+ if (cmdline[0] == '\0')
+ filename = RAND_file_name(buffer, sizeof buffer);
+ else
+ filename = cmdline;
+
+ RAND_load_file(filename, -1);
+
+ wndclass.cbSize = sizeof(wndclass);
+ wndclass.style = CS_HREDRAW | CS_VREDRAW;
+ wndclass.lpfnWndProc = WndProc;
+ wndclass.cbClsExtra = 0;
+ wndclass.cbWndExtra = 0;
+ wndclass.hInstance = hInstance;
+ wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
+ wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
+ wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
+ wndclass.lpszMenuName = NULL;
+ wndclass.lpszClassName = appname;
+ wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
+ RegisterClassEx(&wndclass);
+
+ hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
+ WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
+ CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
+
+ ShowWindow(hwnd, iCmdShow);
+ UpdateWindow(hwnd);
+
+
+ while (GetMessage(&msg, NULL, 0, 0))
+ {
+ TranslateMessage(&msg);
+ DispatchMessage(&msg);
+ }
+
+ return msg.wParam;
+ }
+
+LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
+ {
+ HDC hdc;
+ PAINTSTRUCT ps;
+ RECT rect;
+ static int seeded = 0;
+
+ switch (iMsg)
+ {
+ case WM_PAINT:
+ hdc = BeginPaint(hwnd, &ps);
+ GetClientRect(hwnd, &rect);
+ DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
+ &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
+ EndPaint(hwnd, &ps);
+ return 0;
+
+ case WM_DESTROY:
+ PostQuitMessage(0);
+ return 0;
+ }
+
+ if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
+ {
+ seeded = 1;
+ if (RAND_write_file(filename) <= 0)
+ MessageBox(hwnd, "Couldn't write random file!",
+ "OpenSSL", MB_OK | MB_ICONERROR);
+ PostQuitMessage(0);
+ }
+
+ return DefWindowProc(hwnd, iMsg, wParam, lParam);
+ }
Added: vendor-crypto/openssl/dist/apps/x509.c
===================================================================
--- vendor-crypto/openssl/dist/apps/x509.c (rev 0)
+++ vendor-crypto/openssl/dist/apps/x509.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1284 @@
+/* apps/x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS 30
+
+static const char *x509_usage[]={
+"usage: x509 args\n",
+" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
+" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
+" -keyform arg - private key format - default PEM\n",
+" -CAform arg - CA format - default PEM\n",
+" -CAkeyform arg - CA key format - default PEM\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -passin arg - private key password source\n",
+" -serial - print serial number value\n",
+" -subject_hash - print subject hash value\n",
+" -issuer_hash - print issuer hash value\n",
+" -hash - synonym for -subject_hash\n",
+" -subject - print subject DN\n",
+" -issuer - print issuer DN\n",
+" -email - print email address(es)\n",
+" -startdate - notBefore field\n",
+" -enddate - notAfter field\n",
+" -purpose - print out certificate purposes\n",
+" -dates - both Before and After dates\n",
+" -modulus - print the RSA key modulus\n",
+" -pubkey - output the public key\n",
+" -fingerprint - print the certificate fingerprint\n",
+" -alias - output certificate alias\n",
+" -noout - no certificate output\n",
+" -ocspid - print OCSP hash values for the subject name and public key\n",
+" -ocsp_uri - print OCSP Responder URL(s)\n",
+" -trustout - output a \"trusted\" certificate\n",
+" -clrtrust - clear all trusted purposes\n",
+" -clrreject - clear all rejected purposes\n",
+" -addtrust arg - trust certificate for a given purpose\n",
+" -addreject arg - reject certificate for a given purpose\n",
+" -setalias arg - set certificate alias\n",
+" -days arg - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg - check whether the cert expires in the next arg seconds\n",
+" exit 1 if so, 0 if not\n",
+" -signkey arg - self sign cert with arg\n",
+" -x509toreq - output a certification request object\n",
+" -req - input is a certificate request, sign and output.\n",
+" -CA arg - set the CA certificate, must be PEM format.\n",
+" -CAkey arg - set the CA key, must be PEM format\n",
+" missing, it is assumed to be in the CA file.\n",
+" -CAcreateserial - create serial number file if it does not exist\n",
+" -CAserial arg - serial file\n",
+" -set_serial - serial number to use\n",
+" -text - print the certificate in text form\n",
+" -C - print out C code forms\n",
+" -md2/-md5/-sha1/-mdc2 - digest to use\n",
+" -extfile - configuration file with X509V3 extensions to add\n",
+" -extensions - section from config file with X509V3 extensions to add\n",
+" -clrext - delete extensions before signing and input certificate\n",
+" -nameopt arg - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
+" -engine e - use engine e, possibly a hardware device.\n",
+#endif
+" -certopt arg - various certificate text options\n",
+NULL
+};
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
+ CONF *conf, char *section);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+ X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+ int create,int days, int clrext, CONF *conf, char *section,
+ ASN1_INTEGER *sno);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+static int reqfile=0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int ret=1;
+ X509_REQ *req=NULL;
+ X509 *x=NULL,*xca=NULL;
+ ASN1_OBJECT *objtmp;
+ EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+ ASN1_INTEGER *sno = NULL;
+ int i,num,badops=0;
+ BIO *out=NULL;
+ BIO *STDout=NULL;
+ STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+ int informat,outformat,keyformat,CAformat,CAkeyformat;
+ char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
+ char *CAkeyfile=NULL,*CAserial=NULL;
+ char *alias=NULL;
+ int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
+ int next_serial=0;
+ int subject_hash=0,issuer_hash=0,ocspid=0;
+ int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
+ int ocsp_uri=0;
+ int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
+ int C=0;
+ int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
+ int pprint = 0;
+ const char **pp;
+ X509_STORE *ctx=NULL;
+ X509_REQ *rq=NULL;
+ int fingerprint=0;
+ char buf[256];
+ const EVP_MD *md_alg,*digest=EVP_sha1();
+ CONF *extconf = NULL;
+ char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
+ int need_rand = 0;
+ int checkend=0,checkoffset=0;
+ unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+
+ reqfile=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ STDout = BIO_push(tmpbio, STDout);
+ }
+#endif
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+ keyformat=FORMAT_PEM;
+ CAformat=FORMAT_PEM;
+ CAkeyformat=FORMAT_PEM;
+
+ ctx=X509_STORE_new();
+ if (ctx == NULL) goto end;
+ X509_STORE_set_verify_cb_func(ctx,callb);
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-req") == 0)
+ {
+ reqfile=1;
+ need_rand = 1;
+ }
+ else if (strcmp(*argv,"-CAform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-CAkeyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAkeyformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days=atoi(*(++argv));
+ if (days == 0)
+ {
+ BIO_printf(STDout,"bad number of days\n");
+ goto bad;
+ }
+ }
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-extfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extsect= *(++argv);
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-signkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ sign_flag= ++num;
+ need_rand = 1;
+ }
+ else if (strcmp(*argv,"-CA") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ CA_flag= ++num;
+ need_rand = 1;
+ }
+ else if (strcmp(*argv,"-CAkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAkeyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAserial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAserial= *(++argv);
+ }
+ else if (strcmp(*argv,"-set_serial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-addtrust") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+ {
+ BIO_printf(bio_err,
+ "Invalid trust object value %s\n", *argv);
+ goto bad;
+ }
+ if (!trust) trust = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(trust, objtmp);
+ trustout = 1;
+ }
+ else if (strcmp(*argv,"-addreject") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+ {
+ BIO_printf(bio_err,
+ "Invalid reject object value %s\n", *argv);
+ goto bad;
+ }
+ if (!reject) reject = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(reject, objtmp);
+ trustout = 1;
+ }
+ else if (strcmp(*argv,"-setalias") == 0)
+ {
+ if (--argc < 1) goto bad;
+ alias= *(++argv);
+ trustout = 1;
+ }
+ else if (strcmp(*argv,"-certopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-C") == 0)
+ C= ++num;
+ else if (strcmp(*argv,"-email") == 0)
+ email= ++num;
+ else if (strcmp(*argv,"-ocsp_uri") == 0)
+ ocsp_uri= ++num;
+ else if (strcmp(*argv,"-serial") == 0)
+ serial= ++num;
+ else if (strcmp(*argv,"-next_serial") == 0)
+ next_serial= ++num;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus= ++num;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey= ++num;
+ else if (strcmp(*argv,"-x509toreq") == 0)
+ x509req= ++num;
+ else if (strcmp(*argv,"-text") == 0)
+ text= ++num;
+ else if (strcmp(*argv,"-hash") == 0
+ || strcmp(*argv,"-subject_hash") == 0)
+ subject_hash= ++num;
+ else if (strcmp(*argv,"-issuer_hash") == 0)
+ issuer_hash= ++num;
+ else if (strcmp(*argv,"-subject") == 0)
+ subject= ++num;
+ else if (strcmp(*argv,"-issuer") == 0)
+ issuer= ++num;
+ else if (strcmp(*argv,"-fingerprint") == 0)
+ fingerprint= ++num;
+ else if (strcmp(*argv,"-dates") == 0)
+ {
+ startdate= ++num;
+ enddate= ++num;
+ }
+ else if (strcmp(*argv,"-purpose") == 0)
+ pprint= ++num;
+ else if (strcmp(*argv,"-startdate") == 0)
+ startdate= ++num;
+ else if (strcmp(*argv,"-enddate") == 0)
+ enddate= ++num;
+ else if (strcmp(*argv,"-checkend") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkoffset=atoi(*(++argv));
+ checkend=1;
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else if (strcmp(*argv,"-trustout") == 0)
+ trustout= 1;
+ else if (strcmp(*argv,"-clrtrust") == 0)
+ clrtrust= ++num;
+ else if (strcmp(*argv,"-clrreject") == 0)
+ clrreject= ++num;
+ else if (strcmp(*argv,"-alias") == 0)
+ aliasout= ++num;
+ else if (strcmp(*argv,"-CAcreateserial") == 0)
+ CA_createserial= ++num;
+ else if (strcmp(*argv,"-clrext") == 0)
+ clrext = 1;
+#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
+ else if (strcmp(*argv,"-crlext") == 0)
+ {
+ BIO_printf(bio_err,"use -clrext instead of -crlext\n");
+ clrext = 1;
+ }
+#endif
+ else if (strcmp(*argv,"-ocspid") == 0)
+ ocspid= ++num;
+ else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+ {
+ /* ok */
+ digest=md_alg;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=x509_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (need_rand)
+ app_RAND_load_file(NULL, bio_err, 0);
+
+ ERR_load_crypto_strings();
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (!X509_STORE_set_default_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
+ { CAkeyfile=CAfile; }
+ else if ((CA_flag) && (CAkeyfile == NULL))
+ {
+ BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+ goto end;
+ }
+
+ if (extfile)
+ {
+ long errorline = -1;
+ X509V3_CTX ctx2;
+ extconf = NCONF_new(NULL);
+ if (!NCONF_load(extconf, extfile,&errorline))
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err,
+ "error loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err,
+ "error on line %ld of config file '%s'\n"
+ ,errorline,extfile);
+ goto end;
+ }
+ if (!extsect)
+ {
+ extsect = NCONF_get_string(extconf, "default", "extensions");
+ if (!extsect)
+ {
+ ERR_clear_error();
+ extsect = "default";
+ }
+ }
+ X509V3_set_ctx_test(&ctx2);
+ X509V3_set_nconf(&ctx2, extconf);
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extsect);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+
+ if (reqfile)
+ {
+ EVP_PKEY *pkey;
+ BIO *in;
+
+ if (!sign_flag && !CA_flag)
+ {
+ BIO_printf(bio_err,"We need a private key to sign with\n");
+ goto end;
+ }
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ BIO_free(in);
+ goto end;
+ }
+ }
+ req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+ BIO_free(in);
+
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if ( (req->req_info == NULL) ||
+ (req->req_info->pubkey == NULL) ||
+ (req->req_info->pubkey->public_key == NULL) ||
+ (req->req_info->pubkey->public_key->data == NULL))
+ {
+ BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+ BIO_printf(bio_err,"It does not contain a public key\n");
+ goto end;
+ }
+ if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto end;
+ }
+ i=X509_REQ_verify(req,pkey);
+ EVP_PKEY_free(pkey);
+ if (i < 0)
+ {
+ BIO_printf(bio_err,"Signature verification error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i == 0)
+ {
+ BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ goto end;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
+
+ if ((x=X509_new()) == NULL) goto end;
+
+ if (sno == NULL)
+ {
+ sno = ASN1_INTEGER_new();
+ if (!sno || !rand_serial(NULL, sno))
+ goto end;
+ if (!X509_set_serialNumber(x, sno))
+ goto end;
+ ASN1_INTEGER_free(sno);
+ sno = NULL;
+ }
+ else if (!X509_set_serialNumber(x, sno))
+ goto end;
+
+ if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
+ if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+
+ X509_gmtime_adj(X509_get_notBefore(x),0);
+ X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+
+ pkey = X509_REQ_get_pubkey(req);
+ X509_set_pubkey(x,pkey);
+ EVP_PKEY_free(pkey);
+ }
+ else
+ x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
+
+ if (x == NULL) goto end;
+ if (CA_flag)
+ {
+ xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
+ if (xca == NULL) goto end;
+ }
+
+ if (!noout || text || next_serial)
+ {
+ OBJ_create("2.99999.3",
+ "SET.ex3","SET x509v3 extension 3");
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
+
+ if (clrtrust) X509_trust_clear(x);
+ if (clrreject) X509_reject_clear(x);
+
+ if (trust)
+ {
+ for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
+ {
+ objtmp = sk_ASN1_OBJECT_value(trust, i);
+ X509_add1_trust_object(x, objtmp);
+ }
+ }
+
+ if (reject)
+ {
+ for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
+ {
+ objtmp = sk_ASN1_OBJECT_value(reject, i);
+ X509_add1_reject_object(x, objtmp);
+ }
+ }
+
+ if (num)
+ {
+ for (i=1; i<=num; i++)
+ {
+ if (issuer == i)
+ {
+ print_name(STDout, "issuer= ",
+ X509_get_issuer_name(x), nmflag);
+ }
+ else if (subject == i)
+ {
+ print_name(STDout, "subject= ",
+ X509_get_subject_name(x), nmflag);
+ }
+ else if (serial == i)
+ {
+ BIO_printf(STDout,"serial=");
+ i2a_ASN1_INTEGER(STDout,
+ X509_get_serialNumber(x));
+ BIO_printf(STDout,"\n");
+ }
+ else if (next_serial == i)
+ {
+ BIGNUM *bnser;
+ ASN1_INTEGER *ser;
+ ser = X509_get_serialNumber(x);
+ bnser = ASN1_INTEGER_to_BN(ser, NULL);
+ if (!bnser)
+ goto end;
+ if (!BN_add_word(bnser, 1))
+ goto end;
+ ser = BN_to_ASN1_INTEGER(bnser, NULL);
+ if (!ser)
+ goto end;
+ BN_free(bnser);
+ i2a_ASN1_INTEGER(out, ser);
+ ASN1_INTEGER_free(ser);
+ BIO_puts(out, "\n");
+ }
+ else if ((email == i) || (ocsp_uri == i))
+ {
+ int j;
+ STACK *emlst;
+ if (email == i)
+ emlst = X509_get1_email(x);
+ else
+ emlst = X509_get1_ocsp(x);
+ for (j = 0; j < sk_num(emlst); j++)
+ BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+ X509_email_free(emlst);
+ }
+ else if (aliasout == i)
+ {
+ unsigned char *alstr;
+ alstr = X509_alias_get0(x, NULL);
+ if (alstr) BIO_printf(STDout,"%s\n", alstr);
+ else BIO_puts(STDout,"<No Alias>\n");
+ }
+ else if (subject_hash == i)
+ {
+ BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
+ }
+ else if (issuer_hash == i)
+ {
+ BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
+ }
+ else if (pprint == i)
+ {
+ X509_PURPOSE *ptmp;
+ int j;
+ BIO_printf(STDout, "Certificate purposes:\n");
+ for (j = 0; j < X509_PURPOSE_get_count(); j++)
+ {
+ ptmp = X509_PURPOSE_get0(j);
+ purpose_print(STDout, x, ptmp);
+ }
+ }
+ else
+ if (modulus == i)
+ {
+ EVP_PKEY *pkey;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"Modulus=unavailable\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(STDout,"Modulus=");
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ BN_print(STDout,pkey->pkey.rsa->n);
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ BN_print(STDout,pkey->pkey.dsa->pub_key);
+ else
+#endif
+ BIO_printf(STDout,"Wrong Algorithm type");
+ BIO_printf(STDout,"\n");
+ EVP_PKEY_free(pkey);
+ }
+ else
+ if (pubkey == i)
+ {
+ EVP_PKEY *pkey;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(STDout, pkey);
+ EVP_PKEY_free(pkey);
+ }
+ else
+ if (C == i)
+ {
+ unsigned char *d;
+ char *m;
+ int y,z;
+
+ X509_NAME_oneline(X509_get_subject_name(x),
+ buf,sizeof buf);
+ BIO_printf(STDout,"/* subject:%s */\n",buf);
+ m=X509_NAME_oneline(
+ X509_get_issuer_name(x),buf,
+ sizeof buf);
+ BIO_printf(STDout,"/* issuer :%s */\n",buf);
+
+ z=i2d_X509(x,NULL);
+ m=OPENSSL_malloc(z);
+
+ d=(unsigned char *)m;
+ z=i2d_X509_NAME(X509_get_subject_name(x),&d);
+ BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ BIO_printf(STDout,"0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
+ }
+ if (y%16 != 0) BIO_printf(STDout,"\n");
+ BIO_printf(STDout,"};\n");
+
+ z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
+ BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ BIO_printf(STDout,"0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout,"\n");
+ }
+ if (y%16 != 0) BIO_printf(STDout,"\n");
+ BIO_printf(STDout,"};\n");
+
+ z=i2d_X509(x,&d);
+ BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ BIO_printf(STDout,"0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout,"\n");
+ }
+ if (y%16 != 0) BIO_printf(STDout,"\n");
+ BIO_printf(STDout,"};\n");
+
+ OPENSSL_free(m);
+ }
+ else if (text == i)
+ {
+ X509_print_ex(out,x,nmflag, certflag);
+ }
+ else if (startdate == i)
+ {
+ BIO_puts(STDout,"notBefore=");
+ ASN1_TIME_print(STDout,X509_get_notBefore(x));
+ BIO_puts(STDout,"\n");
+ }
+ else if (enddate == i)
+ {
+ BIO_puts(STDout,"notAfter=");
+ ASN1_TIME_print(STDout,X509_get_notAfter(x));
+ BIO_puts(STDout,"\n");
+ }
+ else if (fingerprint == i)
+ {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_digest(x,digest,md,&n))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ BIO_printf(STDout,"%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
+ for (j=0; j<(int)n; j++)
+ {
+ BIO_printf(STDout,"%02X%c",md[j],
+ (j+1 == (int)n)
+ ?'\n':':');
+ }
+ }
+
+ /* should be in the library */
+ else if ((sign_flag == i) && (x509req == 0))
+ {
+ BIO_printf(bio_err,"Getting Private key\n");
+ if (Upkey == NULL)
+ {
+ Upkey=load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "Private key");
+ if (Upkey == NULL) goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (Upkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (Upkey->type == EVP_PKEY_EC)
+ digest=EVP_ecdsa();
+#endif
+
+ assert(need_rand);
+ if (!sign(x,Upkey,days,clrext,digest,
+ extconf, extsect)) goto end;
+ }
+ else if (CA_flag == i)
+ {
+ BIO_printf(bio_err,"Getting CA Private Key\n");
+ if (CAkeyfile != NULL)
+ {
+ CApkey=load_key(bio_err,
+ CAkeyfile, CAkeyformat,
+ 0, passin, e,
+ "CA Private Key");
+ if (CApkey == NULL) goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (CApkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (CApkey->type == EVP_PKEY_EC)
+ digest = EVP_ecdsa();
+#endif
+
+ assert(need_rand);
+ if (!x509_certify(ctx,CAfile,digest,x,xca,
+ CApkey, CAserial,CA_createserial,days, clrext,
+ extconf, extsect, sno))
+ goto end;
+ }
+ else if (x509req == i)
+ {
+ EVP_PKEY *pk;
+
+ BIO_printf(bio_err,"Getting request Private Key\n");
+ if (keyfile == NULL)
+ {
+ BIO_printf(bio_err,"no request key file specified\n");
+ goto end;
+ }
+ else
+ {
+ pk=load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "request key");
+ if (pk == NULL) goto end;
+ }
+
+ BIO_printf(bio_err,"Generating certificate request\n");
+
+#ifndef OPENSSL_NO_DSA
+ if (pk->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pk->type == EVP_PKEY_EC)
+ digest=EVP_ecdsa();
+#endif
+
+ rq=X509_to_X509_REQ(x,pk,digest);
+ EVP_PKEY_free(pk);
+ if (rq == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (!noout)
+ {
+ X509_REQ_print(out,rq);
+ PEM_write_bio_X509_REQ(out,rq);
+ }
+ noout=1;
+ }
+ else if (ocspid == i)
+ {
+ X509_ocspid_print(out, x);
+ }
+ }
+ }
+
+ if (checkend)
+ {
+ time_t tcheck=time(NULL) + checkoffset;
+
+ if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
+ {
+ BIO_printf(out,"Certificate will expire\n");
+ ret=1;
+ }
+ else
+ {
+ BIO_printf(out,"Certificate will not expire\n");
+ ret=0;
+ }
+ goto end;
+ }
+
+ if (noout)
+ {
+ ret=0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ {
+ if (trustout) i=PEM_write_bio_X509_AUX(out,x);
+ else i=PEM_write_bio_X509(out,x);
+ }
+ else if (outformat == FORMAT_NETSCAPE)
+ {
+ ASN1_HEADER ah;
+ ASN1_OCTET_STRING os;
+
+ os.data=(unsigned char *)NETSCAPE_CERT_HDR;
+ os.length=strlen(NETSCAPE_CERT_HDR);
+ ah.header= &os;
+ ah.data=(char *)x;
+ ah.meth=X509_asn1_meth();
+
+ i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
+ }
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write certificate\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ OBJ_cleanup();
+ NCONF_free(extconf);
+ BIO_free_all(out);
+ BIO_free_all(STDout);
+ X509_STORE_free(ctx);
+ X509_REQ_free(req);
+ X509_free(x);
+ X509_free(xca);
+ EVP_PKEY_free(Upkey);
+ EVP_PKEY_free(CApkey);
+ X509_REQ_free(rq);
+ ASN1_INTEGER_free(sno);
+ sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ if (passin) OPENSSL_free(passin);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
+
+static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
+ {
+ char *buf = NULL, *p;
+ ASN1_INTEGER *bs = NULL;
+ BIGNUM *serial = NULL;
+ size_t len;
+
+ len = ((serialfile == NULL)
+ ?(strlen(CAfile)+strlen(POSTFIX)+1)
+ :(strlen(serialfile)))+1;
+ buf=OPENSSL_malloc(len);
+ if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
+ if (serialfile == NULL)
+ {
+ BUF_strlcpy(buf,CAfile,len);
+ for (p=buf; *p; p++)
+ if (*p == '.')
+ {
+ *p='\0';
+ break;
+ }
+ BUF_strlcat(buf,POSTFIX,len);
+ }
+ else
+ BUF_strlcpy(buf,serialfile,len);
+
+ serial = load_serial(buf, create, NULL);
+ if (serial == NULL) goto end;
+
+ if (!BN_add_word(serial,1))
+ { BIO_printf(bio_err,"add_word failure\n"); goto end; }
+
+ if (!save_serial(buf, NULL, serial, &bs)) goto end;
+
+ end:
+ if (buf) OPENSSL_free(buf);
+ BN_free(serial);
+ return bs;
+ }
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+ X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+ int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
+ {
+ int ret=0;
+ ASN1_INTEGER *bs=NULL;
+ X509_STORE_CTX xsc;
+ EVP_PKEY *upkey;
+
+ upkey = X509_get_pubkey(xca);
+ EVP_PKEY_copy_parameters(upkey,pkey);
+ EVP_PKEY_free(upkey);
+
+ if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+ {
+ BIO_printf(bio_err,"Error initialising X509 store\n");
+ goto end;
+ }
+ if (sno) bs = sno;
+ else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+ goto end;
+
+/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
+
+ /* NOTE: this certificate can/should be self signed, unless it was
+ * a certificate request in which case it is not. */
+ X509_STORE_CTX_set_cert(&xsc,x);
+ X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+ if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ goto end;
+
+ if (!X509_check_private_key(xca,pkey))
+ {
+ BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+ goto end;
+ }
+
+ if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
+ if (!X509_set_serialNumber(x,bs)) goto end;
+
+ if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+ goto end;
+
+ /* hardwired expired */
+ if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+ goto end;
+
+ if (clrext)
+ {
+ while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+ }
+
+ if (conf)
+ {
+ X509V3_CTX ctx2;
+ X509_set_version(x,2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx2, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
+ }
+
+ if (!X509_sign(x,pkey,digest)) goto end;
+ ret=1;
+end:
+ X509_STORE_CTX_cleanup(&xsc);
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (!sno) ASN1_INTEGER_free(bs);
+ return ret;
+ }
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
+ {
+ int err;
+ X509 *err_cert;
+
+ /* it is ok to use a self signed certificate
+ * This case will catch both the initial ok == 0 and the
+ * final ok == 1 calls to this function */
+ err=X509_STORE_CTX_get_error(ctx);
+ if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ return 1;
+
+ /* BAD we should have gotten an error. Normally if everything
+ * worked X509_STORE_CTX_get_error(ctx) will still be set to
+ * DEPTH_ZERO_SELF_.... */
+ if (ok)
+ {
+ BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
+ return 0;
+ }
+ else
+ {
+ err_cert=X509_STORE_CTX_get_current_cert(ctx);
+ print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
+ BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
+ err,X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(err));
+ return 1;
+ }
+ }
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
+ CONF *conf, char *section)
+ {
+
+ EVP_PKEY *pktmp;
+
+ pktmp = X509_get_pubkey(x);
+ EVP_PKEY_copy_parameters(pktmp,pkey);
+ EVP_PKEY_save_parameters(pktmp,1);
+ EVP_PKEY_free(pktmp);
+
+ if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
+ if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+
+ /* Lets just make it 12:00am GMT, Jan 1 1970 */
+ /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+ /* 28 days to be certified */
+
+ if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+ goto err;
+
+ if (!X509_set_pubkey(x,pkey)) goto err;
+ if (clrext)
+ {
+ while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+ }
+ if (conf)
+ {
+ X509V3_CTX ctx;
+ X509_set_version(x,2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
+ }
+ if (!X509_sign(x,pkey,digest)) goto err;
+ return 1;
+err:
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+ int id, i, idret;
+ char *pname;
+ id = X509_PURPOSE_get_id(pt);
+ pname = X509_PURPOSE_get0_name(pt);
+ for (i = 0; i < 2; i++)
+ {
+ idret = X509_check_purpose(cert, id, i);
+ BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+ if (idret == 1) BIO_printf(bio, "Yes\n");
+ else if (idret == 0) BIO_printf(bio, "No\n");
+ else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+ }
+ return 1;
+}
Added: vendor-crypto/openssl/dist/bugs/MS
===================================================================
--- vendor-crypto/openssl/dist/bugs/MS (rev 0)
+++ vendor-crypto/openssl/dist/bugs/MS 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,7 @@
+If you use the function that does an fopen inside the DLL, it's malloc
+will be used and when the function is then written inside, more
+hassles
+....
+
+
+think about it.
Added: vendor-crypto/openssl/dist/bugs/SSLv3
===================================================================
--- vendor-crypto/openssl/dist/bugs/SSLv3 (rev 0)
+++ vendor-crypto/openssl/dist/bugs/SSLv3 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,49 @@
+So far...
+
+ssl3.netscape.com:443 does not support client side dynamic
+session-renegotiation.
+
+ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
+in an invalid format (the outer sequence is removed).
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys. Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA. It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+NEW INFORMATION. Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-signed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
+
+Netscape browsers do not really notice the server sending a
+close notify message. I was sending one, and then some invalid data.
+netscape complained of an invalid mac. (a fork()ed child doing a
+SSL_shutdown() and still sharing the socket with its parent).
+
+Netscape, when using export ciphers, will accept a 1024 bit temporary
+RSA key. It is supposed to only accept 512.
+
+If Netscape connects to a server which requests a client certificate
+it will frequently hang after the user has selected one and never
+complete the connection. Hitting "Stop" and reload fixes this and
+all subsequent connections work fine. This appears to be because
+Netscape wont read any new records in when it is awaiting a server
+done message at this point. The fix is to send the certificate request
+and server done messages in one record.
Added: vendor-crypto/openssl/dist/bugs/alpha.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/alpha.c (rev 0)
+++ vendor-crypto/openssl/dist/bugs/alpha.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,91 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for. This was fine on linux/NT/Solaris but not
+ * Alpha */
+
+/* it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first? It is not defined in ASN1 C.
+ */
+
+#include <stdio.h>
+
+#define TYPE unsigned int
+
+void func(a,b)
+TYPE *a;
+TYPE b;
+ {
+ printf("%ld -1 == %ld\n",a[0],b);
+ }
+
+main()
+ {
+ TYPE data[5]={1L,2L,3L,4L,5L};
+ TYPE *p;
+ int i;
+
+ p=data;
+
+ for (i=0; i<4; i++)
+ {
+ func(p,*(p++));
+ }
+ }
Added: vendor-crypto/openssl/dist/bugs/dggccbug.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/dggccbug.c (rev 0)
+++ vendor-crypto/openssl/dist/bugs/dggccbug.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay at cryptsoft.com) - May 1995 */
+
+#include <stdio.h>
+
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop. Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */
+
+/* compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+ {
+ (*a)++;
+ }
+
+main()
+ {
+ int p=0;
+#ifdef FIXBUG
+ int dummy;
+#endif
+
+ while (p<3)
+ {
+ fprintf(stderr,"%08X\n",p);
+ inc(&p);
+#ifdef FIXBUG
+ dummy+=p;
+#endif
+ }
+ }
Added: vendor-crypto/openssl/dist/bugs/sgiccbug.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/sgiccbug.c (rev 0)
+++ vendor-crypto/openssl/dist/bugs/sgiccbug.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,57 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay at mincom.oz.au) May 95 */
+
+#include <stdio.h>
+
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage at forgetmenot.Mines.EDU>
+ */
+
+/* Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
+
+main()
+ {
+ unsigned long r[4];
+ sub(r,a,b);
+ fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
+ fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
+ fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
+ fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
+ }
+
+int sub(r,a,b)
+unsigned long *r,*a,*b;
+ {
+ register unsigned long t1,t2,*ap,*bp,*rp;
+ int i,carry;
+#ifdef FIXBUG
+ unsigned long dummy;
+#endif
+
+ ap=a;
+ bp=b;
+ rp=r;
+ carry=0;
+ for (i=0; i<4; i++)
+ {
+ t1= *(ap++);
+ t2= *(bp++);
+ t1=(t1-t2);
+#ifdef FIXBUG
+ dummy=t1;
+#endif
+ *(rp++)=t1&0xffffffff;
+ }
+ }
Added: vendor-crypto/openssl/dist/bugs/sslref.dif
===================================================================
--- vendor-crypto/openssl/dist/bugs/sslref.dif (rev 0)
+++ vendor-crypto/openssl/dist/bugs/sslref.dif 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,26 @@
+The February 9th, 1995 version of the SSL document differs from
+https://www.netscape.com in the following ways.
+=====
+The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
+KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
+not
+KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
+as specified in the documentation.
+=====
+From the section 2.6 Server Only Protocol Messages
+
+If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
+CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero.
+
+This is not true for https://www.netscape.com. The CERTIFICATE-TYPE
+is returned as 1.
+=====
+I have not tested the following but it is reported by holtzman at mit.edu.
+
+SSLref clients wait to recieve a server-verify before they send a
+client-finished. Besides this not being evident from the examples in
+2.2.1, it makes more sense to always send all packets you can before
+reading. SSLeay was waiting in the server to recieve a client-finish
+before sending the server-verify :-). I have changed SSLeay to send a
+server-verify before trying to read the client-finished.
+
Added: vendor-crypto/openssl/dist/bugs/stream.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/stream.c (rev 0)
+++ vendor-crypto/openssl/dist/bugs/stream.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,131 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc4.h>
+#ifdef OPENSSL_NO_DES
+#include <des.h>
+#else
+#include <openssl/des.h>
+#endif
+
+/* show how stream ciphers are not very good. The mac has no affect
+ * on RC4 while it does for cfb DES
+ */
+
+main()
+ {
+ fprintf(stderr,"rc4\n");
+ rc4();
+ fprintf(stderr,"cfb des\n");
+ des();
+ }
+
+int des()
+ {
+ des_key_schedule ks;
+ des_cblock iv,key;
+ int num;
+ static char *keystr="01234567";
+ static char *in1="0123456789ABCEDFdata 12345";
+ static char *in2="9876543210abcdefdata 12345";
+ unsigned char out[100];
+ int i;
+
+ des_set_key((des_cblock *)keystr,ks);
+
+ num=0;
+ memset(iv,0,8);
+ des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+
+ num=0;
+ memset(iv,0,8);
+ des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+ }
+
+int rc4()
+ {
+ static char *keystr="0123456789abcdef";
+ RC4_KEY key;
+ unsigned char in[100],out[100];
+ int i;
+
+ RC4_set_key(&key,16,keystr);
+ in[0]='\0';
+ strcpy(in,"0123456789ABCEDFdata 12345");
+ RC4(key,26,in,out);
+
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+
+ RC4_set_key(&key,16,keystr);
+ in[0]='\0';
+ strcpy(in,"9876543210abcdefdata 12345");
+ RC4(key,26,in,out);
+
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+ }
Added: vendor-crypto/openssl/dist/bugs/ultrixcc.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/ultrixcc.c (rev 0)
+++ vendor-crypto/openssl/dist/bugs/ultrixcc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,45 @@
+#include <stdio.h>
+
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+ {
+ f(5);
+ f(0);
+ }
+
+int f(a)
+int a;
+ {
+ switch(a&7)
+ {
+ case 7:
+ printf("7\n");
+ case 6:
+ printf("6\n");
+ case 5:
+ printf("5\n");
+ case 4:
+ printf("4\n");
+ case 3:
+ printf("3\n");
+ case 2:
+ printf("2\n");
+ case 1:
+ printf("1\n");
+#ifdef FIX_BUG
+ case 0:
+ ;
+#endif
+ }
+ }
+
Added: vendor-crypto/openssl/dist/certs/README.RootCerts
===================================================================
--- vendor-crypto/openssl/dist/certs/README.RootCerts (rev 0)
+++ vendor-crypto/openssl/dist/certs/README.RootCerts 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,4 @@
+The OpenSSL project does not (any longer) include root CA certificates.
+
+Please check out the FAQ:
+ * How can I set up a bundle of commercial root CA certificates?
Added: vendor-crypto/openssl/dist/certs/demo/ca-cert.pem
===================================================================
--- vendor-crypto/openssl/dist/certs/demo/ca-cert.pem (rev 0)
+++ vendor-crypto/openssl/dist/certs/demo/ca-cert.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
+MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
+KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
+yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
+b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
+5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
+U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
+R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
+IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
+6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
+3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
+sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/certs/demo/dsa-ca.pem
===================================================================
--- vendor-crypto/openssl/dist/certs/demo/dsa-ca.pem (rev 0)
+++ vendor-crypto/openssl/dist/certs/demo/dsa-ca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
Added: vendor-crypto/openssl/dist/certs/demo/dsa-pca.pem
===================================================================
--- vendor-crypto/openssl/dist/certs/demo/dsa-pca.pem (rev 0)
+++ vendor-crypto/openssl/dist/certs/demo/dsa-pca.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
Added: vendor-crypto/openssl/dist/certs/demo/pca-cert.pem
===================================================================
--- vendor-crypto/openssl/dist/certs/demo/pca-cert.pem (rev 0)
+++ vendor-crypto/openssl/dist/certs/demo/pca-cert.pem 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
+MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
+ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
+V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
+JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
+S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
+aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
+1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
++Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
+JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
+Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/openssl/dist/certs/expired/ICE.crl
===================================================================
--- vendor-crypto/openssl/dist/certs/expired/ICE.crl (rev 0)
+++ vendor-crypto/openssl/dist/certs/expired/ICE.crl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
Added: vendor-crypto/openssl/dist/config
===================================================================
--- vendor-crypto/openssl/dist/config (rev 0)
+++ vendor-crypto/openssl/dist/config 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,898 @@
+#!/bin/sh
+#
+# OpenSSL config: determine the operating system and run ./Configure
+#
+# "config -h" for usage information.
+#
+# this is a merge of minarch and GuessOS from the Apache Group.
+# Originally written by Tim Hudson <tjh at cryptsoft.com>.
+
+# Original Apache Group comments on GuessOS
+
+# Simple OS/Platform guesser. Similar to config.guess but
+# much, much smaller. Since it was developed for use with
+# Apache, it follows under Apache's regular licensing
+# with one specific addition: Any changes or additions
+# to this script should be Emailed to the Apache
+# group (apache at apache.org) in general and to
+# Jim Jagielski (jim at jaguNET.com) in specific.
+#
+# Be as similar to the output of config.guess/config.sub
+# as possible.
+
+PREFIX=""
+SUFFIX=""
+TEST="false"
+EXE=""
+
+# pick up any command line args to config
+for i
+do
+case "$i" in
+-d) PREFIX="debug-";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
+ -d Add a debug- prefix to machine choice.
+ -t Test mode, do not run the Configure perl script.
+ -h This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
+esac
+done
+
+# First get uname entries that we use below
+
+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
+[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+
+# Now test for ISC and SCO, since it is has a braindamaged uname.
+#
+# We need to work around FreeBSD 1.1.5.1
+(
+XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
+if [ "x$XREL" != "x" ]; then
+ if [ -f /etc/kconfig ]; then
+ case "$XREL" in
+ 4.0|4.1)
+ echo "${MACHINE}-whatever-isc4"; exit 0
+ ;;
+ esac
+ else
+ case "$XREL" in
+ 3.2v4.2)
+ echo "whatever-whatever-sco3"; exit 0
+ ;;
+ 3.2v5.0*)
+ echo "whatever-whatever-sco5"; exit 0
+ ;;
+ 4.2MP)
+ case "x${VERSION}" in
+ x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+ x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+ x2*) echo "whatever-whatever-unixware2"; exit 0 ;;
+ esac
+ ;;
+ 4.2)
+ echo "whatever-whatever-unixware1"; exit 0
+ ;;
+ 5*)
+ case "x${VERSION}" in
+ # We hardcode i586 in place of ${MACHINE} for the
+ # following reason. The catch is that even though Pentium
+ # is minimum requirement for platforms in question,
+ # ${MACHINE} gets always assigned to i386. Now, problem
+ # with i386 is that it makes ./config pass 386 to
+ # ./Configure, which in turn makes make generate
+ # inefficient SHA-1 (for this moment) code.
+ x[678]*) echo "i586-sco-unixware7"; exit 0 ;;
+ esac
+ ;;
+ esac
+ fi
+fi
+# Now we simply scan though... In most cases, the SYSTEM info is enough
+#
+case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+ MPE/iX:*)
+ MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+ echo "parisc-hp-MPE/iX"; exit 0
+ ;;
+ A/UX:*)
+ echo "m68k-apple-aux3"; exit 0
+ ;;
+
+ AIX:[3-9]:4:*)
+ echo "${MACHINE}-ibm-aix"; exit 0
+ ;;
+
+ AIX:*:[5-9]:*)
+ echo "${MACHINE}-ibm-aix"; exit 0
+ ;;
+
+ AIX:*)
+ echo "${MACHINE}-ibm-aix3"; exit 0
+ ;;
+
+ dgux:*)
+ echo "${MACHINE}-dg-dgux"; exit 0
+ ;;
+
+ HI-UX:*)
+ echo "${MACHINE}-hi-hiux"; exit 0
+ ;;
+
+ HP-UX:*)
+ HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "$HPUXVER" in
+ 1[0-9].*) # HPUX 10 and 11 targets are unified
+ echo "${MACHINE}-hp-hpux1x"; exit 0
+ ;;
+ *)
+ echo "${MACHINE}-hp-hpux"; exit 0
+ ;;
+ esac
+ ;;
+
+ IRIX:5.*)
+ echo "mips2-sgi-irix"; exit 0
+ ;;
+
+ IRIX:6.*)
+ echo "mips3-sgi-irix"; exit 0
+ ;;
+
+ IRIX64:*)
+ echo "mips4-sgi-irix64"; exit 0
+ ;;
+
+ Linux:[2-9].*)
+ echo "${MACHINE}-whatever-linux2"; exit 0
+ ;;
+
+ Linux:1.*)
+ echo "${MACHINE}-whatever-linux1"; exit 0
+ ;;
+
+ GNU*)
+ echo "hurd-x86"; exit 0;
+ ;;
+
+ LynxOS:*)
+ echo "${MACHINE}-lynx-lynxos"; exit 0
+ ;;
+
+ BSD/OS:4.*) # BSD/OS always says 386
+ echo "i486-whatever-bsdi4"; exit 0
+ ;;
+
+ BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
+ case `/sbin/sysctl -n hw.model` in
+ Pentium*)
+ echo "i586-whatever-bsdi"; exit 0
+ ;;
+ *)
+ echo "i386-whatever-bsdi"; exit 0
+ ;;
+ esac;
+ ;;
+
+ BSD/386:*|BSD/OS:*)
+ echo "${MACHINE}-whatever-bsdi"; exit 0
+ ;;
+
+ FreeBSD:*:*:*386*)
+ VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+ MACH=`sysctl -n hw.model`
+ ARCH='whatever'
+ case ${MACH} in
+ *386* ) MACH="i386" ;;
+ *486* ) MACH="i486" ;;
+ Pentium\ II*) MACH="i686" ;;
+ Pentium* ) MACH="i586" ;;
+ * ) MACH="$MACHINE" ;;
+ esac
+ case ${MACH} in
+ i[0-9]86 ) ARCH="pc" ;;
+ esac
+ echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+ ;;
+
+ FreeBSD:*)
+ echo "${MACHINE}-whatever-freebsd"; exit 0
+ ;;
+
+ NetBSD:*:*:*386*)
+ echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+ ;;
+
+ NetBSD:*)
+ echo "${MACHINE}-whatever-netbsd"; exit 0
+ ;;
+
+ OpenBSD:*)
+ echo "${MACHINE}-whatever-openbsd"; exit 0
+ ;;
+
+ OpenUNIX:*)
+ echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+ ;;
+
+ OSF1:*:*:*alpha*)
+ OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+ case "$OSFMAJOR" in
+ 4|5)
+ echo "${MACHINE}-dec-tru64"; exit 0
+ ;;
+ 1|2|3)
+ echo "${MACHINE}-dec-osf"; exit 0
+ ;;
+ *)
+ echo "${MACHINE}-dec-osf"; exit 0
+ ;;
+ esac
+ ;;
+
+ QNX:*)
+ case "$RELEASE" in
+ 4*)
+ echo "${MACHINE}-whatever-qnx4"
+ ;;
+ 6*)
+ echo "${MACHINE}-whatever-qnx6"
+ ;;
+ *)
+ echo "${MACHINE}-whatever-qnx"
+ ;;
+ esac
+ exit 0
+ ;;
+
+ Paragon*:*:*:*)
+ echo "i860-intel-osf1"; exit 0
+ ;;
+
+ Rhapsody:*)
+ echo "ppc-apple-rhapsody"; exit 0
+ ;;
+
+ Darwin:*)
+ case "$MACHINE" in
+ Power*)
+ echo "ppc-apple-darwin${VERSION}"
+ ;;
+ *)
+ echo "i386-apple-darwin${VERSION}"
+ ;;
+ esac
+ exit 0
+ ;;
+
+ SunOS:5.*)
+ echo "${MACHINE}-whatever-solaris2"; exit 0
+ ;;
+
+ SunOS:*)
+ echo "${MACHINE}-sun-sunos4"; exit 0
+ ;;
+
+ UNIX_System_V:4.*:*)
+ echo "${MACHINE}-whatever-sysv4"; exit 0
+ ;;
+
+ VOS:*:*:i786)
+ echo "i386-stratus-vos"; exit 0
+ ;;
+
+ VOS:*:*:*)
+ echo "hppa1.1-stratus-vos"; exit 0
+ ;;
+
+ *:4*:R4*:m88k)
+ echo "${MACHINE}-whatever-sysv4"; exit 0
+ ;;
+
+ DYNIX/ptx:4*:*)
+ echo "${MACHINE}-whatever-sysv4"; exit 0
+ ;;
+
+ *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
+ echo "i486-ncr-sysv4"; exit 0
+ ;;
+
+ ULTRIX:*)
+ echo "${MACHINE}-unknown-ultrix"; exit 0
+ ;;
+
+ SINIX*|ReliantUNIX*)
+ echo "${MACHINE}-siemens-sysv4"; exit 0
+ ;;
+
+ POSIX-BC*)
+ echo "${MACHINE}-siemens-sysv4"; exit 0 # Here, $MACHINE == "BS2000"
+ ;;
+
+ machten:*)
+ echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
+ ;;
+
+ library:*)
+ echo "${MACHINE}-ncr-sysv4"; exit 0
+ ;;
+
+ ConvexOS:*:11.0:*)
+ echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
+ ;;
+
+ NEWS-OS:4.*)
+ echo "mips-sony-newsos4"; exit 0;
+ ;;
+
+ MINGW*)
+ echo "${MACHINE}-whatever-mingw"; exit 0;
+ ;;
+ CYGWIN*)
+ case "$RELEASE" in
+ [bB]*|1.0|1.[12].*)
+ echo "${MACHINE}-whatever-cygwin_pre1.3"
+ ;;
+ *)
+ echo "${MACHINE}-whatever-cygwin"
+ ;;
+ esac
+ exit 0
+ ;;
+
+ *"CRAY T3E")
+ echo "t3e-cray-unicosmk"; exit 0;
+ ;;
+
+ *CRAY*)
+ echo "j90-cray-unicos"; exit 0;
+ ;;
+
+ NONSTOP_KERNEL*)
+ echo "nsr-tandem-nsk"; exit 0;
+ ;;
+esac
+
+#
+# Ugg. These are all we can determine by what we know about
+# the output of uname. Be more creative:
+#
+
+# Do the Apollo stuff first. Here, we just simply assume
+# that the existance of the /usr/apollo directory is proof
+# enough
+if [ -d /usr/apollo ]; then
+ echo "whatever-apollo-whatever"
+ exit 0
+fi
+
+# Now NeXT
+ISNEXT=`hostinfo 2>/dev/null`
+case "$ISNEXT" in
+ *'NeXT Mach 3.3'*)
+ echo "whatever-next-nextstep3.3"; exit 0
+ ;;
+ *NeXT*)
+ echo "whatever-next-nextstep"; exit 0
+ ;;
+esac
+
+# At this point we gone through all the one's
+# we know of: Punt
+
+echo "${MACHINE}-whatever-${SYSTEM}"
+exit 0
+) 2>/dev/null | (
+
+# ---------------------------------------------------------------------------
+# this is where the translation occurs into SSLeay terms
+# ---------------------------------------------------------------------------
+
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
+if [ "$GCCVER" != "" ]; then
+ # then strip off whatever prefix egcs prepends the number with...
+ # Hopefully, this will work for any future prefixes as well.
+ GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
+ # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
+ # does give us what we want though, so we use that. We just just the
+ # major and minor version numbers.
+ # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+ GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+fi
+
+# Only set CC if not supplied already
+if [ -z "$CC" ]; then
+# figure out if gcc is available and if so we use it otherwise
+# we fallback to whatever cc does on the system
+ if [ "$GCCVER" != "" ]; then
+ CC=gcc
+ else
+ CC=cc
+ fi
+fi
+GCCVER=${GCCVER:-0}
+if [ "$SYSTEM" = "HP-UX" ];then
+ # By default gcc is a ILP32 compiler (with long long == 64).
+ GCC_BITS="32"
+ if [ $GCCVER -ge 30 ]; then
+ # PA64 support only came in with gcc 3.0.x.
+ # We check if the preprocessor symbol __LP64__ is defined...
+ if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
+ : # __LP64__ has slipped through, it therefore is not defined
+ else
+ GCC_BITS="64"
+ fi
+ fi
+fi
+if [ "$SYSTEM" = "SunOS" ]; then
+ if [ $GCCVER -ge 30 ]; then
+ # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
+ # to be working, at the very least 'make test' passes...
+ if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
+ GCC_ARCH="-m64"
+ else
+ GCC_ARCH="-m32"
+ fi
+ fi
+ # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+ CCVER=`(cc -V 2>&1) 2>/dev/null | \
+ egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+ sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+ CCVER=${CCVER:-0}
+ if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
+ CC=cc # overrides gcc!!!
+ if [ $CCVER -eq 50 ]; then
+ echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+ echo " patch #107357-01 or later applied."
+ sleep 5
+ fi
+ fi
+fi
+
+if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
+ # check for Compaq C, expected output is "blah-blah C Vx.x"
+ CCCVER=`(ccc -V 2>&1) 2>/dev/null | \
+ egrep -e '.* C V[0-9]\.[0-9]' | \
+ sed 's/.* C V\([0-9]\)\.\([0-9]\).*/\1\2/'`
+ CCCVER=${CCCVER:-0}
+ if [ $CCCVER -gt 60 ]; then
+ CC=ccc # overrides gcc!!! well, ccc outperforms inoticeably
+ # only on hash routines and des, otherwise gcc (2.95)
+ # keeps along rather tight...
+ fi
+fi
+
+if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
+ (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
+fi
+
+CCVER=${CCVER:-0}
+
+# read the output of the embedded GuessOS
+read GUESSOS
+
+echo Operating system: $GUESSOS
+
+# now map the output into SSLeay terms ... really should hack into the
+# script above so we end up with values in vars but that would take
+# more time that I want to waste at the moment
+case "$GUESSOS" in
+ mips2-sgi-irix)
+ CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+ CPU=${CPU:-0}
+ if [ $CPU -ge 4000 ]; then
+ options="$options -mips2"
+ fi
+ OUT="irix-$CC"
+ ;;
+ mips3-sgi-irix)
+ #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+ #CPU=${CPU:-0}
+ #if [ $CPU -ge 5000 ]; then
+ # options="$options -mips4"
+ #else
+ # options="$options -mips3"
+ #fi
+ OUT="irix-mips3-$CC"
+ ;;
+ mips4-sgi-irix64)
+ echo "WARNING! If you wish to build 64-bit library, then you have to"
+ echo " invoke './Configure irix64-mips4-$CC' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+ #CPU=${CPU:-0}
+ #if [ $CPU -ge 5000 ]; then
+ # options="$options -mips4"
+ #else
+ # options="$options -mips3"
+ #fi
+ OUT="irix-mips3-$CC"
+ ;;
+ ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
+ ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+ i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+ alpha-*-linux2)
+ ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+ case ${ISA:-generic} in
+ *[678]) OUT="linux-alpha+bwx-$CC" ;;
+ *) OUT="linux-alpha-$CC" ;;
+ esac
+ if [ "$CC" = "gcc" ]; then
+ case ${ISA:-generic} in
+ EV5|EV45) options="$options -mcpu=ev5";;
+ EV56|PCA56) options="$options -mcpu=ev56";;
+ *) options="$options -mcpu=ev6";;
+ esac
+ fi
+ ;;
+ ppc64-*-linux2)
+ echo "WARNING! If you wish to build 64-bit library, then you have to"
+ echo " invoke './Configure linux-ppc64' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ OUT="linux-ppc"
+ ;;
+ ppc-*-linux2) OUT="linux-ppc" ;;
+ ia64-*-linux?) OUT="linux-ia64" ;;
+ sparc64-*-linux2)
+ echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+ echo " and wish to build 64-bit library, then you have to"
+ echo " invoke './Configure linux64-sparcv9' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ OUT="linux-sparcv9" ;;
+ sparc-*-linux2)
+ KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
+ case ${KARCH:-sun4} in
+ sun4u*) OUT="linux-sparcv9" ;;
+ sun4m) OUT="linux-sparcv8" ;;
+ sun4d) OUT="linux-sparcv8" ;;
+ *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+ esac ;;
+ parisc*-*-linux2)
+ # 64-bit builds under parisc64 linux are not supported and
+ # compiler is expected to generate 32-bit objects...
+ CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo`
+ CPUSCHEDULE=`awk '/^cpu.[ ]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo`
+
+ # ??TODO ?? Model transformations
+ # 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
+ # assuming no further arch. identification will ever be used by GCC.
+ # 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
+ # 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
+ # for these chips in the future.
+ # PA7300LC -> 7100LC (1.1)
+ # PA8200 -> 8000 (2.0)
+ # PA8500 -> 8000 (2.0)
+ # PA8600 -> 8000 (2.0)
+
+ CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
+ # Finish Model transformations
+
+ options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
+ OUT="linux-generic32" ;;
+ arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+ arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+ sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+ sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+ m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+ s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+ s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;;
+ x86_64-*-linux?) OUT="linux-x86_64" ;;
+ *86-*-linux2) OUT="linux-elf"
+ if [ "$GCCVER" -gt 28 ]; then
+ if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
+ options="$options -march=pentium"
+ fi
+ if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
+ options="$options -march=pentiumpro"
+ fi
+ if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
+ options="$options -march=k6"
+ fi
+ fi ;;
+ *-*-linux1) OUT="linux-aout" ;;
+ *-*-linux2) OUT="linux-generic32" ;;
+ sun4[uv]*-*-solaris2)
+ OUT="solaris-sparcv9-$CC"
+ ISA64=`(isalist) 2>/dev/null | grep sparcv9`
+ if [ "$ISA64" != "" ]; then
+ if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
+ echo "WARNING! If you wish to build 64-bit library, then you have to"
+ echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
+ # $GCC_ARCH denotes default ABI chosen by compiler driver
+ # (first one found on the $PATH). I assume that user
+ # expects certain consistency with the rest of his builds
+ # and therefore switch over to 64-bit. <appro>
+ OUT="solaris64-sparcv9-gcc"
+ echo "WARNING! If you wish to build 32-bit library, then you have to"
+ echo " invoke './Configure solaris-sparcv9-gcc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ elif [ "$GCC_ARCH" = "-m32" ]; then
+ echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
+ echo " and wish to build 64-bit library, then you have to"
+ echo " invoke './Configure solaris64-sparcv9-gcc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ fi
+ fi
+ ;;
+ sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
+ sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
+ sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
+ *86*-*-solaris2)
+ ISA64=`(isalist) 2>/dev/null | grep amd64`
+ if [ "$ISA64" != "" ]; then
+ OUT="solaris64-x86_64-$CC"
+ else
+ OUT="solaris-x86-$CC"
+ if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
+ options="$options no-sse2"
+ fi
+ fi
+ ;;
+ *-*-sunos4) OUT="sunos-$CC" ;;
+
+ *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
+ alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;;
+ powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;;
+ sparc64-*-*bsd*) OUT="BSD-sparc64" ;;
+ ia64-*-*bsd*) OUT="BSD-ia64" ;;
+ amd64-*-*bsd*) OUT="BSD-x86_64" ;;
+ *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
+ if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
+ libc=/usr/lib/libc.so
+ else # OpenBSD
+ # ld searches for highest libc.so.* and so do we
+ libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null`
+ fi
+ case "`(file -L $libc) 2>/dev/null`" in
+ *ELF*) OUT="BSD-x86-elf" ;;
+ *) OUT="BSD-x86"; options="$options no-sse2" ;;
+ esac ;;
+ *-*-*bsd*) OUT="BSD-generic32" ;;
+
+ *-*-osf) OUT="osf1-alpha-cc" ;;
+ *-*-tru64) OUT="tru64-alpha-cc" ;;
+ *-*-[Uu]nix[Ww]are7)
+ if [ "$CC" = "gcc" ]; then
+ OUT="unixware-7-gcc" ; options="$options no-sse2"
+ else
+ OUT="unixware-7" ; options="$options no-sse2 -D__i386__"
+ fi
+ ;;
+ *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
+ *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
+ *-*-vos)
+ options="$options no-threads no-shared no-asm no-dso"
+ EXE=".pm"
+ OUT="vos-$CC" ;;
+ BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+ RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+ *-siemens-sysv4) OUT="SINIX" ;;
+ *-hpux1*)
+ if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
+ OUT="hpux64-parisc2-gcc"
+ fi
+ KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+ KERNEL_BITS=${KERNEL_BITS:-32}
+ CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
+ CPU_VERSION=${CPU_VERSION:-0}
+ # See <sys/unistd.h> for further info on CPU_VERSION.
+ if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
+ echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
+ echo " If you wish to build 32-bit library, the you have to"
+ echo " invoke './Configure hpux-ia64-cc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ OUT="hpux64-ia64-cc"
+ elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU
+ OUT=${OUT:-"hpux-parisc2-${CC}"}
+ if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+ echo "WARNING! If you wish to build 64-bit library then you have to"
+ echo " invoke './Configure hpux64-parisc2-cc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ fi
+ elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
+ OUT="hpux-parisc-${CC}"
+ elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
+ OUT="hpux-parisc-${CC}"
+ else # Motorola(?) CPU
+ OUT="hpux-$CC"
+ fi
+ options="$options -D_REENTRANT" ;;
+ *-hpux) OUT="hpux-parisc-$CC" ;;
+ *-aix)
+ KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
+ KERNEL_BITS=${KERNEL_BITS:-32}
+ OBJECT_MODE=${OBJECT_MODE:-32}
+ if [ "$CC" = "gcc" ]; then
+ OUT="aix-gcc"
+ if [ $OBJECT_MODE -eq 64 ]; then
+ echo 'Your $OBJECT_MODE was found to be set to 64'
+ OUT="aix64-gcc"
+ fi
+ elif [ $OBJECT_MODE -eq 64 ]; then
+ echo 'Your $OBJECT_MODE was found to be set to 64'
+ OUT="aix64-cc"
+ else
+ OUT="aix-cc"
+ if [ $KERNEL_BITS -eq 64 ]; then
+ echo "WARNING! If you wish to build 64-bit kit, then you have to"
+ echo " invoke './Configure aix64-cc' *manually*."
+ if [ "$TEST" = "false" -a -t 1 ]; then
+ echo " You have ~5 seconds to press Ctrl-C to abort."
+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+ fi
+ fi
+ fi
+ if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then
+ : # this applies even to Power3 and later, as they return PowerPC_POWER[345]
+ else
+ options="$options no-asm"
+ fi
+ ;;
+ # these are all covered by the catchall below
+ # *-dgux) OUT="dgux" ;;
+ mips-sony-newsos4) OUT="newsos4-gcc" ;;
+ *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
+ *-*-cygwin) OUT="Cygwin" ;;
+ t3e-cray-unicosmk) OUT="cray-t3e" ;;
+ j90-cray-unicos) OUT="cray-j90" ;;
+ nsr-tandem-nsk) OUT="tandem-c89" ;;
+ x86pc-*-qnx6) OUT="QNX6-i386" ;;
+ *-*-qnx6) OUT="QNX6" ;;
+ *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+esac
+
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
+# See whether we can compile Atalla support
+#if [ -f /usr/include/atasi.h ]
+#then
+# options="$options -DATALLA"
+#fi
+
+($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
+ grep \\--noexecstack) 2>&1 > /dev/null && \
+ options="$options -Wa,--noexecstack"
+
+# gcc < 2.8 does not support -march=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+ echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
+ echo " Upgrade to gcc-2.8 or later."
+ sleep 5
+ OUT=solaris-sparcv8-gcc
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+ echo "WARNING! Falling down to 'linux-sparcv8'."
+ echo " Upgrade to gcc-2.8 or later."
+ sleep 5
+ OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+ i386-*) options="$options 386" ;;
+esac
+
+for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha
+do
+ if [ ! -d crypto/$i ]
+ then
+ options="$options no-$i"
+ fi
+done
+
+# Discover Kerberos 5 (since it's still a prototype, we don't
+# do any guesses yet, that's why this section is commented away.
+#if [ -d /usr/kerberos ]; then
+# krb5_dir=/usr/kerberos
+# if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
+# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+# -a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
+# -a \( -f $krb5_dir/include/krb5.h \) ]; then
+# options="$options --with-krb5-flavor=MIT"
+# fi
+#elif [ -d /usr/heimdal ]; then
+# krb5_dir=/usr/heimdal
+# if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
+# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+# -a \( -f $krb5_dir/include/krb5.h \) ]; then
+# options="$options --with-krb5-flavor=Heimdal"
+# fi
+#fi
+
+if [ -z "$OUT" ]; then
+ OUT="$CC"
+fi
+
+if [ ".$PERL" = . ] ; then
+ for i in . `echo $PATH | sed 's/:/ /g'`; do
+ if [ -f "$i/perl5$EXE" ] ; then
+ PERL="$i/perl5$EXE"
+ break;
+ fi;
+ done
+fi
+
+if [ ".$PERL" = . ] ; then
+ for i in . `echo $PATH | sed 's/:/ /g'`; do
+ if [ -f "$i/perl$EXE" ] ; then
+ if "$i/perl$EXE" -e 'exit($]<5.0)'; then
+ PERL="$i/perl$EXE"
+ break;
+ fi;
+ fi;
+ done
+fi
+
+if [ ".$PERL" = . ] ; then
+ echo "You need Perl 5."
+ exit 1
+fi
+
+# run Configure to check to see if we need to specify the
+# compiler for the platform ... in which case we add it on
+# the end ... otherwise we leave it off
+
+$PERL ./Configure LIST | grep "$OUT-$CC" > /dev/null
+if [ $? = "0" ]; then
+ OUT="$OUT-$CC"
+fi
+
+OUT="$PREFIX$OUT"
+
+$PERL ./Configure LIST | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+ echo Configuring for $OUT
+
+ if [ "$TEST" = "true" ]; then
+ echo $PERL ./Configure $OUT $options
+ else
+ $PERL ./Configure $OUT $options
+ fi
+else
+ echo "This system ($OUT) is not supported. See file INSTALL for details."
+fi
+)
Added: vendor-crypto/openssl/dist/crypto/LPdir_nyi.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_nyi.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_nyi.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,42 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+struct LP_dir_context_st { void *dummy; };
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+ {
+ errno = EINVAL;
+ return 0;
+ }
+int LP_find_file_end(LP_DIR_CTX **ctx)
+ {
+ errno = EINVAL;
+ return 0;
+ }
Added: vendor-crypto/openssl/dist/crypto/LPdir_unix.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_unix.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_unix.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,127 @@
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* The POSIXly macro for the maximum number of characters in a file path
+ is NAME_MAX. However, some operating systems use PATH_MAX instead.
+ Therefore, it seems natural to first check for PATH_MAX and use that,
+ and if it doesn't exist, use NAME_MAX. */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+ exist. It's also possible that NAME_MAX exists but is define to a
+ very small value (HP-UX offers 14), so we need to check if we got a
+ result, and if it meets a minimum standard, and create or change it
+ if not. */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st
+{
+ DIR *dir;
+ char entry_name[LP_ENTRY_SIZE+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ struct dirent *direntry = NULL;
+
+ if (ctx == NULL || directory == NULL)
+ {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL)
+ {
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL)
+ {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ (*ctx)->dir = opendir(directory);
+ if ((*ctx)->dir == NULL)
+ {
+ int save_errno = errno; /* Probably not needed, but I'm paranoid */
+ free(*ctx);
+ *ctx = NULL;
+ errno = save_errno;
+ return 0;
+ }
+ }
+
+ direntry = readdir((*ctx)->dir);
+ if (direntry == NULL)
+ {
+ return 0;
+ }
+
+ strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
+ (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+ return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL)
+ {
+ int ret = closedir((*ctx)->dir);
+
+ free(*ctx);
+ switch (ret)
+ {
+ case 0:
+ return 1;
+ case -1:
+ return 0;
+ default:
+ break;
+ }
+ }
+ errno = EINVAL;
+ return 0;
+}
Added: vendor-crypto/openssl/dist/crypto/LPdir_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_vms.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_vms.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,199 @@
+/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* Because some compiler options hide this macor */
+#ifndef EVMSERR
+#define EVMSERR 65535 /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st
+{
+ unsigned long VMS_context;
+#ifdef NAML$C_MAXRSS
+ char filespec[NAML$C_MAXRSS+1];
+ char result[NAML$C_MAXRSS+1];
+#else
+ char filespec[256];
+ char result[256];
+#endif
+ struct dsc$descriptor_d filespec_dsc;
+ struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ int status;
+ char *p, *r;
+ size_t l;
+ unsigned long flags = 0;
+#ifdef NAML$C_MAXRSS
+ flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+ if (ctx == NULL || directory == NULL)
+ {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL)
+ {
+ size_t filespeclen = strlen(directory);
+ char *filespec = NULL;
+
+ /* MUST be a VMS directory specification! Let's estimate if it is. */
+ if (directory[filespeclen-1] != ']'
+ && directory[filespeclen-1] != '>'
+ && directory[filespeclen-1] != ':')
+ {
+ errno = EINVAL;
+ return 0;
+ }
+
+ filespeclen += 4; /* "*.*;" */
+
+ if (filespeclen >
+#ifdef NAML$C_MAXRSS
+ NAML$C_MAXRSS
+#else
+ 255
+#endif
+ )
+ {
+ errno = ENAMETOOLONG;
+ return 0;
+ }
+
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL)
+ {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ strcpy((*ctx)->filespec,directory);
+ strcat((*ctx)->filespec,"*.*;");
+ (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+ (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+ (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
+ (*ctx)->result_dsc.dsc$w_length = 0;
+ (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+ (*ctx)->result_dsc.dsc$a_pointer = 0;
+ }
+
+ (*ctx)->result_dsc.dsc$w_length = 0;
+ (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+ (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+ status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+ &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+ if (status == RMS$_NMF)
+ {
+ errno = 0;
+ vaxc$errno = status;
+ return NULL;
+ }
+
+ if(!$VMS_STATUS_SUCCESS(status))
+ {
+ errno = EVMSERR;
+ vaxc$errno = status;
+ return NULL;
+ }
+
+ /* Quick, cheap and dirty way to discard any device and directory,
+ since we only want file names */
+ l = (*ctx)->result_dsc.dsc$w_length;
+ p = (*ctx)->result_dsc.dsc$a_pointer;
+ r = p;
+ for (; *p; p++)
+ {
+ if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+ {
+ p++;
+ }
+ else if (*p == ':' || *p == '>' || *p == ']')
+ {
+ l -= p + 1 - r;
+ r = p + 1;
+ }
+ else if (*p == ';')
+ {
+ l = p - r;
+ break;
+ }
+ }
+
+ strncpy((*ctx)->result, r, l);
+ (*ctx)->result[l] = '\0';
+ str$free1_dx(&(*ctx)->result_dsc);
+
+ return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL)
+ {
+ int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+ free(*ctx);
+
+ if(!$VMS_STATUS_SUCCESS(status))
+ {
+ errno = EVMSERR;
+ vaxc$errno = status;
+ return 0;
+ }
+ return 1;
+ }
+ errno = EINVAL;
+ return 0;
+}
+
Added: vendor-crypto/openssl/dist/crypto/LPdir_win.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_win.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_win.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,155 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <windows.h>
+#include <tchar.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* We're most likely overcautious here, but let's reserve for
+ broken WinCE headers and explicitly opt for UNICODE call.
+ Keep in mind that our WinCE builds are compiled with -DUNICODE
+ [as well as -D_UNICODE]. */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
+
+struct LP_dir_context_st
+{
+ WIN32_FIND_DATA ctx;
+ HANDLE handle;
+ char entry_name[NAME_MAX+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ struct dirent *direntry = NULL;
+
+ if (ctx == NULL || directory == NULL)
+ {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL)
+ {
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL)
+ {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ if (sizeof(TCHAR) != sizeof(char))
+ {
+ TCHAR *wdir = NULL;
+ /* len_0 denotes string length *with* trailing 0 */
+ size_t index = 0,len_0 = strlen(directory) + 1;
+
+ wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+ if (wdir == NULL)
+ {
+ free(*ctx);
+ *ctx = NULL;
+ errno = ENOMEM;
+ return 0;
+ }
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+ if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+#endif
+ for (index = 0; index < len_0; index++)
+ wdir[index] = (TCHAR)directory[index];
+
+ (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+
+ free(wdir);
+ }
+ else
+ (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+
+ if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+ {
+ free(*ctx);
+ *ctx = NULL;
+ errno = EINVAL;
+ return 0;
+ }
+ }
+ else
+ {
+ if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+ {
+ return 0;
+ }
+ }
+
+ if (sizeof(TCHAR) != sizeof(char))
+ {
+ TCHAR *wdir = (*ctx)->ctx.cFileName;
+ size_t index, len_0 = 0;
+
+ while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
+ len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+ if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+ sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+ for (index = 0; index < len_0; index++)
+ (*ctx)->entry_name[index] = (char)wdir[index];
+ }
+ else
+ strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+ sizeof((*ctx)->entry_name)-1);
+
+ (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
+
+ return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL)
+ {
+ FindClose((*ctx)->handle);
+ free(*ctx);
+ *ctx = NULL;
+ return 1;
+ }
+ errno = EINVAL;
+ return 0;
+}
Added: vendor-crypto/openssl/dist/crypto/LPdir_win32.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_win32.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_win32.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,30 @@
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
Added: vendor-crypto/openssl/dist/crypto/LPdir_wince.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_wince.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/LPdir_wince.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,31 @@
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently
+ under investigation what the exact conditions would be */
+#include "LPdir_win.c"
Added: vendor-crypto/openssl/dist/crypto/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,224 @@
+#
+# OpenSSL/crypto/Makefile
+#
+
+DIR= crypto
+TOP= ..
+CC= cc
+INCLUDE= -I. -I$(TOP) -I../include
+# INCLUDES targets sudbirs!
+INCLUDES= -I.. -I../.. -I../../include
+CFLAG= -g
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+RM= rm -f
+AR= ar r
+
+RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
+ (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
+ $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
+ done;
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= $(INCLUDE) $(CFLAG)
+ASFLAGS= $(INCLUDE) $(ASFLAG)
+AFLAGS=$(ASFLAGS)
+
+LIBS=
+
+GENERAL=Makefile README crypto-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
+LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+ ossl_typ.h
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: lib
+
+buildinf.h: ../Makefile
+ ( echo "#ifndef MK1MF_BUILD"; \
+ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+ echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
+ echo ' #define PLATFORM "$(PLATFORM)"'; \
+ echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+ echo '#endif' ) >buildinf.h
+
+x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
+x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
+x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
+
+uplink.o: ../ms/uplink.c
+ $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
+
+uplink-cof.s: ../ms/uplink.pl
+ $(PERL) ../ms/uplink.pl coff > $@
+
+x86_64cpuid.s: x86_64cpuid.pl
+ $(PERL) x86_64cpuid.pl $@
+ia64cpuid.s: ia64cpuid.S
+ $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+
+testapps:
+ [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \
+ then cd des && $(MAKE) -e des; fi )
+ [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+subdirs:
+ @target=all; $(RECURSIVE_MAKE)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+ @target=files; $(RECURSIVE_MAKE)
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+ @target=links; $(RECURSIVE_MAKE)
+
+# lib: and $(LIB): are splitted to avoid end-less loop
+lib: buildinf.h $(LIB) subdirs
+ @touch lib
+$(LIB): $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+shared: buildinf.h lib subdirs
+ if [ -n "$(SHARED_LIBS)" ]; then \
+ (cd ..; $(MAKE) $(SHARED_LIB)); \
+ fi
+
+libs:
+ @target=lib; $(RECURSIVE_MAKE)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @target=install; $(RECURSIVE_MAKE)
+
+lint:
+ @target=lint; $(RECURSIVE_MAKE)
+
+depend:
+ @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+ @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+ @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+clean:
+ rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ @target=clean; $(RECURSIVE_MAKE)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+ @target=dclean; $(RECURSIVE_MAKE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cpt_err.o: ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c
+cryptlib.o: cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h cversion.c
+dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+dyn_lck.o: dyn_lck.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+ex_data.o: ex_data.c
+fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
+fips_err.o: fips_err.h
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem.o: mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_dbg.o: mem_dbg.c
+o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_dir.o: LPdir_unix.c o_dir.c o_dir.h
+o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
+o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+o_init.o: ../include/openssl/symhacks.h o_init.c
+o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_str.o: o_str.c o_str.h
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c
Added: vendor-crypto/openssl/dist/crypto/aes/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,131 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR= aes
+TOP= ../..
+CC= cc
+CPP= $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+AES_ASM_OBJ=aes_core.o aes_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
+ aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
+ $(AES_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+aes-ia64.s: asm/aes-ia64.S
+ $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
+
+ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+
+aes-x86_64.s: asm/aes-x86_64.pl
+ $(PERL) asm/aes-x86_64.pl $@
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
+aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_cfb.o: aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
+aes_ige.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
+aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
+aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+aes_wrap.o: ../../include/openssl/opensslconf.h
+aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
Added: vendor-crypto/openssl/dist/crypto/aes/README
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/README (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/README 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,3 @@
+This is an OpenSSL-compatible version of AES (also called Rijndael).
+aes_core.c is basically the same as rijndael-alg-fst.c but with an
+API that looks like the rest of the OpenSSL symmetric cipher suite.
Added: vendor-crypto/openssl/dist/crypto/aes/aes.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,148 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+#define HEADER_AES_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#define AES_ENCRYPT 1
+#define AES_DECRYPT 0
+
+/* Because array size can't be a const in C, the following two are macros.
+ Both sizes are in bytes. */
+#define AES_MAXNR 14
+#define AES_BLOCK_SIZE 16
+
+#ifdef OPENSSL_FIPS
+#define FIPS_AES_SIZE_T int
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+#ifdef AES_LONG
+ unsigned long rd_key[4 *(AES_MAXNR + 1)];
+#else
+ unsigned int rd_key[4 *(AES_MAXNR + 1)];
+#endif
+ int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+ const int nbits,const AES_KEY *key,
+ unsigned char *ivec,const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char ivec[AES_BLOCK_SIZE],
+ unsigned char ecount_buf[AES_BLOCK_SIZE],
+ unsigned int *num);
+
+/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ const AES_KEY *key2, const unsigned char *ivec,
+ const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */
Added: vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,133 @@
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#if !defined(OPENSSL_FIPS_AES_ASM)
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc) {
+
+ unsigned long n;
+ unsigned long len = length;
+ unsigned char tmp[AES_BLOCK_SIZE];
+ const unsigned char *iv = ivec;
+
+ assert(in && out && key && ivec);
+ assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+ if (AES_ENCRYPT == enc) {
+ while (len >= AES_BLOCK_SIZE) {
+ for(n=0; n < AES_BLOCK_SIZE; ++n)
+ out[n] = in[n] ^ iv[n];
+ AES_encrypt(out, out, key);
+ iv = out;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ for(n=0; n < len; ++n)
+ out[n] = in[n] ^ iv[n];
+ for(n=len; n < AES_BLOCK_SIZE; ++n)
+ out[n] = iv[n];
+ AES_encrypt(out, out, key);
+ iv = out;
+ }
+ memcpy(ivec,iv,AES_BLOCK_SIZE);
+ } else if (in != out) {
+ while (len >= AES_BLOCK_SIZE) {
+ AES_decrypt(in, out, key);
+ for(n=0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ iv = in;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ AES_decrypt(in,tmp,key);
+ for(n=0; n < len; ++n)
+ out[n] = tmp[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec,iv,AES_BLOCK_SIZE);
+ } else {
+ while (len >= AES_BLOCK_SIZE) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(in, out, key);
+ for(n=0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= ivec[n];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(tmp, out, key);
+ for(n=0; n < len; ++n)
+ out[n] ^= ivec[n];
+ for(n=len; n < AES_BLOCK_SIZE; ++n)
+ out[n] = tmp[n];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ }
+ }
+}
+#endif
Added: vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,224 @@
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+#include "e_os.h"
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc) {
+
+ unsigned int n;
+ unsigned long l = length;
+ unsigned char c;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ ivec[n] = *(out++) = *(in++) ^ ivec[n];
+ n = (n+1) % AES_BLOCK_SIZE;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ c = *(in);
+ *(out++) = *(in++) ^ ivec[n];
+ ivec[n] = c;
+ n = (n+1) % AES_BLOCK_SIZE;
+ }
+ }
+
+ *num=n;
+}
+
+/* This expects a single block of size nbits for both in and out. Note that
+ it corrupts any extra bits in the last byte of out */
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+ const int nbits,const AES_KEY *key,
+ unsigned char *ivec,const int enc)
+ {
+ int n,rem,num;
+ unsigned char ovec[AES_BLOCK_SIZE*2];
+
+ if (nbits<=0 || nbits>128) return;
+
+ /* fill in the first half of the new IV with the current IV */
+ memcpy(ovec,ivec,AES_BLOCK_SIZE);
+ /* construct the new IV */
+ AES_encrypt(ivec,ivec,key);
+ num = (nbits+7)/8;
+ if (enc) /* encrypt the input */
+ for(n=0 ; n < num ; ++n)
+ out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+ else /* decrypt the input */
+ for(n=0 ; n < num ; ++n)
+ out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+ /* shift ovec left... */
+ rem = nbits%8;
+ num = nbits/8;
+ if(rem==0)
+ memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
+ else
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+ /* it is not necessary to cleanse ovec, since the IV is not secret */
+ }
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+ {
+ unsigned int n;
+ unsigned char c[1],d[1];
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for(n=0 ; n < length ; ++n)
+ {
+ c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+ AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+ out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+ }
+ }
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+ {
+ unsigned int n;
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for(n=0 ; n < length ; ++n)
+ AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/aes/aes_core.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_core.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_core.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1167 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto at terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+ compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include "aes_locl.h"
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+ 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+ 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+ 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+ 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+ 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+ 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+ 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+ 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+ 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+ 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+ 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+ 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+ 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+ 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+ 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+ 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+ 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+ 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+ 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+ 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+ 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+ 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+ 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+ 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+ 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+ 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+ 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+ 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+ 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+ 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+ 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+ 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+ 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+ 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+ 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+ 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+ 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+ 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+ 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+ 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+ 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+ 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+ 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+ 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+ 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+ 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+ 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+ 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+ 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+ 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+ 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+ 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+ 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+ 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+ 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+ 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+ 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+ 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+ 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+ 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+ 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+ 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+ 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+ 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+ 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+ 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+ 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+ 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+ 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+ 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+ 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+ 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+ 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+ 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+ 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+ 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+ 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+ 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+ 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+ 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+ 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+ 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+ 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+ 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+ 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+ 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+ 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+ 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+ 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+ 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+ 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+ 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+ 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+ 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+ 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+ 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+ 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+ 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+ 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+ 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+ 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+ 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+ 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+ 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+ 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+ 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+ 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+ 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+ 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+ 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+ 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+ 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+ 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+ 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+ 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+ 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+ 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+ 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+ 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+ 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+ 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+ 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+ 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+ 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+ 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+ 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+ 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+ 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+ 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+ 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+ 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+ 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+ 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+ 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+ 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+ 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+ 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+ 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+ 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+ 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+ 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+ 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+ 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+ 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+ 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+ 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+ 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+ 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+ 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+ 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+ 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+ 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+ 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+ 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+ 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+ 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+ 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+ 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+ 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+ 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+ 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+ 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+ 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+ 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+ 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+ 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+ 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+ 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+ 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+ 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+ 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+ 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+ 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+ 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+ 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+ 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+ 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+ 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+ 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+ 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+ 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+ 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+ 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+ 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+ 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+ 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+ 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+ 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+ 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+ 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+ 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+ 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+ 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+ 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+ 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+ 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+ 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+ 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+ 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+ 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+ 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+ 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+ 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+ 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+ 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+ 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+ 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+ 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+ 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+ 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+ 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+ 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+ 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+ 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+ 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+ 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+ 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+ 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+ 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+ 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+ 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+ 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+ 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+ 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+ 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+ 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+ 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+ 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+ 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+ 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+ 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+ 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+ 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+ 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+ 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+ 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+ 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+ 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+ 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+ 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+ 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+ 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+ 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+ 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+ 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+ 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+ 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+ 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+ 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+ 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+ 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+ 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+ 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+ 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+ 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+ 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+ 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+ 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+ 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+ 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+ 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+ 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+ 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+ 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+ 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+ 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+ 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+ 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+ 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+ 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+ 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+ 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+ 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+ 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+ 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+ 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+ 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+ 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+ 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+ 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+ 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+ 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+ 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+ 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+ 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+ 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+ 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+ 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+ 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+ 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+ 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+ 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+ 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+ 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+ 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+ 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+ 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+ 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+ 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+ 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+ 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+ 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+ 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+ 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+ 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+ 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+ 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+ 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+ 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+ 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+ 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+ 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+ 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+ 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+ 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+ 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+ 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+ 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+ 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+ 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+ 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+ 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+ 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+ 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+ 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+ 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+ 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+ 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+ 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+ 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+ 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+ 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+ 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+ 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+ 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+ 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+ 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+ 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+ 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+ 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+ 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+ 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+ 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+ 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+ 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+ 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+ 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+ 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+ 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+ 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+ 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+ 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+ 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+ 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+ 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+ 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+ 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+ 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+ 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+ 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+ 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+ 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+ 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+ 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+ 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+ 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+ 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+ 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+ 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+ 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+ 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+ 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+ 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+ 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+ 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+ 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+ 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+ 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+ 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+ 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+ 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+ 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+ 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+ 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+ 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+ 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+ 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+ 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+ 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+ 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+ 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+ 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+ 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+ 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+ 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+ 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+ 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+ 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+ 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+ 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+ 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+ 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+ 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+ 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+ 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+ 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+ 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+ 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+ 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+ 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+ 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+ 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+ 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+ 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+ 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+ 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+ 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+ 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+ 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+ 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+ 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+ 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+ 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+ 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+ 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+ 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+ 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+ 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+ 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+ 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+ 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+ 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+ 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+ 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+ 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+ 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+ 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+ 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+ 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+ 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+ 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+ 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+ 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+ 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+ 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+ 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+ 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+ 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+ 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+ 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+ 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+ 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+ 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+ 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+ 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+ 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+ 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+ 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+ 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+ 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+ 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+ 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+ 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+ 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+ 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+ 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+ 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+ 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+ 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+ 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+ 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+ 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+ 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+ 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+ 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+ 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+ 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+ 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+ 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+ 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+ 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+ 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+ 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+ 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+ 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+ 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+ 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+ 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+ 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+ 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+ 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+ 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+ 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+ 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+ 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+ 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+ 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+ 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+ 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+ 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+ 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+ 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+ 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+ 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+ 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+ 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+ 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+ 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+ 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+ 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+ 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+ 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000,
+ 0x10000000, 0x20000000, 0x40000000, 0x80000000,
+ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key) {
+
+ u32 *rk;
+ int i = 0;
+ u32 temp;
+
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
+ if (!userKey || !key)
+ return -1;
+ if (bits != 128 && bits != 192 && bits != 256)
+ return -2;
+
+ rk = key->rd_key;
+
+ if (bits==128)
+ key->rounds = 10;
+ else if (bits==192)
+ key->rounds = 12;
+ else
+ key->rounds = 14;
+
+ rk[0] = GETU32(userKey );
+ rk[1] = GETU32(userKey + 4);
+ rk[2] = GETU32(userKey + 8);
+ rk[3] = GETU32(userKey + 12);
+ if (bits == 128) {
+ while (1) {
+ temp = rk[3];
+ rk[4] = rk[0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[5] = rk[1] ^ rk[4];
+ rk[6] = rk[2] ^ rk[5];
+ rk[7] = rk[3] ^ rk[6];
+ if (++i == 10) {
+ return 0;
+ }
+ rk += 4;
+ }
+ }
+ rk[4] = GETU32(userKey + 16);
+ rk[5] = GETU32(userKey + 20);
+ if (bits == 192) {
+ while (1) {
+ temp = rk[ 5];
+ rk[ 6] = rk[ 0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 7] = rk[ 1] ^ rk[ 6];
+ rk[ 8] = rk[ 2] ^ rk[ 7];
+ rk[ 9] = rk[ 3] ^ rk[ 8];
+ if (++i == 8) {
+ return 0;
+ }
+ rk[10] = rk[ 4] ^ rk[ 9];
+ rk[11] = rk[ 5] ^ rk[10];
+ rk += 6;
+ }
+ }
+ rk[6] = GETU32(userKey + 24);
+ rk[7] = GETU32(userKey + 28);
+ if (bits == 256) {
+ while (1) {
+ temp = rk[ 7];
+ rk[ 8] = rk[ 0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 9] = rk[ 1] ^ rk[ 8];
+ rk[10] = rk[ 2] ^ rk[ 9];
+ rk[11] = rk[ 3] ^ rk[10];
+ if (++i == 7) {
+ return 0;
+ }
+ temp = rk[11];
+ rk[12] = rk[ 4] ^
+ (Te2[(temp >> 24) ] & 0xff000000) ^
+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp ) & 0xff] & 0x000000ff);
+ rk[13] = rk[ 5] ^ rk[12];
+ rk[14] = rk[ 6] ^ rk[13];
+ rk[15] = rk[ 7] ^ rk[14];
+
+ rk += 8;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key) {
+
+ u32 *rk;
+ int i, j, status;
+ u32 temp;
+
+ /* first, start with an encryption schedule */
+ status = AES_set_encrypt_key(userKey, bits, key);
+ if (status < 0)
+ return status;
+
+ rk = key->rd_key;
+
+ /* invert the order of the round keys: */
+ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+ }
+ /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+ for (i = 1; i < (key->rounds); i++) {
+ rk += 4;
+ rk[0] =
+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[0] ) & 0xff] & 0xff];
+ rk[1] =
+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[1] ) & 0xff] & 0xff];
+ rk[2] =
+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[2] ) & 0xff] & 0xff];
+ rk[3] =
+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[3] ) & 0xff] & 0xff];
+ }
+ return 0;
+}
+
+#ifndef AES_ASM
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key) {
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Te0[(s0 >> 24) ] ^
+ Te1[(s1 >> 16) & 0xff] ^
+ Te2[(s2 >> 8) & 0xff] ^
+ Te3[(s3 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Te0[(s1 >> 24) ] ^
+ Te1[(s2 >> 16) & 0xff] ^
+ Te2[(s3 >> 8) & 0xff] ^
+ Te3[(s0 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Te0[(s2 >> 24) ] ^
+ Te1[(s3 >> 16) & 0xff] ^
+ Te2[(s0 >> 8) & 0xff] ^
+ Te3[(s1 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Te0[(s3 >> 24) ] ^
+ Te1[(s0 >> 16) & 0xff] ^
+ Te2[(s1 >> 8) & 0xff] ^
+ Te3[(s2 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Te0[(t0 >> 24) ] ^
+ Te1[(t1 >> 16) & 0xff] ^
+ Te2[(t2 >> 8) & 0xff] ^
+ Te3[(t3 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Te0[(t1 >> 24) ] ^
+ Te1[(t2 >> 16) & 0xff] ^
+ Te2[(t3 >> 8) & 0xff] ^
+ Te3[(t0 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Te0[(t2 >> 24) ] ^
+ Te1[(t3 >> 16) & 0xff] ^
+ Te2[(t0 >> 8) & 0xff] ^
+ Te3[(t1 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Te0[(t3 >> 24) ] ^
+ Te1[(t0 >> 16) & 0xff] ^
+ Te2[(t1 >> 8) & 0xff] ^
+ Te3[(t2 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Te2[(t0 >> 24) ] & 0xff000000) ^
+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Te2[(t1 >> 24) ] & 0xff000000) ^
+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Te2[(t2 >> 24) ] & 0xff000000) ^
+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Te2[(t3 >> 24) ] & 0xff000000) ^
+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key) {
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Td0[(s0 >> 24) ] ^
+ Td1[(s3 >> 16) & 0xff] ^
+ Td2[(s2 >> 8) & 0xff] ^
+ Td3[(s1 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Td0[(s1 >> 24) ] ^
+ Td1[(s0 >> 16) & 0xff] ^
+ Td2[(s3 >> 8) & 0xff] ^
+ Td3[(s2 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Td0[(s2 >> 24) ] ^
+ Td1[(s1 >> 16) & 0xff] ^
+ Td2[(s0 >> 8) & 0xff] ^
+ Td3[(s3 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Td0[(s3 >> 24) ] ^
+ Td1[(s2 >> 16) & 0xff] ^
+ Td2[(s1 >> 8) & 0xff] ^
+ Td3[(s0 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Td0[(t0 >> 24) ] ^
+ Td1[(t3 >> 16) & 0xff] ^
+ Td2[(t2 >> 8) & 0xff] ^
+ Td3[(t1 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Td0[(t1 >> 24) ] ^
+ Td1[(t0 >> 16) & 0xff] ^
+ Td2[(t3 >> 8) & 0xff] ^
+ Td3[(t2 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Td0[(t2 >> 24) ] ^
+ Td1[(t1 >> 16) & 0xff] ^
+ Td2[(t0 >> 8) & 0xff] ^
+ Td3[(t3 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Td0[(t3 >> 24) ] ^
+ Td1[(t2 >> 16) & 0xff] ^
+ Td2[(t1 >> 8) & 0xff] ^
+ Td3[(t0 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Td4[(t0 >> 24) ] << 24) ^
+ (Td4[(t3 >> 16) & 0xff] << 16) ^
+ (Td4[(t2 >> 8) & 0xff] << 8) ^
+ (Td4[(t1 ) & 0xff]) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Td4[(t1 >> 24) ] << 24) ^
+ (Td4[(t0 >> 16) & 0xff] << 16) ^
+ (Td4[(t3 >> 8) & 0xff] << 8) ^
+ (Td4[(t2 ) & 0xff]) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Td4[(t2 >> 24) ] << 24) ^
+ (Td4[(t1 >> 16) & 0xff] << 16) ^
+ (Td4[(t0 >> 8) & 0xff] << 8) ^
+ (Td4[(t3 ) & 0xff]) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Td4[(t3 >> 24) ] << 24) ^
+ (Td4[(t2 >> 16) & 0xff] << 16) ^
+ (Td4[(t1 >> 8) & 0xff] << 8) ^
+ (Td4[(t0 ) & 0xff]) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+#endif /* AES_ASM */
Added: vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,139 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 1 */
+static void AES_ctr128_inc(unsigned char *counter) {
+ unsigned long c;
+
+ /* Grab bottom dword of counter and increment */
+ c = GETU32(counter + 12);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 12, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+ c = GETU32(counter + 8);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 8, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+ c = GETU32(counter + 4);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 4, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab top dword of counter and increment */
+ c = GETU32(counter + 0);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 0, c);
+}
+
+/* The input encrypted as though 128bit counter mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf. Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to AES_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV. This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char ivec[AES_BLOCK_SIZE],
+ unsigned char ecount_buf[AES_BLOCK_SIZE],
+ unsigned int *num) {
+
+ unsigned int n;
+ unsigned long l=length;
+
+ assert(in && out && key && counter && num);
+ assert(*num < AES_BLOCK_SIZE);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ecount_buf, key);
+ AES_ctr128_inc(ivec);
+ }
+ *(out++) = *(in++) ^ ecount_buf[n];
+ n = (n+1) % AES_BLOCK_SIZE;
+ }
+
+ *num=n;
+}
Added: vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key, const int enc) {
+
+ assert(in && out && key);
+ assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+ if (AES_ENCRYPT == enc)
+ AES_encrypt(in, out, key);
+ else
+ AES_decrypt(in, out, key);
+}
+
Added: vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ige.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ige.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,323 @@
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+ unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+#define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+#define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+#define load_block(d, s) (d) = *(const aes_block_t *)(s)
+#define store_block(d, s) *(aes_block_t *)(d) = (s)
+#else
+#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
+#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc)
+ {
+ unsigned long n;
+ unsigned long len;
+
+ OPENSSL_assert(in && out && key && ivec);
+ OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+ OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+ len = length / AES_BLOCK_SIZE;
+
+ if (AES_ENCRYPT == enc)
+ {
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+ {
+ aes_block_t *ivp = (aes_block_t *)ivec;
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ aes_block_t *inp = (aes_block_t *)in;
+ aes_block_t *outp = (aes_block_t *)out;
+
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] = inp->data[n] ^ ivp->data[n];
+ AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] ^= iv2p->data[n];
+ ivp = outp;
+ iv2p = inp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ }
+ else
+ {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ load_block(tmp, in);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+ AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp2.data[n] ^= iv2.data[n];
+ store_block(out, tmp2);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+ }
+ }
+ else
+ {
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+ {
+ aes_block_t *ivp = (aes_block_t *)ivec;
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ aes_block_t tmp;
+ aes_block_t *inp = (aes_block_t *)in;
+ aes_block_t *outp = (aes_block_t *)out;
+
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] ^= ivp->data[n];
+ ivp = inp;
+ iv2p = outp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ }
+ else
+ {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ load_block(tmp, in);
+ tmp2 = tmp;
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv2.data[n];
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv.data[n];
+ store_block(out, tmp);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+ }
+ }
+ }
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ const AES_KEY *key2, const unsigned char *ivec,
+ const int enc)
+ {
+ unsigned long n;
+ unsigned long len = length;
+ unsigned char tmp[AES_BLOCK_SIZE];
+ unsigned char tmp2[AES_BLOCK_SIZE];
+ unsigned char tmp3[AES_BLOCK_SIZE];
+ unsigned char prev[AES_BLOCK_SIZE];
+ const unsigned char *iv;
+ const unsigned char *iv2;
+
+ OPENSSL_assert(in && out && key && ivec);
+ OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+ OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+ if (AES_ENCRYPT == enc)
+ {
+ /* XXX: Do a separate case for when in != out (strictly should
+ check for overlap, too) */
+
+ /* First the forward pass */
+ iv = ivec;
+ iv2 = ivec + AES_BLOCK_SIZE;
+ while (len >= AES_BLOCK_SIZE)
+ {
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] = in[n] ^ iv[n];
+ AES_encrypt(out, out, key);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] ^= iv2[n];
+ iv = out;
+ memcpy(prev, in, AES_BLOCK_SIZE);
+ iv2 = prev;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+
+ /* And now backwards */
+ iv = ivec + AES_BLOCK_SIZE*2;
+ iv2 = ivec + AES_BLOCK_SIZE*3;
+ len = length;
+ while(len >= AES_BLOCK_SIZE)
+ {
+ out -= AES_BLOCK_SIZE;
+ /* XXX: reduce copies by alternating between buffers */
+ memcpy(tmp, out, AES_BLOCK_SIZE);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] ^= iv[n];
+ /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
+ AES_encrypt(out, out, key);
+ /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+ /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] ^= iv2[n];
+ /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+ iv = out;
+ memcpy(prev, tmp, AES_BLOCK_SIZE);
+ iv2 = prev;
+ len -= AES_BLOCK_SIZE;
+ }
+ }
+ else
+ {
+ /* First backwards */
+ iv = ivec + AES_BLOCK_SIZE*2;
+ iv2 = ivec + AES_BLOCK_SIZE*3;
+ in += length;
+ out += length;
+ while (len >= AES_BLOCK_SIZE)
+ {
+ in -= AES_BLOCK_SIZE;
+ out -= AES_BLOCK_SIZE;
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ memcpy(tmp2, in, AES_BLOCK_SIZE);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ tmp[n] ^= iv2[n];
+ AES_decrypt(tmp, out, key);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] ^= iv[n];
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+ iv = tmp3;
+ iv2 = out;
+ len -= AES_BLOCK_SIZE;
+ }
+
+ /* And now forwards */
+ iv = ivec;
+ iv2 = ivec + AES_BLOCK_SIZE;
+ len = length;
+ while (len >= AES_BLOCK_SIZE)
+ {
+ memcpy(tmp, out, AES_BLOCK_SIZE);
+ memcpy(tmp2, out, AES_BLOCK_SIZE);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ tmp[n] ^= iv2[n];
+ AES_decrypt(tmp, out, key);
+ for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+ out[n] ^= iv[n];
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+ iv = tmp3;
+ iv2 = out;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ }
+ }
Added: vendor-crypto/openssl/dist/crypto/aes/aes_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_locl.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_locl.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,89 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
+#endif
+
+#ifdef AES_LONG
+typedef unsigned long u32;
+#else
+typedef unsigned int u32;
+#endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC (256/32)
+#define MAXKB (256/8)
+#define MAXNR 14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
Added: vendor-crypto/openssl/dist/crypto/aes/aes_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_misc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_misc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,64 @@
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void) {
+#ifdef FULL_UNROLL
+ return "aes(full)";
+#else
+ return "aes(partial)";
+#endif
+}
Added: vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,142 @@
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num) {
+
+ unsigned int n;
+ unsigned long l=length;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ *(out++) = *(in++) ^ ivec[n];
+ n = (n+1) % AES_BLOCK_SIZE;
+ }
+
+ *num=n;
+}
Added: vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,259 @@
+/* crypto/aes/aes_wrap.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+static const unsigned char default_iv[] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ if ((inlen & 0x7) || (inlen < 8))
+ return -1;
+ A = B;
+ t = 1;
+ memcpy(out + 8, in, inlen);
+ if (!iv)
+ iv = default_iv;
+
+ memcpy(A, iv, 8);
+
+ for (j = 0; j < 6; j++)
+ {
+ R = out + 8;
+ for (i = 0; i < inlen; i += 8, t++, R += 8)
+ {
+ memcpy(B + 8, R, 8);
+ AES_encrypt(B, B, key);
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
+ }
+ memcpy(R, B + 8, 8);
+ }
+ }
+ memcpy(out, A, 8);
+ return inlen + 8;
+ }
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ inlen -= 8;
+ if (inlen & 0x7)
+ return -1;
+ if (inlen < 8)
+ return -1;
+ A = B;
+ t = 6 * (inlen >> 3);
+ memcpy(A, in, 8);
+ memcpy(out, in + 8, inlen);
+ for (j = 0; j < 6; j++)
+ {
+ R = out + inlen - 8;
+ for (i = 0; i < inlen; i += 8, t--, R -= 8)
+ {
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
+ }
+ memcpy(B + 8, R, 8);
+ AES_decrypt(B, B, key);
+ memcpy(R, B + 8, 8);
+ }
+ }
+ if (!iv)
+ iv = default_iv;
+ if (memcmp(A, iv, 8))
+ {
+ OPENSSL_cleanse(out, inlen);
+ return 0;
+ }
+ return inlen;
+ }
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+ const unsigned char *iv,
+ const unsigned char *eout,
+ const unsigned char *key, int keylen)
+ {
+ unsigned char *otmp = NULL, *ptmp = NULL;
+ int r, ret = 0;
+ AES_KEY wctx;
+ otmp = OPENSSL_malloc(keylen + 8);
+ ptmp = OPENSSL_malloc(keylen);
+ if (!otmp || !ptmp)
+ return 0;
+ if (AES_set_encrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+ if (r <= 0)
+ goto err;
+
+ if (eout && memcmp(eout, otmp, keylen))
+ goto err;
+
+ if (AES_set_decrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+ if (memcmp(key, ptmp, keylen))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (otmp)
+ OPENSSL_free(otmp);
+ if (ptmp)
+ OPENSSL_free(ptmp);
+
+ return ret;
+
+ }
+
+
+
+int main(int argc, char **argv)
+{
+
+static const unsigned char kek[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const unsigned char key[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+static const unsigned char e1[] = {
+ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+};
+
+static const unsigned char e2[] = {
+ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+};
+
+static const unsigned char e3[] = {
+ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+};
+
+static const unsigned char e4[] = {
+ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+};
+
+static const unsigned char e5[] = {
+ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+};
+
+static const unsigned char e6[] = {
+ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+};
+
+ AES_KEY wctx, xctx;
+ int ret;
+ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+ fprintf(stderr, "Key test result %d\n", ret);
+}
+
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1533 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 3.6.
+#
+# You might fail to appreciate this module performance from the first
+# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
+# to be *the* best Intel C compiler without -KPIC, performance appears
+# to be virtually identical... But try to re-configure with shared
+# library support... Aha! Intel compiler "suddenly" lags behind by 30%
+# [on P4, more on others]:-) And if compared to position-independent
+# code generated by GNU C, this code performs *more* than *twice* as
+# fast! Yes, all this buzz about PIC means that unlike other hand-
+# coded implementations, this one was explicitly designed to be safe
+# to use even in shared library context... This also means that this
+# code isn't necessarily absolutely fastest "ever," because in order
+# to achieve position independence an extra register has to be
+# off-loaded to stack, which affects the benchmark result.
+#
+# Special note about instruction choice. Do you recall RC4_INT code
+# performing poorly on P4? It might be the time to figure out why.
+# RC4_INT code implies effective address calculations in base+offset*4
+# form. Trouble is that it seems that offset scaling turned to be
+# critical path... At least eliminating scaling resulted in 2.8x RC4
+# performance improvement [as you might recall]. As AES code is hungry
+# for scaling too, I [try to] avoid the latter by favoring off-by-2
+# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
+#
+# As was shown by Dean Gaudet <dean at arctic.org>, the above note turned
+# void. Performance improvement with off-by-2 shifts was observed on
+# intermediate implementation, which was spilling yet another register
+# to stack... Final offset*4 code below runs just a tad faster on P4,
+# but exhibits up to 10% improvement on other cores.
+#
+# Second version is "monolithic" replacement for aes_core.c, which in
+# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
+# This made it possible to implement little-endian variant of the
+# algorithm without modifying the base C code. Motivating factor for
+# the undertaken effort was that it appeared that in tight IA-32
+# register window little-endian flavor could achieve slightly higher
+# Instruction Level Parallelism, and it indeed resulted in up to 15%
+# better performance on most recent \xB5-archs...
+#
+# Third version adds AES_cbc_encrypt implementation, which resulted in
+# up to 40% performance imrovement of CBC benchmark results. 40% was
+# observed on P4 core, where "overall" imrovement coefficient, i.e. if
+# compared to PIC generated by GCC and in CBC mode, was observed to be
+# as large as 4x:-) CBC performance is virtually identical to ECB now
+# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
+# Opteron, because certain function prologues and epilogues are
+# effectively taken out of the loop...
+#
+# Version 3.2 implements compressed tables and prefetch of these tables
+# in CBC[!] mode. Former means that 3/4 of table references are now
+# misaligned, which unfortunately has negative impact on elder IA-32
+# implementations, Pentium suffered 30% penalty, PIII - 10%.
+#
+# Version 3.3 avoids L1 cache aliasing between stack frame and
+# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
+# latter is achieved by copying the key schedule to controlled place in
+# stack. This unfortunately has rather strong impact on small block CBC
+# performance, ~2x deterioration on 16-byte block if compared to 3.3.
+#
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
+# Current ECB performance numbers for 128-bit key in CPU cycles per
+# processed byte [measure commonly used by AES benchmarkers] are:
+#
+# small footprint fully unrolled
+# P4 24 22
+# AMD K8 20 19
+# PIII 25 23
+# Pentium 81 78
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
+
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="edi";
+$acc="esi";
+
+$compromise=0; # $compromise=128 abstains from copying key
+ # schedule to stack when encrypting inputs
+ # shorter than 128 bytes at the cost of
+ # risksing aliasing with S-boxes. In return
+ # you get way better, up to +70%, small block
+ # performance.
+$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
+ # recent \xB5-archs], but ~5 times smaller!
+ # I favor compact code to minimize cache
+ # contention and in hope to "collect" 5% back
+ # in real-life applications...
+$vertical_spin=0; # shift "verticaly" defaults to 0, because of
+ # its proof-of-concept status...
+
+# Note that there is no decvert(), as well as last encryption round is
+# performed with "horizontal" shifts. This is because this "vertical"
+# implementation [one which groups shifts on a given $s[i] to form a
+# "column," unlike "horizontal" one, which groups shifts on different
+# $s[i] to form a "row"] is work in progress. It was observed to run
+# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
+# whole 12% slower:-( So we face a trade-off... Shall it be resolved
+# some day? Till then the code is considered experimental and by
+# default remains dormant...
+
+sub encvert()
+{ my ($te, at s) = @_;
+ my $v0 = $acc, $v1 = $key;
+
+ &mov ($v0,$s[3]); # copy s3
+ &mov (&DWP(4,"esp"),$s[2]); # save s2
+ &mov ($v1,$s[0]); # copy s0
+ &mov (&DWP(8,"esp"),$s[1]); # save s1
+
+ &movz ($s[2],&HB($s[0]));
+ &and ($s[0],0xFF);
+ &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0
+ &shr ($v1,16);
+ &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8
+ &movz ($s[1],&HB($v1));
+ &and ($v1,0xFF);
+ &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16
+ &mov ($v1,$v0);
+ &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24
+
+ &and ($v0,0xFF);
+ &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0
+ &movz ($v0,&HB($v1));
+ &shr ($v1,16);
+ &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8
+ &movz ($v0,&HB($v1));
+ &and ($v1,0xFF);
+ &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16
+ &mov ($v1,&DWP(4,"esp")); # restore s2
+ &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24
+
+ &mov ($v0,$v1);
+ &and ($v1,0xFF);
+ &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0
+ &movz ($v1,&HB($v0));
+ &shr ($v0,16);
+ &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8
+ &movz ($v1,&HB($v0));
+ &and ($v0,0xFF);
+ &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16
+ &mov ($v0,&DWP(8,"esp")); # restore s1
+ &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24
+
+ &mov ($v1,$v0);
+ &and ($v0,0xFF);
+ &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0
+ &movz ($v0,&HB($v1));
+ &shr ($v1,16);
+ &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8
+ &movz ($v0,&HB($v1));
+ &and ($v1,0xFF);
+ &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16
+ &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key
+ &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24
+}
+
+sub encstep()
+{ my ($i,$te, at s) = @_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ # lines marked with #%e?x[i] denote "reordered" instructions...
+ if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
+ else { &mov ($out,$s[0]);
+ &and ($out,0xFF); }
+ if ($i==1) { &shr ($s[0],16); }#%ebx[1]
+ if ($i==2) { &shr ($s[0],24); }#%ecx[2]
+ &mov ($out,&DWP(0,$te,$out,8));
+
+ if ($i==3) { $tmp=$s[1]; }##%eax
+ &movz ($tmp,&HB($s[1]));
+ &xor ($out,&DWP(3,$te,$tmp,8));
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+ else { &mov ($tmp,$s[2]);
+ &shr ($tmp,16); }
+ if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
+ &and ($tmp,0xFF);
+ &xor ($out,&DWP(2,$te,$tmp,8));
+
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+ elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
+ else { &mov ($tmp,$s[3]);
+ &shr ($tmp,24) }
+ &xor ($out,&DWP(1,$te,$tmp,8));
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],$acc); }
+ &comment();
+}
+
+sub enclast()
+{ my ($i,$te, at s)=@_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
+ else { &mov ($out,$s[0]); }
+ &and ($out,0xFF);
+ if ($i==1) { &shr ($s[0],16); }#%ebx[1]
+ if ($i==2) { &shr ($s[0],24); }#%ecx[2]
+ &mov ($out,&DWP(2,$te,$out,8));
+ &and ($out,0x000000ff);
+
+ if ($i==3) { $tmp=$s[1]; }##%eax
+ &movz ($tmp,&HB($s[1]));
+ &mov ($tmp,&DWP(0,$te,$tmp,8));
+ &and ($tmp,0x0000ff00);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+ else { mov ($tmp,$s[2]);
+ &shr ($tmp,16); }
+ if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
+ &and ($tmp,0xFF);
+ &mov ($tmp,&DWP(0,$te,$tmp,8));
+ &and ($tmp,0x00ff0000);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+ elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
+ else { &mov ($tmp,$s[3]);
+ &shr ($tmp,24); }
+ &mov ($tmp,&DWP(2,$te,$tmp,8));
+ &and ($tmp,0xff000000);
+ &xor ($out,$tmp);
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],$acc); }
+}
+
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
+&public_label("AES_Te");
+&function_begin_B("_x86_AES_encrypt");
+ if ($vertical_spin) {
+ # I need high parts of volatile registers to be accessible...
+ &exch ($s1="edi",$key="ebx");
+ &mov ($s2="esi",$acc="ecx");
+ }
+
+ # note that caller is expected to allocate stack frame for me!
+ &mov (&DWP(12,"esp"),$key); # save key
+
+ &xor ($s0,&DWP(0,$key)); # xor with key
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+
+ if ($small_footprint) {
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov (&DWP(16,"esp"),$acc); # end of key schedule
+ &align (4);
+ &set_label("loop");
+ if ($vertical_spin) {
+ &encvert("ebp",$s0,$s1,$s2,$s3);
+ } else {
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ }
+ &add ($key,16); # advance rd_key
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+ &cmp ($key,&DWP(16,"esp"));
+ &mov (&DWP(12,"esp"),$key);
+ &jb (&label("loop"));
+ }
+ else {
+ &cmp ($acc,10);
+ &jle (&label("10rounds"));
+ &cmp ($acc,12);
+ &jle (&label("12rounds"));
+
+ &set_label("14rounds");
+ for ($i=1;$i<3;$i++) {
+ if ($vertical_spin) {
+ &encvert("ebp",$s0,$s1,$s2,$s3);
+ } else {
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ }
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ &add ($key,32);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("12rounds");
+ for ($i=1;$i<3;$i++) {
+ if ($vertical_spin) {
+ &encvert("ebp",$s0,$s1,$s2,$s3);
+ } else {
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ }
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ &add ($key,32);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("10rounds");
+ for ($i=1;$i<10;$i++) {
+ if ($vertical_spin) {
+ &encvert("ebp",$s0,$s1,$s2,$s3);
+ } else {
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ }
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ }
+
+ if ($vertical_spin) {
+ # "reincarnate" some registers for "horizontal" spin...
+ &mov ($s1="ebx",$key="edi");
+ &mov ($s2="ecx",$acc="esi");
+ }
+ &enclast(0,"ebp",$s0,$s1,$s2,$s3);
+ &enclast(1,"ebp",$s1,$s2,$s3,$s0);
+ &enclast(2,"ebp",$s2,$s3,$s0,$s1);
+ &enclast(3,"ebp",$s3,$s0,$s1,$s2);
+
+ &add ($key,$small_footprint?16:160);
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &ret ();
+
+&set_label("AES_Te",64); # Yes! I keep it in the code segment!
+ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+ &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+ &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+ &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+ &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+ &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+ &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+ &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+ &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+ &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+ &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+ &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+ &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+ &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+ &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+ &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+ &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+ &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+ &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+ &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+ &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+ &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+ &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+ &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+ &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+ &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+ &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+ &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+ &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+ &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+ &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+ &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+ &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+ &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+ &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+ &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+ &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+ &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+ &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+ &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+ &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+ &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+ &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+ &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+ &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+ &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+ &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+ &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+ &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+ &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+ &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+ &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+ &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+ &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+ &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+ &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+ &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+ &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+ &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+ &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+ &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+ &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+ &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#rcon:
+ &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
+ &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+ &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);
+&function_end_B("_x86_AES_encrypt");
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Te");
+&function_begin("AES_encrypt");
+ &mov ($acc,&wparam(0)); # load inp
+ &mov ($key,&wparam(2)); # load key
+
+ &mov ($s0,"esp");
+ &sub ("esp",24);
+ &and ("esp",-64);
+ &add ("esp",4);
+ &mov (&DWP(16,"esp"),$s0);
+
+ &call (&label("pic_point")); # make it PIC!
+ &set_label("pic_point");
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ &mov ($s0,&DWP(0,$acc)); # load input data
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &call ("_x86_AES_encrypt");
+
+ &mov ("esp",&DWP(16,"esp"));
+
+ &mov ($acc,&wparam(1)); # load out
+ &mov (&DWP(0,$acc),$s0); # write output data
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+&function_end("AES_encrypt");
+
+#------------------------------------------------------------------#
+
+sub decstep()
+{ my ($i,$td, at s) = @_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ # no instructions are reordered, as performance appears
+ # optimal... or rather that all attempts to reorder didn't
+ # result in better performance [which by the way is not a
+ # bit lower than ecryption].
+ if($i==3) { &mov ($key,&DWP(12,"esp")); }
+ else { &mov ($out,$s[0]); }
+ &and ($out,0xFF);
+ &mov ($out,&DWP(0,$td,$out,8));
+
+ if ($i==3) { $tmp=$s[1]; }
+ &movz ($tmp,&HB($s[1]));
+ &xor ($out,&DWP(3,$td,$tmp,8));
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
+ else { &mov ($tmp,$s[2]); }
+ &shr ($tmp,16);
+ &and ($tmp,0xFF);
+ &xor ($out,&DWP(2,$td,$tmp,8));
+
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+ else { &mov ($tmp,$s[3]); }
+ &shr ($tmp,24);
+ &xor ($out,&DWP(1,$td,$tmp,8));
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
+ &comment();
+}
+
+sub declast()
+{ my ($i,$td, at s)=@_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ if($i==3) { &mov ($key,&DWP(12,"esp")); }
+ else { &mov ($out,$s[0]); }
+ &and ($out,0xFF);
+ &movz ($out,&BP(2048,$td,$out,1));
+
+ if ($i==3) { $tmp=$s[1]; }
+ &movz ($tmp,&HB($s[1]));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
+ &shl ($tmp,8);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
+ else { mov ($tmp,$s[2]); }
+ &shr ($tmp,16);
+ &and ($tmp,0xFF);
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
+ &shl ($tmp,16);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+ else { &mov ($tmp,$s[3]); }
+ &shr ($tmp,24);
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
+ &shl ($tmp,24);
+ &xor ($out,$tmp);
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
+}
+
+&public_label("AES_Td");
+&function_begin_B("_x86_AES_decrypt");
+ # note that caller is expected to allocate stack frame for me!
+ &mov (&DWP(12,"esp"),$key); # save key
+
+ &xor ($s0,&DWP(0,$key)); # xor with key
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+
+ if ($small_footprint) {
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov (&DWP(16,"esp"),$acc); # end of key schedule
+ &align (4);
+ &set_label("loop");
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &add ($key,16); # advance rd_key
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+ &cmp ($key,&DWP(16,"esp"));
+ &mov (&DWP(12,"esp"),$key);
+ &jb (&label("loop"));
+ }
+ else {
+ &cmp ($acc,10);
+ &jle (&label("10rounds"));
+ &cmp ($acc,12);
+ &jle (&label("12rounds"));
+
+ &set_label("14rounds");
+ for ($i=1;$i<3;$i++) {
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ &add ($key,32);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("12rounds");
+ for ($i=1;$i<3;$i++) {
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ &add ($key,32);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("10rounds");
+ for ($i=1;$i<10;$i++) {
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &xor ($s0,&DWP(16*$i+0,$key));
+ &xor ($s1,&DWP(16*$i+4,$key));
+ &xor ($s2,&DWP(16*$i+8,$key));
+ &xor ($s3,&DWP(16*$i+12,$key));
+ }
+ }
+
+ &declast(0,"ebp",$s0,$s3,$s2,$s1);
+ &declast(1,"ebp",$s1,$s0,$s3,$s2);
+ &declast(2,"ebp",$s2,$s1,$s0,$s3);
+ &declast(3,"ebp",$s3,$s2,$s1,$s0);
+
+ &add ($key,$small_footprint?16:160);
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &ret ();
+
+&set_label("AES_Td",64); # Yes! I keep it in the code segment!
+ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+ &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+ &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+ &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+ &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+ &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+ &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+ &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+ &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+ &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+ &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+ &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+ &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+ &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+ &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+ &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+ &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+ &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+ &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+ &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+ &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+ &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+ &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+ &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+ &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+ &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+ &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+ &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+ &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+ &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+ &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+ &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+ &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+ &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+ &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+ &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+ &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+ &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+ &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+ &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+ &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+ &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+ &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+ &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+ &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+ &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+ &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+ &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+ &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+ &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+ &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+ &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+ &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+ &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+ &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+ &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+ &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+ &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+ &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+ &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+ &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+ &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+ &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+#Td4:
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+&function_end_B("_x86_AES_decrypt");
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Td");
+&function_begin("AES_decrypt");
+ &mov ($acc,&wparam(0)); # load inp
+ &mov ($key,&wparam(2)); # load key
+
+ &mov ($s0,"esp");
+ &sub ("esp",24);
+ &and ("esp",-64);
+ &add ("esp",4);
+ &mov (&DWP(16,"esp"),$s0);
+
+ &call (&label("pic_point")); # make it PIC!
+ &set_label("pic_point");
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+ # prefetch Td4
+ &lea ("ebp",&DWP(2048+128,"ebp"));
+ &mov ($s0,&DWP(0-128,"ebp"));
+ &mov ($s1,&DWP(32-128,"ebp"));
+ &mov ($s2,&DWP(64-128,"ebp"));
+ &mov ($s3,&DWP(96-128,"ebp"));
+ &mov ($s0,&DWP(128-128,"ebp"));
+ &mov ($s1,&DWP(160-128,"ebp"));
+ &mov ($s2,&DWP(192-128,"ebp"));
+ &mov ($s3,&DWP(224-128,"ebp"));
+ &lea ("ebp",&DWP(-2048-128,"ebp"));
+
+ &mov ($s0,&DWP(0,$acc)); # load input data
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &call ("_x86_AES_decrypt");
+
+ &mov ("esp",&DWP(16,"esp"));
+
+ &mov ($acc,&wparam(1)); # load out
+ &mov (&DWP(0,$acc),$s0); # write output data
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+&function_end("AES_decrypt");
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -4(%esp) 0(%esp) return address
+# 0(%esp) 4(%esp) tmp1
+# 4(%esp) 8(%esp) tmp2
+# 8(%esp) 12(%esp) key
+# 12(%esp) 16(%esp) end of key schedule
+my $_esp=&DWP(16,"esp"); #saved %esp
+my $_inp=&DWP(20,"esp"); #copy of wparam(0)
+my $_out=&DWP(24,"esp"); #copy of wparam(1)
+my $_len=&DWP(28,"esp"); #copy of wparam(2)
+my $_key=&DWP(32,"esp"); #copy of wparam(3)
+my $_ivp=&DWP(36,"esp"); #copy of wparam(4)
+my $_tmp=&DWP(40,"esp"); #volatile variable
+my $ivec=&DWP(44,"esp"); #ivec[16]
+my $aes_key=&DWP(60,"esp"); #copy of aes_key
+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
+
+&public_label("AES_Te");
+&public_label("AES_Td");
+&function_begin("AES_cbc_encrypt");
+ &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len
+ &cmp ($s2,0);
+ &je (&label("enc_out"));
+
+ &call (&label("pic_point")); # make it PIC!
+ &set_label("pic_point");
+ &blindpop("ebp");
+
+ &pushf ();
+ &cld ();
+
+ &cmp (&wparam(5),0);
+ &je (&label("DECRYPT"));
+
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ # allocate aligned stack frame...
+ &lea ($key,&DWP(-64-244,"esp"));
+ &and ($key,-64);
+
+ # ... and make sure it doesn't alias with AES_Te modulo 4096
+ &mov ($s0,"ebp");
+ &lea ($s1,&DWP(2048,"ebp"));
+ &mov ($s3,$key);
+ &and ($s0,0xfff); # s = %ebp&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048)&0xfff
+ &and ($s3,0xfff); # p = %esp&0xfff
+
+ &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
+ &jb (&label("te_break_out"));
+ &sub ($s3,$s1);
+ &sub ($key,$s3);
+ &jmp (&label("te_ok"));
+ &set_label("te_break_out"); # else %esp -= (p-s)&0xfff + framesz;
+ &sub ($s3,$s0);
+ &and ($s3,0xfff);
+ &add ($s3,64+256);
+ &sub ($key,$s3);
+ &align (4);
+ &set_label("te_ok");
+
+ &mov ($s0,&wparam(0)); # load inp
+ &mov ($s1,&wparam(1)); # load out
+ &mov ($s3,&wparam(3)); # load key
+ &mov ($acc,&wparam(4)); # load ivp
+
+ &exch ("esp",$key);
+ &add ("esp",4); # reserve for return address!
+ &mov ($_esp,$key); # save %esp
+
+ &mov ($_inp,$s0); # save copy of inp
+ &mov ($_out,$s1); # save copy of out
+ &mov ($_len,$s2); # save copy of len
+ &mov ($_key,$s3); # save copy of key
+ &mov ($_ivp,$acc); # save copy of ivp
+
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
+ if ($compromise) {
+ &cmp ($s2,$compromise);
+ &jb (&label("skip_ecopy"));
+ }
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,"ebp");
+ &mov ("esi",$s3);
+ &and ($s1,0xfff);
+ &lea ("edi",$aes_key);
+ &cmp ($s1,2048);
+ &jb (&label("do_ecopy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_ecopy"));
+ &align (4);
+ &set_label("do_ecopy");
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_ecopy");
+
+ &mov ($acc,$s0);
+ &mov ($key,16);
+ &align (4);
+ &set_label("prefetch_te");
+ &mov ($s0,&DWP(0,"ebp"));
+ &mov ($s1,&DWP(32,"ebp"));
+ &mov ($s2,&DWP(64,"ebp"));
+ &mov ($s3,&DWP(96,"ebp"));
+ &lea ("ebp",&DWP(128,"ebp"));
+ &dec ($key);
+ &jnz (&label("prefetch_te"));
+ &sub ("ebp",2048);
+
+ &mov ($s2,$_len);
+ &mov ($key,$_ivp);
+ &test ($s2,0xFFFFFFF0);
+ &jz (&label("enc_tail")); # short input...
+
+ &mov ($s0,&DWP(0,$key)); # load iv
+ &mov ($s1,&DWP(4,$key));
+
+ &align (4);
+ &set_label("enc_loop");
+ &mov ($s2,&DWP(8,$key));
+ &mov ($s3,&DWP(12,$key));
+
+ &xor ($s0,&DWP(0,$acc)); # xor input data
+ &xor ($s1,&DWP(4,$acc));
+ &xor ($s2,&DWP(8,$acc));
+ &xor ($s3,&DWP(12,$acc));
+
+ &mov ($key,$_key); # load key
+ &call ("_x86_AES_encrypt");
+
+ &mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
+
+ &mov (&DWP(0,$key),$s0); # save output data
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($s2,$_len); # load len
+
+ &lea ($acc,&DWP(16,$acc));
+ &mov ($_inp,$acc); # save inp
+
+ &lea ($s3,&DWP(16,$key));
+ &mov ($_out,$s3); # save out
+
+ &sub ($s2,16);
+ &test ($s2,0xFFFFFFF0);
+ &mov ($_len,$s2); # save len
+ &jnz (&label("enc_loop"));
+ &test ($s2,15);
+ &jnz (&label("enc_tail"));
+ &mov ($acc,$_ivp); # load ivp
+ &mov ($s2,&DWP(8,$key)); # restore last dwords
+ &mov ($s3,&DWP(12,$key));
+ &mov (&DWP(0,$acc),$s0); # save ivec
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+
+ &cmp ($mark,0); # was the key schedule copied?
+ &mov ("edi",$_key);
+ &je (&label("skip_ezero"));
+ # zero copy of key schedule
+ &mov ("ecx",240/4);
+ &xor ("eax","eax");
+ &align (4);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_ezero")
+ &mov ("esp",$_esp);
+ &popf ();
+ &set_label("enc_out");
+ &function_end_A();
+ &pushf (); # kludge, never executed
+
+ &align (4);
+ &set_label("enc_tail");
+ &mov ($s0,$key eq "edi" ? $key : "");
+ &mov ($key,$_out); # load out
+ &push ($s0); # push ivp
+ &mov ($s1,16);
+ &sub ($s1,$s2);
+ &cmp ($key,$acc); # compare with inp
+ &je (&label("enc_in_place"));
+ &align (4);
+ &data_word(0xA4F3F689); # rep movsb # copy input
+ &jmp (&label("enc_skip_in_place"));
+ &set_label("enc_in_place");
+ &lea ($key,&DWP(0,$key,$s2));
+ &set_label("enc_skip_in_place");
+ &mov ($s2,$s1);
+ &xor ($s0,$s0);
+ &align (4);
+ &data_word(0xAAF3F689); # rep stosb # zero tail
+ &pop ($key); # pop ivp
+
+ &mov ($acc,$_out); # output as input
+ &mov ($s0,&DWP(0,$key));
+ &mov ($s1,&DWP(4,$key));
+ &mov ($_len,16); # len=16
+ &jmp (&label("enc_loop")); # one more spin...
+
+#----------------------------- DECRYPT -----------------------------#
+&align (4);
+&set_label("DECRYPT");
+ &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+ # allocate aligned stack frame...
+ &lea ($key,&DWP(-64-244,"esp"));
+ &and ($key,-64);
+
+ # ... and make sure it doesn't alias with AES_Td modulo 4096
+ &mov ($s0,"ebp");
+ &lea ($s1,&DWP(2048+256,"ebp"));
+ &mov ($s3,$key);
+ &and ($s0,0xfff); # s = %ebp&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
+ &and ($s3,0xfff); # p = %esp&0xfff
+
+ &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
+ &jb (&label("td_break_out"));
+ &sub ($s3,$s1);
+ &sub ($key,$s3);
+ &jmp (&label("td_ok"));
+ &set_label("td_break_out"); # else %esp -= (p-s)&0xfff + framesz;
+ &sub ($s3,$s0);
+ &and ($s3,0xfff);
+ &add ($s3,64+256);
+ &sub ($key,$s3);
+ &align (4);
+ &set_label("td_ok");
+
+ &mov ($s0,&wparam(0)); # load inp
+ &mov ($s1,&wparam(1)); # load out
+ &mov ($s3,&wparam(3)); # load key
+ &mov ($acc,&wparam(4)); # load ivp
+
+ &exch ("esp",$key);
+ &add ("esp",4); # reserve for return address!
+ &mov ($_esp,$key); # save %esp
+
+ &mov ($_inp,$s0); # save copy of inp
+ &mov ($_out,$s1); # save copy of out
+ &mov ($_len,$s2); # save copy of len
+ &mov ($_key,$s3); # save copy of key
+ &mov ($_ivp,$acc); # save copy of ivp
+
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
+ if ($compromise) {
+ &cmp ($s2,$compromise);
+ &jb (&label("skip_dcopy"));
+ }
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,"ebp");
+ &mov ("esi",$s3);
+ &and ($s1,0xfff);
+ &lea ("edi",$aes_key);
+ &cmp ($s1,2048+256);
+ &jb (&label("do_dcopy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_dcopy"));
+ &align (4);
+ &set_label("do_dcopy");
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_dcopy");
+
+ &mov ($acc,$s0);
+ &mov ($key,18);
+ &align (4);
+ &set_label("prefetch_td");
+ &mov ($s0,&DWP(0,"ebp"));
+ &mov ($s1,&DWP(32,"ebp"));
+ &mov ($s2,&DWP(64,"ebp"));
+ &mov ($s3,&DWP(96,"ebp"));
+ &lea ("ebp",&DWP(128,"ebp"));
+ &dec ($key);
+ &jnz (&label("prefetch_td"));
+ &sub ("ebp",2048+256);
+
+ &cmp ($acc,$_out);
+ &je (&label("dec_in_place")); # in-place processing...
+
+ &mov ($key,$_ivp); # load ivp
+ &mov ($_tmp,$key);
+
+ &align (4);
+ &set_label("dec_loop");
+ &mov ($s0,&DWP(0,$acc)); # read input
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &mov ($key,$_key); # load key
+ &call ("_x86_AES_decrypt");
+
+ &mov ($key,$_tmp); # load ivp
+ &mov ($acc,$_len); # load len
+ &xor ($s0,&DWP(0,$key)); # xor iv
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &sub ($acc,16);
+ &jc (&label("dec_partial"));
+ &mov ($_len,$acc); # save len
+ &mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
+
+ &mov (&DWP(0,$key),$s0); # write output
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($_tmp,$acc); # save ivp
+ &lea ($acc,&DWP(16,$acc));
+ &mov ($_inp,$acc); # save inp
+
+ &lea ($key,&DWP(16,$key));
+ &mov ($_out,$key); # save out
+
+ &jnz (&label("dec_loop"));
+ &mov ($key,$_tmp); # load temp ivp
+ &set_label("dec_end");
+ &mov ($acc,$_ivp); # load user ivp
+ &mov ($s0,&DWP(0,$key)); # load iv
+ &mov ($s1,&DWP(4,$key));
+ &mov ($s2,&DWP(8,$key));
+ &mov ($s3,&DWP(12,$key));
+ &mov (&DWP(0,$acc),$s0); # copy back to user
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+ &jmp (&label("dec_out"));
+
+ &align (4);
+ &set_label("dec_partial");
+ &lea ($key,$ivec);
+ &mov (&DWP(0,$key),$s0); # dump output to stack
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+ &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
+ &mov ($acc eq "esi" ? $acc : "",$key);
+ &mov ($key eq "edi" ? $key : "",$_out); # load out
+ &data_word(0xA4F3F689); # rep movsb # copy output
+ &mov ($key,$_inp); # use inp as temp ivp
+ &jmp (&label("dec_end"));
+
+ &align (4);
+ &set_label("dec_in_place");
+ &set_label("dec_in_place_loop");
+ &lea ($key,$ivec);
+ &mov ($s0,&DWP(0,$acc)); # read input
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &mov (&DWP(0,$key),$s0); # copy to temp
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($key,$_key); # load key
+ &call ("_x86_AES_decrypt");
+
+ &mov ($key,$_ivp); # load ivp
+ &mov ($acc,$_out); # load out
+ &xor ($s0,&DWP(0,$key)); # xor iv
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &mov (&DWP(0,$acc),$s0); # write output
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+
+ &lea ($acc,&DWP(16,$acc));
+ &mov ($_out,$acc); # save out
+
+ &lea ($acc,$ivec);
+ &mov ($s0,&DWP(0,$acc)); # read temp
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &mov (&DWP(0,$key),$s0); # copy iv
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($acc,$_inp); # load inp
+
+ &lea ($acc,&DWP(16,$acc));
+ &mov ($_inp,$acc); # save inp
+
+ &mov ($s2,$_len); # load len
+ &sub ($s2,16);
+ &jc (&label("dec_in_place_partial"));
+ &mov ($_len,$s2); # save len
+ &jnz (&label("dec_in_place_loop"));
+ &jmp (&label("dec_out"));
+
+ &align (4);
+ &set_label("dec_in_place_partial");
+ # one can argue if this is actually required...
+ &mov ($key eq "edi" ? $key : "",$_out);
+ &lea ($acc eq "esi" ? $acc : "",$ivec);
+ &lea ($key,&DWP(0,$key,$s2));
+ &lea ($acc,&DWP(16,$acc,$s2));
+ &neg ($s2 eq "ecx" ? $s2 : "");
+ &data_word(0xA4F3F689); # rep movsb # restore tail
+
+ &align (4);
+ &set_label("dec_out");
+ &cmp ($mark,0); # was the key schedule copied?
+ &mov ("edi",$_key);
+ &je (&label("skip_dzero"));
+ # zero copy of key schedule
+ &mov ("ecx",240/4);
+ &xor ("eax","eax");
+ &align (4);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_dzero")
+ &mov ("esp",$_esp);
+ &popf ();
+&function_end("AES_cbc_encrypt");
+}
+
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+ &movz ("esi",&LB("edx")); # rk[i]>>0
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
+ &movz ("esi",&HB("edx")); # rk[i]>>8
+ &and ("ebx",0xFF000000);
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
+ &shr ("edx",16);
+ &and ("ebx",0x000000FF);
+ &movz ("esi",&LB("edx")); # rk[i]>>16
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
+ &movz ("esi",&HB("edx")); # rk[i]>>24
+ &and ("ebx",0x0000FF00);
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
+ &and ("ebx",0x00FF0000);
+ &xor ("eax","ebx");
+
+ &xor ("eax",&DWP(2048,"ebp","ecx",4)); # rcon
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+&public_label("AES_Te");
+&function_begin("AES_set_encrypt_key");
+ &mov ("esi",&wparam(0)); # user supplied key
+ &mov ("edi",&wparam(2)); # private key schedule
+
+ &test ("esi",-1);
+ &jz (&label("badpointer"));
+ &test ("edi",-1);
+ &jz (&label("badpointer"));
+
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ &mov ("ecx",&wparam(1)); # number of bits in key
+ &cmp ("ecx",128);
+ &je (&label("10rounds"));
+ &cmp ("ecx",192);
+ &je (&label("12rounds"));
+ &cmp ("ecx",256);
+ &je (&label("14rounds"));
+ &mov ("eax",-2); # invalid number of bits
+ &jmp (&label("exit"));
+
+ &set_label("10rounds");
+ &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords
+ &mov ("ebx",&DWP(4,"esi"));
+ &mov ("ecx",&DWP(8,"esi"));
+ &mov ("edx",&DWP(12,"esi"));
+ &mov (&DWP(0,"edi"),"eax");
+ &mov (&DWP(4,"edi"),"ebx");
+ &mov (&DWP(8,"edi"),"ecx");
+ &mov (&DWP(12,"edi"),"edx");
+
+ &xor ("ecx","ecx");
+ &jmp (&label("10shortcut"));
+
+ &align (4);
+ &set_label("10loop");
+ &mov ("eax",&DWP(0,"edi")); # rk[0]
+ &mov ("edx",&DWP(12,"edi")); # rk[3]
+ &set_label("10shortcut");
+ &enckey ();
+
+ &mov (&DWP(16,"edi"),"eax"); # rk[4]
+ &xor ("eax",&DWP(4,"edi"));
+ &mov (&DWP(20,"edi"),"eax"); # rk[5]
+ &xor ("eax",&DWP(8,"edi"));
+ &mov (&DWP(24,"edi"),"eax"); # rk[6]
+ &xor ("eax",&DWP(12,"edi"));
+ &mov (&DWP(28,"edi"),"eax"); # rk[7]
+ &inc ("ecx");
+ &add ("edi",16);
+ &cmp ("ecx",10);
+ &jl (&label("10loop"));
+
+ &mov (&DWP(80,"edi"),10); # setup number of rounds
+ &xor ("eax","eax");
+ &jmp (&label("exit"));
+
+ &set_label("12rounds");
+ &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords
+ &mov ("ebx",&DWP(4,"esi"));
+ &mov ("ecx",&DWP(8,"esi"));
+ &mov ("edx",&DWP(12,"esi"));
+ &mov (&DWP(0,"edi"),"eax");
+ &mov (&DWP(4,"edi"),"ebx");
+ &mov (&DWP(8,"edi"),"ecx");
+ &mov (&DWP(12,"edi"),"edx");
+ &mov ("ecx",&DWP(16,"esi"));
+ &mov ("edx",&DWP(20,"esi"));
+ &mov (&DWP(16,"edi"),"ecx");
+ &mov (&DWP(20,"edi"),"edx");
+
+ &xor ("ecx","ecx");
+ &jmp (&label("12shortcut"));
+
+ &align (4);
+ &set_label("12loop");
+ &mov ("eax",&DWP(0,"edi")); # rk[0]
+ &mov ("edx",&DWP(20,"edi")); # rk[5]
+ &set_label("12shortcut");
+ &enckey ();
+
+ &mov (&DWP(24,"edi"),"eax"); # rk[6]
+ &xor ("eax",&DWP(4,"edi"));
+ &mov (&DWP(28,"edi"),"eax"); # rk[7]
+ &xor ("eax",&DWP(8,"edi"));
+ &mov (&DWP(32,"edi"),"eax"); # rk[8]
+ &xor ("eax",&DWP(12,"edi"));
+ &mov (&DWP(36,"edi"),"eax"); # rk[9]
+
+ &cmp ("ecx",7);
+ &je (&label("12break"));
+ &inc ("ecx");
+
+ &xor ("eax",&DWP(16,"edi"));
+ &mov (&DWP(40,"edi"),"eax"); # rk[10]
+ &xor ("eax",&DWP(20,"edi"));
+ &mov (&DWP(44,"edi"),"eax"); # rk[11]
+
+ &add ("edi",24);
+ &jmp (&label("12loop"));
+
+ &set_label("12break");
+ &mov (&DWP(72,"edi"),12); # setup number of rounds
+ &xor ("eax","eax");
+ &jmp (&label("exit"));
+
+ &set_label("14rounds");
+ &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords
+ &mov ("ebx",&DWP(4,"esi"));
+ &mov ("ecx",&DWP(8,"esi"));
+ &mov ("edx",&DWP(12,"esi"));
+ &mov (&DWP(0,"edi"),"eax");
+ &mov (&DWP(4,"edi"),"ebx");
+ &mov (&DWP(8,"edi"),"ecx");
+ &mov (&DWP(12,"edi"),"edx");
+ &mov ("eax",&DWP(16,"esi"));
+ &mov ("ebx",&DWP(20,"esi"));
+ &mov ("ecx",&DWP(24,"esi"));
+ &mov ("edx",&DWP(28,"esi"));
+ &mov (&DWP(16,"edi"),"eax");
+ &mov (&DWP(20,"edi"),"ebx");
+ &mov (&DWP(24,"edi"),"ecx");
+ &mov (&DWP(28,"edi"),"edx");
+
+ &xor ("ecx","ecx");
+ &jmp (&label("14shortcut"));
+
+ &align (4);
+ &set_label("14loop");
+ &mov ("edx",&DWP(28,"edi")); # rk[7]
+ &set_label("14shortcut");
+ &mov ("eax",&DWP(0,"edi")); # rk[0]
+
+ &enckey ();
+
+ &mov (&DWP(32,"edi"),"eax"); # rk[8]
+ &xor ("eax",&DWP(4,"edi"));
+ &mov (&DWP(36,"edi"),"eax"); # rk[9]
+ &xor ("eax",&DWP(8,"edi"));
+ &mov (&DWP(40,"edi"),"eax"); # rk[10]
+ &xor ("eax",&DWP(12,"edi"));
+ &mov (&DWP(44,"edi"),"eax"); # rk[11]
+
+ &cmp ("ecx",6);
+ &je (&label("14break"));
+ &inc ("ecx");
+
+ &mov ("edx","eax");
+ &mov ("eax",&DWP(16,"edi")); # rk[4]
+ &movz ("esi",&LB("edx")); # rk[11]>>0
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
+ &movz ("esi",&HB("edx")); # rk[11]>>8
+ &and ("ebx",0x000000FF);
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
+ &shr ("edx",16);
+ &and ("ebx",0x0000FF00);
+ &movz ("esi",&LB("edx")); # rk[11]>>16
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
+ &movz ("esi",&HB("edx")); # rk[11]>>24
+ &and ("ebx",0x00FF0000);
+ &xor ("eax","ebx");
+
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
+ &and ("ebx",0xFF000000);
+ &xor ("eax","ebx");
+
+ &mov (&DWP(48,"edi"),"eax"); # rk[12]
+ &xor ("eax",&DWP(20,"edi"));
+ &mov (&DWP(52,"edi"),"eax"); # rk[13]
+ &xor ("eax",&DWP(24,"edi"));
+ &mov (&DWP(56,"edi"),"eax"); # rk[14]
+ &xor ("eax",&DWP(28,"edi"));
+ &mov (&DWP(60,"edi"),"eax"); # rk[15]
+
+ &add ("edi",32);
+ &jmp (&label("14loop"));
+
+ &set_label("14break");
+ &mov (&DWP(48,"edi"),14); # setup number of rounds
+ &xor ("eax","eax");
+ &jmp (&label("exit"));
+
+ &set_label("badpointer");
+ &mov ("eax",-1);
+ &set_label("exit");
+&function_end("AES_set_encrypt_key");
+
+sub deckey()
+{ my ($i,$ptr,$te,$td) = @_;
+
+ &mov ("eax",&DWP($i,$ptr));
+ &mov ("edx","eax");
+ &movz ("ebx",&HB("eax"));
+ &shr ("edx",16);
+ &and ("eax",0xFF);
+ &movz ("eax",&BP(2,$te,"eax",8));
+ &movz ("ebx",&BP(2,$te,"ebx",8));
+ &mov ("eax",&DWP(0,$td,"eax",8));
+ &xor ("eax",&DWP(3,$td,"ebx",8));
+ &movz ("ebx",&HB("edx"));
+ &and ("edx",0xFF);
+ &movz ("edx",&BP(2,$te,"edx",8));
+ &movz ("ebx",&BP(2,$te,"ebx",8));
+ &xor ("eax",&DWP(2,$td,"edx",8));
+ &xor ("eax",&DWP(1,$td,"ebx",8));
+ &mov (&DWP($i,$ptr),"eax");
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+&public_label("AES_Td");
+&public_label("AES_Te");
+&function_begin_B("AES_set_decrypt_key");
+ &mov ("eax",&wparam(0));
+ &mov ("ecx",&wparam(1));
+ &mov ("edx",&wparam(2));
+ &sub ("esp",12);
+ &mov (&DWP(0,"esp"),"eax");
+ &mov (&DWP(4,"esp"),"ecx");
+ &mov (&DWP(8,"esp"),"edx");
+ &call ("AES_set_encrypt_key");
+ &add ("esp",12);
+ &cmp ("eax",0);
+ &je (&label("proceed"));
+ &ret ();
+
+ &set_label("proceed");
+ &push ("ebp");
+ &push ("ebx");
+ &push ("esi");
+ &push ("edi");
+
+ &mov ("esi",&wparam(2));
+ &mov ("ecx",&DWP(240,"esi")); # pull number of rounds
+ &lea ("ecx",&DWP(0,"","ecx",4));
+ &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk
+
+ &align (4);
+ &set_label("invert"); # invert order of chunks
+ &mov ("eax",&DWP(0,"esi"));
+ &mov ("ebx",&DWP(4,"esi"));
+ &mov ("ecx",&DWP(0,"edi"));
+ &mov ("edx",&DWP(4,"edi"));
+ &mov (&DWP(0,"edi"),"eax");
+ &mov (&DWP(4,"edi"),"ebx");
+ &mov (&DWP(0,"esi"),"ecx");
+ &mov (&DWP(4,"esi"),"edx");
+ &mov ("eax",&DWP(8,"esi"));
+ &mov ("ebx",&DWP(12,"esi"));
+ &mov ("ecx",&DWP(8,"edi"));
+ &mov ("edx",&DWP(12,"edi"));
+ &mov (&DWP(8,"edi"),"eax");
+ &mov (&DWP(12,"edi"),"ebx");
+ &mov (&DWP(8,"esi"),"ecx");
+ &mov (&DWP(12,"esi"),"edx");
+ &add ("esi",16);
+ &sub ("edi",16);
+ &cmp ("esi","edi");
+ &jne (&label("invert"));
+
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ blindpop("ebp");
+ &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ &mov ("esi",&wparam(2));
+ &mov ("ecx",&DWP(240,"esi")); # pull number of rounds
+ &dec ("ecx");
+ &align (4);
+ &set_label("permute"); # permute the key schedule
+ &add ("esi",16);
+ &deckey (0,"esi","ebp","edi");
+ &deckey (4,"esi","ebp","edi");
+ &deckey (8,"esi","ebp","edi");
+ &deckey (12,"esi","ebp","edi");
+ &dec ("ecx");
+ &jnz (&label("permute"));
+
+ &xor ("eax","eax"); # return success
+&function_end("AES_set_decrypt_key");
+
+&asm_finish();
Added: vendor-crypto/openssl/dist/crypto/aes/asm/aes-ia64.S
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aes-ia64.S (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aes-ia64.S 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1123 @@
+// ====================================================================
+// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+// project. Rights for redistribution and usage in source and binary
+// forms are granted according to the OpenSSL license.
+// ====================================================================
+//
+// What's wrong with compiler generated code? Compiler never uses
+// variable 'shr' which is pairable with 'extr'/'dep' instructions.
+// Then it uses 'zxt' which is an I-type, but can be replaced with
+// 'and' which in turn can be assigned to M-port [there're double as
+// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
+// registers for small constants (255, 24 and 16) to be used with
+// 'shr' and 'and' instructions I can achieve better ILP, Intruction
+// Level Parallelism, and performance. This code outperforms GCC 3.3
+// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
+// HP C - by 40%. Measured best-case scenario, i.e. aligned
+// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
+// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
+
+// Version 1.2 mitigates the hazard of cache-timing attacks by
+// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
+// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
+// prior last round. As result performance dropped to (26 + 15*rounds)
+// ticks per block or 11 cycles per byte processed with 128-bit key.
+// This is ~16% deterioration. For reference Itanium 2 L1 cache has
+// 64 bytes line size and L2 - 128 bytes...
+
+.ident "aes-ia64.S, version 1.2"
+.ident "IA-64 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+.explicit
+.text
+
+rk0=r8; rk1=r9;
+
+pfssave=r2;
+lcsave=r10;
+prsave=r3;
+maskff=r11;
+twenty4=r14;
+sixteen=r15;
+
+te00=r16; te11=r17; te22=r18; te33=r19;
+te01=r20; te12=r21; te23=r22; te30=r23;
+te02=r24; te13=r25; te20=r26; te31=r27;
+te03=r28; te10=r29; te21=r30; te32=r31;
+
+// these are rotating...
+t0=r32; s0=r33;
+t1=r34; s1=r35;
+t2=r36; s2=r37;
+t3=r38; s3=r39;
+
+te0=r40; te1=r41; te2=r42; te3=r43;
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP addp4
+#else
+# define ADDP add
+#endif
+
+// Offsets from Te0
+#define TE0 0
+#define TE2 2
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define TE1 3
+#define TE3 1
+#else
+#define TE1 1
+#define TE3 3
+#endif
+
+// This implies that AES_KEY comprises 32-bit key schedule elements
+// even on LP64 platforms.
+#ifndef KSZ
+# define KSZ 4
+# define LDKEY ld4
+#endif
+
+.proc _ia64_AES_encrypt#
+// Input: rk0-rk1
+// te0
+// te3 as AES_KEY->rounds!!!
+// s0-s3
+// maskff,twenty4,sixteen
+// Output: r16,r20,r24,r28 as s0-s3
+// Clobber: r16-r31,rk0-rk1,r32-r43
+.align 32
+_ia64_AES_encrypt:
+ .prologue
+ .altrp b6
+ .body
+{ .mmi; alloc r16=ar.pfs,12,0,0,8
+ LDKEY t0=[rk0],2*KSZ
+ mov pr.rot=1<<16 }
+{ .mmi; LDKEY t1=[rk1],2*KSZ
+ add te1=TE1,te0
+ add te3=-3,te3 };;
+{ .mib; LDKEY t2=[rk0],2*KSZ
+ mov ar.ec=2 }
+{ .mib; LDKEY t3=[rk1],2*KSZ
+ add te2=TE2,te0
+ brp.loop.imp .Le_top,.Le_end-16 };;
+
+{ .mmi; xor s0=s0,t0
+ xor s1=s1,t1
+ mov ar.lc=te3 }
+{ .mmi; xor s2=s2,t2
+ xor s3=s3,t3
+ add te3=TE3,te0 };;
+
+.align 32
+.Le_top:
+{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ (p0) and te33=s3,maskff // 0/0:s3&0xff
+ (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ (p0) and te30=s0,maskff // 0/1:s0&0xff
+ (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ (p0) shladd te33=te33,3,te3 // 1/0:te0+s0>>24
+ (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ (p0) shladd te30=te30,3,te3 // 1/1:te3+s0
+ (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff]
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
+ (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0]
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
+ (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
+ (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
+ (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
+ (p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
+ (p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16
+{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
+ (p0) shladd te11=te11,3,te1 // 5/0:te1+s1>>16
+ (p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
+ (p0) and te31=s1,maskff };; // 5/2:s1&0xff
+{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16]
+ (p0) shladd te12=te12,3,te1 // 6/1:te1+s2>>16
+ (p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
+ (p0) and te32=s2,maskff };; // 6/3:s2&0xff
+
+{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16]
+ (p0) shladd te31=te31,3,te3 // 7/2:te3+s1&0xff
+ (p0) and te13=te13,maskff} // 7/2:s3>>16&0xff
+{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
+ (p0) shladd te32=te32,3,te3 // 7/3:te3+s2
+ (p0) xor t0=t0,te33 };; // 7/0:
+{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1]
+ (p0) shladd te13=te13,3,te1 // 8/2:te1+s3>>16
+ (p0) xor t0=t0,te22 } // 8/0:
+{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2]
+ (p0) shladd te10=te10,3,te1 // 8/3:te1+s0>>16
+ (p0) xor t1=t1,te30 };; // 8/1:
+{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16]
+ (p0) ld4 te10=[te10] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te11 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te12 // 13[11]/1:done!
+ (p0) xor t2=t2,te31 // 13[11]/2:
+ (p0) xor t3=t3,te32 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te13 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te10 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
+ br.ctop.sptk .Le_top };;
+.Le_end:
+
+
+{ .mmi; ld8 te12=[te0] // prefetch Te4
+ ld8 te31=[te1] }
+{ .mmi; ld8 te10=[te2]
+ ld8 te32=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te33=s3,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te30=s0,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te33=te33,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te30=te30,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te33=[te33] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te30=[te30] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te13=s3,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te11=te11,te0 // 5/0:te0+s1>>16
+ extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te31=s1,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te11=[te11] // 6/0:te0[s1>>16]
+ add te12=te12,te0 // 6/1:te0+s2>>16
+ extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te32=s2,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te12=[te12] // 7/1:te0[s2>>16]
+ add te31=te31,te0 // 7/2:te0+s1&0xff
+ dep te33=te22,te33,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te32=te32,te0 // 7/3:te0+s2
+ and te13=te13,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te31=[te31] // 8/2:te0[s1]
+ add te13=te13,te0 // 8/2:te0+s3>>16
+ dep te30=te23,te30,8,8} // 8/1:
+{ .mmi; ld1 te32=[te32] // 8/3:te0[s2]
+ add te10=te10,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te13=[te13] // 9/2:te0[s3>>16]
+ dep te33=te11,te33,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te10=[te10] // 10/3:te0[s0>>16]
+ dep te31=te20,te31,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te33 // 11/0:
+ dep te32=te21,te32,8,8 // 11/3:
+ shl te12=te12,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te31=te13,te31,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te32=te10,te32,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te30 // 14/1:
+ xor r24=t2,te31 // 14/2:done!
+ xor t3=t3,te32 };; // 14/3:
+{ .mib; xor r20=t1,te12 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
+.endp _ia64_AES_encrypt#
+
+// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
+.global AES_encrypt#
+.proc AES_encrypt#
+.align 32
+AES_encrypt:
+ .prologue
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
+ ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
+
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Te#-AES_encrypt#),r3 // Te0
+ .save pr,prsave
+ mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+
+ .body
+#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne p6,p0=out0,r0
+ add out0=4,in0
+(p6) br.dpnt.many .Le_i_unaligned };;
+
+{ .mmi; ld4 out1=[in0],8 // s0
+ and out9=3,in1
+ mov twenty4=24 }
+{ .mmi; ld4 out3=[out0],8 // s1
+ ADDP rk0=0,in2
+ mov sixteen=16 };;
+{ .mmi; ld4 out5=[in0] // s2
+ cmp.ne p6,p0=out9,r0
+ mov maskff=0xff }
+{ .mmb; ld4 out7=[out0] // s3
+ ADDP rk1=KSZ,in2
+ br.call.sptk.many b6=_ia64_AES_encrypt };;
+
+{ .mib; ADDP in0=4,in1
+ ADDP in1=0,in1
+(p6) br.spnt .Le_o_unaligned };;
+
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
+{ .mmi; st4 [in1]=r16,8 // s0
+ st4 [in0]=r20,8 // s1
+ mov pr=prsave,0x1ffff };;
+{ .mmb; st4 [in1]=r24 // s2
+ st4 [in0]=r28 // s3
+ br.ret.sptk.many b0 };;
+#endif
+
+.align 32
+.Le_i_unaligned:
+{ .mmi; add out0=1,in0
+ add out2=2,in0
+ add out4=3,in0 };;
+{ .mmi; ld1 r16=[in0],4
+ ld1 r17=[out0],4 }//;;
+{ .mmi; ld1 r18=[out2],4
+ ld1 out1=[out4],4 };; // s0
+{ .mmi; ld1 r20=[in0],4
+ ld1 r21=[out0],4 }//;;
+{ .mmi; ld1 r22=[out2],4
+ ld1 out3=[out4],4 };; // s1
+{ .mmi; ld1 r24=[in0],4
+ ld1 r25=[out0],4 }//;;
+{ .mmi; ld1 r26=[out2],4
+ ld1 out5=[out4],4 };; // s2
+{ .mmi; ld1 r28=[in0]
+ ld1 r29=[out0] }//;;
+{ .mmi; ld1 r30=[out2]
+ ld1 out7=[out4] };; // s3
+
+{ .mii;
+ dep out1=r16,out1,24,8 //;;
+ dep out3=r20,out3,24,8 }//;;
+{ .mii; ADDP rk0=0,in2
+ dep out5=r24,out5,24,8 //;;
+ dep out7=r28,out7,24,8 };;
+{ .mii; ADDP rk1=KSZ,in2
+ dep out1=r17,out1,16,8 //;;
+ dep out3=r21,out3,16,8 }//;;
+{ .mii; mov twenty4=24
+ dep out5=r25,out5,16,8 //;;
+ dep out7=r29,out7,16,8 };;
+{ .mii; mov sixteen=16
+ dep out1=r18,out1,8,8 //;;
+ dep out3=r22,out3,8,8 }//;;
+{ .mii; mov maskff=0xff
+ dep out5=r26,out5,8,8 //;;
+ dep out7=r30,out7,8,8 };;
+
+{ .mib; br.call.sptk.many b6=_ia64_AES_encrypt };;
+
+.Le_o_unaligned:
+{ .mii; ADDP out0=0,in1
+ extr.u r17=r16,8,8 // s0
+ shr.u r19=r16,twenty4 }//;;
+{ .mii; ADDP out1=1,in1
+ extr.u r18=r16,16,8
+ shr.u r23=r20,twenty4 }//;; // s1
+{ .mii; ADDP out2=2,in1
+ extr.u r21=r20,8,8
+ shr.u r22=r20,sixteen }//;;
+{ .mii; ADDP out3=3,in1
+ extr.u r25=r24,8,8 // s2
+ shr.u r27=r24,twenty4 };;
+{ .mii; st1 [out3]=r16,4
+ extr.u r26=r24,16,8
+ shr.u r31=r28,twenty4 }//;; // s3
+{ .mii; st1 [out2]=r17,4
+ extr.u r29=r28,8,8
+ shr.u r30=r28,sixteen }//;;
+
+{ .mmi; st1 [out1]=r18,4
+ st1 [out0]=r19,4 };;
+{ .mmi; st1 [out3]=r20,4
+ st1 [out2]=r21,4 }//;;
+{ .mmi; st1 [out1]=r22,4
+ st1 [out0]=r23,4 };;
+{ .mmi; st1 [out3]=r24,4
+ st1 [out2]=r25,4
+ mov pr=prsave,0x1ffff }//;;
+{ .mmi; st1 [out1]=r26,4
+ st1 [out0]=r27,4
+ mov ar.pfs=pfssave };;
+{ .mmi; st1 [out3]=r28
+ st1 [out2]=r29
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
+ br.ret.sptk.many b0 };;
+.endp AES_encrypt#
+
+// *AES_decrypt are autogenerated by the following script:
+#if 0
+#!/usr/bin/env perl
+print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";
+open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);
+print "#endif\n";
+while(<>) {
+ $process=1 if (/\.proc\s+_ia64_AES_encrypt/);
+ next if (!$process);
+
+ #s/te00=s0/td00=s0/; s/te00/td00/g;
+ s/te11=s1/td13=s3/; s/te11/td13/g;
+ #s/te22=s2/td22=s2/; s/te22/td22/g;
+ s/te33=s3/td31=s1/; s/te33/td31/g;
+
+ #s/te01=s1/td01=s1/; s/te01/td01/g;
+ s/te12=s2/td10=s0/; s/te12/td10/g;
+ #s/te23=s3/td23=s3/; s/te23/td23/g;
+ s/te30=s0/td32=s2/; s/te30/td32/g;
+
+ #s/te02=s2/td02=s2/; s/te02/td02/g;
+ s/te13=s3/td11=s1/; s/te13/td11/g;
+ #s/te20=s0/td20=s0/; s/te20/td20/g;
+ s/te31=s1/td33=s3/; s/te31/td33/g;
+
+ #s/te03=s3/td03=s3/; s/te03/td03/g;
+ s/te10=s0/td12=s2/; s/te10/td12/g;
+ #s/te21=s1/td21=s1/; s/te21/td21/g;
+ s/te32=s2/td30=s0/; s/te32/td30/g;
+
+ s/td/te/g;
+
+ s/AES_encrypt/AES_decrypt/g;
+ s/\.Le_/.Ld_/g;
+ s/AES_Te#/AES_Td#/g;
+
+ print;
+
+ exit if (/\.endp\s+AES_decrypt/);
+}
+#endif
+.proc _ia64_AES_decrypt#
+// Input: rk0-rk1
+// te0
+// te3 as AES_KEY->rounds!!!
+// s0-s3
+// maskff,twenty4,sixteen
+// Output: r16,r20,r24,r28 as s0-s3
+// Clobber: r16-r31,rk0-rk1,r32-r43
+.align 32
+_ia64_AES_decrypt:
+ .prologue
+ .altrp b6
+ .body
+{ .mmi; alloc r16=ar.pfs,12,0,0,8
+ LDKEY t0=[rk0],2*KSZ
+ mov pr.rot=1<<16 }
+{ .mmi; LDKEY t1=[rk1],2*KSZ
+ add te1=TE1,te0
+ add te3=-3,te3 };;
+{ .mib; LDKEY t2=[rk0],2*KSZ
+ mov ar.ec=2 }
+{ .mib; LDKEY t3=[rk1],2*KSZ
+ add te2=TE2,te0
+ brp.loop.imp .Ld_top,.Ld_end-16 };;
+
+{ .mmi; xor s0=s0,t0
+ xor s1=s1,t1
+ mov ar.lc=te3 }
+{ .mmi; xor s2=s2,t2
+ xor s3=s3,t3
+ add te3=TE3,te0 };;
+
+.align 32
+.Ld_top:
+{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ (p0) and te31=s1,maskff // 0/0:s3&0xff
+ (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ (p0) and te32=s2,maskff // 0/1:s0&0xff
+ (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ (p0) shladd te31=te31,3,te3 // 1/0:te0+s0>>24
+ (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ (p0) shladd te32=te32,3,te3 // 1/1:te3+s0
+ (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff]
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
+ (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0]
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
+ (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
+ (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
+ (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
+ (p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
+ (p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16
+{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
+ (p0) shladd te13=te13,3,te1 // 5/0:te1+s1>>16
+ (p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
+ (p0) and te33=s3,maskff };; // 5/2:s1&0xff
+{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16]
+ (p0) shladd te10=te10,3,te1 // 6/1:te1+s2>>16
+ (p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
+ (p0) and te30=s0,maskff };; // 6/3:s2&0xff
+
+{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16]
+ (p0) shladd te33=te33,3,te3 // 7/2:te3+s1&0xff
+ (p0) and te11=te11,maskff} // 7/2:s3>>16&0xff
+{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
+ (p0) shladd te30=te30,3,te3 // 7/3:te3+s2
+ (p0) xor t0=t0,te31 };; // 7/0:
+{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1]
+ (p0) shladd te11=te11,3,te1 // 8/2:te1+s3>>16
+ (p0) xor t0=t0,te22 } // 8/0:
+{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2]
+ (p0) shladd te12=te12,3,te1 // 8/3:te1+s0>>16
+ (p0) xor t1=t1,te32 };; // 8/1:
+{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16]
+ (p0) ld4 te12=[te12] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te13 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te10 // 13[11]/1:done!
+ (p0) xor t2=t2,te33 // 13[11]/2:
+ (p0) xor t3=t3,te30 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te11 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te12 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
+ br.ctop.sptk .Ld_top };;
+.Ld_end:
+
+
+{ .mmi; ld8 te10=[te0] // prefetch Td4
+ ld8 te33=[te1] }
+{ .mmi; ld8 te12=[te2]
+ ld8 te30=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te31=s1,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te32=s2,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te31=te31,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te32=te32,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te31=[te31] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te32=[te32] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te11=s1,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te13=te13,te0 // 5/0:te0+s1>>16
+ extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te33=s3,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te13=[te13] // 6/0:te0[s1>>16]
+ add te10=te10,te0 // 6/1:te0+s2>>16
+ extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te30=s0,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te10=[te10] // 7/1:te0[s2>>16]
+ add te33=te33,te0 // 7/2:te0+s1&0xff
+ dep te31=te22,te31,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te30=te30,te0 // 7/3:te0+s2
+ and te11=te11,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te33=[te33] // 8/2:te0[s1]
+ add te11=te11,te0 // 8/2:te0+s3>>16
+ dep te32=te23,te32,8,8} // 8/1:
+{ .mmi; ld1 te30=[te30] // 8/3:te0[s2]
+ add te12=te12,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te11=[te11] // 9/2:te0[s3>>16]
+ dep te31=te13,te31,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te12=[te12] // 10/3:te0[s0>>16]
+ dep te33=te20,te33,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te31 // 11/0:
+ dep te30=te21,te30,8,8 // 11/3:
+ shl te10=te10,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te33=te11,te33,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te30=te12,te30,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te32 // 14/1:
+ xor r24=t2,te33 // 14/2:done!
+ xor t3=t3,te30 };; // 14/3:
+{ .mib; xor r20=t1,te10 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
+.endp _ia64_AES_decrypt#
+
+// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
+.global AES_decrypt#
+.proc AES_decrypt#
+.align 32
+AES_decrypt:
+ .prologue
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
+ ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
+
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Td#-AES_decrypt#),r3 // Te0
+ .save pr,prsave
+ mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+
+ .body
+#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne p6,p0=out0,r0
+ add out0=4,in0
+(p6) br.dpnt.many .Ld_i_unaligned };;
+
+{ .mmi; ld4 out1=[in0],8 // s0
+ and out9=3,in1
+ mov twenty4=24 }
+{ .mmi; ld4 out3=[out0],8 // s1
+ ADDP rk0=0,in2
+ mov sixteen=16 };;
+{ .mmi; ld4 out5=[in0] // s2
+ cmp.ne p6,p0=out9,r0
+ mov maskff=0xff }
+{ .mmb; ld4 out7=[out0] // s3
+ ADDP rk1=KSZ,in2
+ br.call.sptk.many b6=_ia64_AES_decrypt };;
+
+{ .mib; ADDP in0=4,in1
+ ADDP in1=0,in1
+(p6) br.spnt .Ld_o_unaligned };;
+
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
+{ .mmi; st4 [in1]=r16,8 // s0
+ st4 [in0]=r20,8 // s1
+ mov pr=prsave,0x1ffff };;
+{ .mmb; st4 [in1]=r24 // s2
+ st4 [in0]=r28 // s3
+ br.ret.sptk.many b0 };;
+#endif
+
+.align 32
+.Ld_i_unaligned:
+{ .mmi; add out0=1,in0
+ add out2=2,in0
+ add out4=3,in0 };;
+{ .mmi; ld1 r16=[in0],4
+ ld1 r17=[out0],4 }//;;
+{ .mmi; ld1 r18=[out2],4
+ ld1 out1=[out4],4 };; // s0
+{ .mmi; ld1 r20=[in0],4
+ ld1 r21=[out0],4 }//;;
+{ .mmi; ld1 r22=[out2],4
+ ld1 out3=[out4],4 };; // s1
+{ .mmi; ld1 r24=[in0],4
+ ld1 r25=[out0],4 }//;;
+{ .mmi; ld1 r26=[out2],4
+ ld1 out5=[out4],4 };; // s2
+{ .mmi; ld1 r28=[in0]
+ ld1 r29=[out0] }//;;
+{ .mmi; ld1 r30=[out2]
+ ld1 out7=[out4] };; // s3
+
+{ .mii;
+ dep out1=r16,out1,24,8 //;;
+ dep out3=r20,out3,24,8 }//;;
+{ .mii; ADDP rk0=0,in2
+ dep out5=r24,out5,24,8 //;;
+ dep out7=r28,out7,24,8 };;
+{ .mii; ADDP rk1=KSZ,in2
+ dep out1=r17,out1,16,8 //;;
+ dep out3=r21,out3,16,8 }//;;
+{ .mii; mov twenty4=24
+ dep out5=r25,out5,16,8 //;;
+ dep out7=r29,out7,16,8 };;
+{ .mii; mov sixteen=16
+ dep out1=r18,out1,8,8 //;;
+ dep out3=r22,out3,8,8 }//;;
+{ .mii; mov maskff=0xff
+ dep out5=r26,out5,8,8 //;;
+ dep out7=r30,out7,8,8 };;
+
+{ .mib; br.call.sptk.many b6=_ia64_AES_decrypt };;
+
+.Ld_o_unaligned:
+{ .mii; ADDP out0=0,in1
+ extr.u r17=r16,8,8 // s0
+ shr.u r19=r16,twenty4 }//;;
+{ .mii; ADDP out1=1,in1
+ extr.u r18=r16,16,8
+ shr.u r23=r20,twenty4 }//;; // s1
+{ .mii; ADDP out2=2,in1
+ extr.u r21=r20,8,8
+ shr.u r22=r20,sixteen }//;;
+{ .mii; ADDP out3=3,in1
+ extr.u r25=r24,8,8 // s2
+ shr.u r27=r24,twenty4 };;
+{ .mii; st1 [out3]=r16,4
+ extr.u r26=r24,16,8
+ shr.u r31=r28,twenty4 }//;; // s3
+{ .mii; st1 [out2]=r17,4
+ extr.u r29=r28,8,8
+ shr.u r30=r28,sixteen }//;;
+
+{ .mmi; st1 [out1]=r18,4
+ st1 [out0]=r19,4 };;
+{ .mmi; st1 [out3]=r20,4
+ st1 [out2]=r21,4 }//;;
+{ .mmi; st1 [out1]=r22,4
+ st1 [out0]=r23,4 };;
+{ .mmi; st1 [out3]=r24,4
+ st1 [out2]=r25,4
+ mov pr=prsave,0x1ffff }//;;
+{ .mmi; st1 [out1]=r26,4
+ st1 [out0]=r27,4
+ mov ar.pfs=pfssave };;
+{ .mmi; st1 [out3]=r28
+ st1 [out2]=r29
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
+ br.ret.sptk.many b0 };;
+.endp AES_decrypt#
+
+// leave it in .text segment...
+.align 64
+.global AES_Te#
+.type AES_Te#, at object
+AES_Te: data4 0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
+ data4 0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
+ data4 0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
+ data4 0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
+ data4 0x60303050,0x60303050, 0x02010103,0x02010103
+ data4 0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
+ data4 0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
+ data4 0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
+ data4 0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
+ data4 0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
+ data4 0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
+ data4 0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
+ data4 0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
+ data4 0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
+ data4 0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
+ data4 0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
+ data4 0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
+ data4 0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
+ data4 0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
+ data4 0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
+ data4 0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
+ data4 0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
+ data4 0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
+ data4 0x62313153,0x62313153, 0x2a15153f,0x2a15153f
+ data4 0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
+ data4 0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
+ data4 0x30181828,0x30181828, 0x379696a1,0x379696a1
+ data4 0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
+ data4 0x0e070709,0x0e070709, 0x24121236,0x24121236
+ data4 0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
+ data4 0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
+ data4 0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
+ data4 0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
+ data4 0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
+ data4 0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
+ data4 0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
+ data4 0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
+ data4 0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
+ data4 0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
+ data4 0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
+ data4 0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
+ data4 0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
+ data4 0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
+ data4 0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
+ data4 0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
+ data4 0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
+ data4 0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
+ data4 0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
+ data4 0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
+ data4 0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
+ data4 0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
+ data4 0x66333355,0x66333355, 0x11858594,0x11858594
+ data4 0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
+ data4 0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
+ data4 0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
+ data4 0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
+ data4 0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
+ data4 0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
+ data4 0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
+ data4 0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
+ data4 0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
+ data4 0xafdada75,0xafdada75, 0x42212163,0x42212163
+ data4 0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
+ data4 0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
+ data4 0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
+ data4 0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
+ data4 0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
+ data4 0x884444cc,0x884444cc, 0x2e171739,0x2e171739
+ data4 0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
+ data4 0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
+ data4 0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
+ data4 0x3219192b,0x3219192b, 0xe6737395,0xe6737395
+ data4 0xc06060a0,0xc06060a0, 0x19818198,0x19818198
+ data4 0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
+ data4 0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
+ data4 0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
+ data4 0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
+ data4 0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
+ data4 0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
+ data4 0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
+ data4 0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
+ data4 0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
+ data4 0x924949db,0x924949db, 0x0c06060a,0x0c06060a
+ data4 0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
+ data4 0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
+ data4 0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
+ data4 0x399191a8,0x399191a8, 0x319595a4,0x319595a4
+ data4 0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
+ data4 0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
+ data4 0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
+ data4 0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
+ data4 0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
+ data4 0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
+ data4 0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
+ data4 0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
+ data4 0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
+ data4 0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
+ data4 0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
+ data4 0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
+ data4 0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
+ data4 0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
+ data4 0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
+ data4 0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
+ data4 0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
+ data4 0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
+ data4 0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
+ data4 0x904848d8,0x904848d8, 0x06030305,0x06030305
+ data4 0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
+ data4 0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
+ data4 0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
+ data4 0x17868691,0x17868691, 0x99c1c158,0x99c1c158
+ data4 0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
+ data4 0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
+ data4 0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
+ data4 0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
+ data4 0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
+ data4 0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
+ data4 0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
+ data4 0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
+ data4 0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
+ data4 0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
+ data4 0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
+ data4 0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
+ data4 0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
+ data4 0x824141c3,0x824141c3, 0x299999b0,0x299999b0
+ data4 0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
+ data4 0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
+ data4 0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
+// Te4:
+ data1 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+ data1 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+ data1 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+ data1 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+ data1 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+ data1 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+ data1 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+ data1 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+ data1 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+ data1 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+ data1 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+ data1 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+ data1 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+ data1 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+ data1 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+ data1 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+ data1 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+ data1 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+ data1 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+ data1 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+ data1 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+ data1 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+ data1 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+ data1 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+ data1 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+ data1 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+ data1 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+ data1 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+ data1 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+ data1 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+ data1 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+ data1 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.size AES_Te#,2048+256 // HP-UX assembler fails to ".-AES_Te#"
+
+.align 64
+.global AES_Td#
+.type AES_Td#, at object
+AES_Td: data4 0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
+ data4 0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
+ data4 0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
+ data4 0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
+ data4 0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
+ data4 0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
+ data4 0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
+ data4 0x26354480,0x26354480, 0xb562a38f,0xb562a38f
+ data4 0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
+ data4 0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
+ data4 0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
+ data4 0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
+ data4 0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
+ data4 0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
+ data4 0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
+ data4 0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
+ data4 0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
+ data4 0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
+ data4 0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
+ data4 0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
+ data4 0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
+ data4 0x97513360,0x97513360, 0x62537f45,0x62537f45
+ data4 0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
+ data4 0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
+ data4 0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
+ data4 0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
+ data4 0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
+ data4 0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
+ data4 0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
+ data4 0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
+ data4 0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
+ data4 0x02036aba,0x02036aba, 0xed16825c,0xed16825c
+ data4 0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
+ data4 0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
+ data4 0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
+ data4 0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
+ data4 0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
+ data4 0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
+ data4 0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
+ data4 0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
+ data4 0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
+ data4 0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
+ data4 0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
+ data4 0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
+ data4 0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
+ data4 0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
+ data4 0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
+ data4 0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
+ data4 0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
+ data4 0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
+ data4 0x09808683,0x09808683, 0x322bed48,0x322bed48
+ data4 0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
+ data4 0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
+ data4 0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
+ data4 0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
+ data4 0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
+ data4 0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
+ data4 0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
+ data4 0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
+ data4 0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
+ data4 0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
+ data4 0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
+ data4 0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
+ data4 0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
+ data4 0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
+ data4 0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
+ data4 0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
+ data4 0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
+ data4 0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
+ data4 0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
+ data4 0xd731dcca,0xd731dcca, 0x42638510,0x42638510
+ data4 0x13972240,0x13972240, 0x84c61120,0x84c61120
+ data4 0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
+ data4 0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
+ data4 0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
+ data4 0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
+ data4 0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
+ data4 0x119448fa,0x119448fa, 0x47e96422,0x47e96422
+ data4 0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
+ data4 0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
+ data4 0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
+ data4 0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
+ data4 0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
+ data4 0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
+ data4 0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
+ data4 0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
+ data4 0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
+ data4 0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
+ data4 0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
+ data4 0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
+ data4 0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
+ data4 0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
+ data4 0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
+ data4 0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
+ data4 0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
+ data4 0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
+ data4 0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
+ data4 0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
+ data4 0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
+ data4 0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
+ data4 0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
+ data4 0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
+ data4 0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
+ data4 0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
+ data4 0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
+ data4 0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
+ data4 0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
+ data4 0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
+ data4 0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
+ data4 0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
+ data4 0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
+ data4 0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
+ data4 0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
+ data4 0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
+ data4 0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
+ data4 0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
+ data4 0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
+ data4 0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
+ data4 0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
+ data4 0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
+ data4 0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
+ data4 0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
+ data4 0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
+ data4 0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
+ data4 0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
+ data4 0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
+ data4 0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
+ data4 0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
+// Td4:
+ data1 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+ data1 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+ data1 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+ data1 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+ data1 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+ data1 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+ data1 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+ data1 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+ data1 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+ data1 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+ data1 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+ data1 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+ data1 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+ data1 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+ data1 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+ data1 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+ data1 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+ data1 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+ data1 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+ data1 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+ data1 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+ data1 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+ data1 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+ data1 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+ data1 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+ data1 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+ data1 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+ data1 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+ data1 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+ data1 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+ data1 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+ data1 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size AES_Td#,2048+256 // HP-UX assembler fails to ".-AES_Td#"
Added: vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1591 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 1.2.
+#
+# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
+# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
+# [you'll notice a lot of resemblance], such as compressed S-boxes
+# in little-endian byte order, prefetch of these tables in CBC mode,
+# as well as avoiding L1 cache aliasing between stack frame and key
+# schedule and already mentioned tables, compressed Td4...
+#
+# Performance in number of cycles per processed byte for 128-bit key:
+#
+# ECB CBC encrypt
+# AMD64 13.7 13.0(*)
+# EM64T 20.2 18.6(*)
+#
+# (*) CBC benchmarks are better than ECB thanks to custom ABI used
+# by the private block encryption function.
+
+$verticalspin=1; # unlike 32-bit version $verticalspin performs
+ # ~15% better on both AMD and Intel cores
+$output=shift;
+open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+
+$code=".text\n";
+
+$s0="%eax";
+$s1="%ebx";
+$s2="%ecx";
+$s3="%edx";
+$acc0="%esi";
+$acc1="%edi";
+$acc2="%ebp";
+$inp="%r8";
+$out="%r9";
+$t0="%r10d";
+$t1="%r11d";
+$t2="%r12d";
+$rnds="%r13d";
+$sbox="%r14";
+$key="%r15";
+
+sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
+sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
+ $r =~ s/%[er]([sd]i)/%\1l/;
+ $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+sub data_word()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".long\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
+ $code.=sprintf"0x%08x\n",$last;
+}
+
+sub data_byte()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".byte\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
+ $code.=sprintf"0x%02x\n",$last&0xff;
+}
+
+sub encvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ shr \$16,$s2
+ movzb `&hi("$s0")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ mov 12($key),$s3
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ mov 0($key),$s0
+ xor 1($sbox,$acc1,8),$t2
+ xor 1($sbox,$acc2,8),$t3
+
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub enclastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 2($sbox,$acc0,8),$t0
+ mov 2($sbox,$acc1,8),$t1
+ mov 2($sbox,$acc2,8),$t2
+
+ and \$0x000000ff,$t0
+ and \$0x000000ff,$t1
+ and \$0x000000ff,$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ mov 2($sbox,$acc0,8),$t3
+ mov 0($sbox,$acc1,8),$acc1 #$t0
+ mov 0($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x000000ff,$t3
+ and \$0x0000ff00,$acc1
+ and \$0x0000ff00,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ shr \$16,$s3
+ mov 0($sbox,$acc0,8),$acc0 #$t2
+ mov 0($sbox,$acc1,8),$acc1 #$t3
+
+ and \$0x0000ff00,$acc0
+ and \$0x0000ff00,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t0
+ mov 0($sbox,$acc1,8),$acc1 #$t1
+ mov 0($sbox,$acc2,8),$acc2 #$t2
+
+ and \$0x00ff0000,$acc0
+ and \$0x00ff0000,$acc1
+ and \$0x00ff0000,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t3
+ mov 2($sbox,$acc1,8),$acc1 #$t0
+ mov 2($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x00ff0000,$acc0
+ and \$0xff000000,$acc1
+ and \$0xff000000,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ mov 16+12($key),$s3
+ mov 2($sbox,$acc0,8),$acc0 #$t2
+ mov 2($sbox,$acc1,8),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ and \$0xff000000,$acc0
+ and \$0xff000000,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub encstep()
+{ my ($i, at s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" lea 16($key),$key\n" if ($i==0);
+
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" mov 0($sbox,$out,8),$out\n";
+
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+ $code.=" xor 4*$i($key),$out\n";
+
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub enclast()
+{ my ($i, at s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+
+ $code.=" mov 2($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $code.=" and \$0x000000ff,$out\n";
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" mov 0($sbox,$tmp0,8),$tmp0\n";
+ $code.=" mov 0($sbox,$tmp1,8),$tmp1\n";
+ $code.=" mov 2($sbox,$tmp2,8),$tmp2\n";
+
+ $code.=" and \$0x0000ff00,$tmp0\n";
+ $code.=" and \$0x00ff0000,$tmp1\n";
+ $code.=" and \$0xff000000,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_encrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_encrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Lenc_loop
+.align 16
+.Lenc_loop:
+___
+ if ($verticalspin) { &encvert(); }
+ else { &encstep(0,$s0,$s1,$s2,$s3);
+ &encstep(1,$s1,$s2,$s3,$s0);
+ &encstep(2,$s2,$s3,$s0,$s1);
+ &encstep(3,$s3,$s0,$s1,$s2);
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Lenc_loop
+___
+ if ($verticalspin) { &enclastvert(); }
+ else { &enclast(0,$s0,$s1,$s2,$s3);
+ &enclast(1,$s1,$s2,$s3,$s0);
+ &enclast(2,$s2,$s3,$s0,$s1);
+ &enclast(3,$s3,$s0,$s1,$s2);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
+___
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_encrypt
+.type AES_encrypt,\@function,3
+.align 16
+AES_encrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ mov %rdx,$key
+ mov %rdi,$inp
+ mov %rsi,$out
+
+ .picmeup $sbox
+ lea AES_Te-.($sbox),$sbox
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ call _x86_64_AES_encrypt
+
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ ret
+.size AES_encrypt,.-AES_encrypt
+___
+
+#------------------------------------------------------------------#
+
+sub decvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s1")`,$acc0
+ shr \$16,$s0
+ movzb `&hi("$s2")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ mov 12($key),$s3
+ movzb `&hi("$s0")`,$acc2
+ xor 1($sbox,$acc0,8),$t2
+ mov 0($key),$s0
+ xor 1($sbox,$acc2,8),$t3
+
+ xor $t0,$s0
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t2,$s2
+ xor $t1,$s1
+ xor $t3,$s3
+___
+}
+
+sub declastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ movzb 2048($sbox,$acc0,1),$t0
+ movzb 2048($sbox,$acc1,1),$t1
+ movzb 2048($sbox,$acc2,1),$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ movzb 2048($sbox,$acc0,1),$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$8,$acc1
+ shl \$8,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s3
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ shr \$16,$s0
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
+
+ shl \$8,$acc0
+ shl \$8,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ movzb 2048($sbox,$acc0,1),$acc0 #$t0
+ movzb 2048($sbox,$acc1,1),$acc1 #$t1
+ movzb 2048($sbox,$acc2,1),$acc2 #$t2
+
+ shl \$16,$acc0
+ shl \$16,$acc1
+ shl \$16,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ movzb 2048($sbox,$acc0,1),$acc0 #$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$16,$acc0
+ shl \$24,$acc1
+ shl \$24,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ mov 16+12($key),$s3
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ shl \$24,$acc0
+ shl \$24,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub decstep()
+{ my ($i, at s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" mov 0($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub declast()
+{ my ($i, at s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" movzb 2048($sbox,$out,1),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n";
+ $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n";
+ $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n";
+
+ $code.=" shl \$8,$tmp0\n";
+ $code.=" shl \$16,$tmp1\n";
+ $code.=" shl \$24,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_decrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_decrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Ldec_loop
+.align 16
+.Ldec_loop:
+___
+ if ($verticalspin) { &decvert(); }
+ else { &decstep(0,$s0,$s3,$s2,$s1);
+ &decstep(1,$s1,$s0,$s3,$s2);
+ &decstep(2,$s2,$s1,$s0,$s3);
+ &decstep(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ lea 16($key),$key
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+___
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Ldec_loop
+___
+ if ($verticalspin) { &declastvert(); }
+ else { &declast(0,$s0,$s3,$s2,$s1);
+ &declast(1,$s1,$s0,$s3,$s2);
+ &declast(2,$s2,$s1,$s0,$s3);
+ &declast(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
+___
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_decrypt
+.type AES_decrypt,\@function,3
+.align 16
+AES_decrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ mov %rdx,$key
+ mov %rdi,$inp
+ mov %rsi,$out
+
+ .picmeup $sbox
+ lea AES_Td-.($sbox),$sbox
+
+ # prefetch Td4
+ lea 2048+128($sbox),$sbox;
+ mov 0-128($sbox),$s0
+ mov 32-128($sbox),$s1
+ mov 64-128($sbox),$s2
+ mov 96-128($sbox),$s3
+ mov 128-128($sbox),$s0
+ mov 160-128($sbox),$s1
+ mov 192-128($sbox),$s2
+ mov 224-128($sbox),$s3
+ lea -2048-128($sbox),$sbox;
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ call _x86_64_AES_decrypt
+
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ ret
+.size AES_decrypt,.-AES_decrypt
+___
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+$code.=<<___;
+ movz %dl,%esi # rk[i]>>0
+ mov 2(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[i]>>8
+ and \$0xFF000000,%ebx
+ xor %ebx,%eax
+
+ mov 2(%rbp,%rsi,8),%ebx
+ shr \$16,%edx
+ and \$0x000000FF,%ebx
+ movz %dl,%esi # rk[i]>>16
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[i]>>24
+ and \$0x0000FF00,%ebx
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ and \$0x00FF0000,%ebx
+ xor %ebx,%eax
+
+ xor 2048(%rbp,%rcx,4),%eax # rcon
+___
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_encrypt_key
+.type AES_set_encrypt_key,\@function,3
+.align 16
+AES_set_encrypt_key:
+ push %rbx
+ push %rbp
+ sub \$8,%rsp
+
+ call _x86_64_AES_set_encrypt_key
+
+ mov 8(%rsp),%rbp
+ mov 16(%rsp),%rbx
+ add \$24,%rsp
+ ret
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align 16
+_x86_64_AES_set_encrypt_key:
+ mov %esi,%ecx # %ecx=bits
+ mov %rdi,%rsi # %rsi=userKey
+ mov %rdx,%rdi # %rdi=key
+
+ test \$-1,%rsi
+ jz .Lbadpointer
+ test \$-1,%rdi
+ jz .Lbadpointer
+
+ .picmeup %rbp
+ lea AES_Te-.(%rbp),%rbp
+
+ cmp \$128,%ecx
+ je .L10rounds
+ cmp \$192,%ecx
+ je .L12rounds
+ cmp \$256,%ecx
+ je .L14rounds
+ mov \$-2,%rax # invalid number of bits
+ jmp .Lexit
+
+.L10rounds:
+ mov 0(%rsi),%eax # copy first 4 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L10shortcut
+.align 4
+.L10loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 12(%rdi),%edx # rk[3]
+.L10shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,16(%rdi) # rk[4]
+ xor 4(%rdi),%eax
+ mov %eax,20(%rdi) # rk[5]
+ xor 8(%rdi),%eax
+ mov %eax,24(%rdi) # rk[6]
+ xor 12(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ add \$1,%ecx
+ lea 16(%rdi),%rdi
+ cmp \$10,%ecx
+ jl .L10loop
+
+ movl \$10,80(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L12rounds:
+ mov 0(%rsi),%eax # copy first 6 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%ecx
+ mov 20(%rsi),%edx
+ mov %ecx,16(%rdi)
+ mov %edx,20(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L12shortcut
+.align 4
+.L12loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 20(%rdi),%edx # rk[5]
+.L12shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,24(%rdi) # rk[6]
+ xor 4(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ xor 8(%rdi),%eax
+ mov %eax,32(%rdi) # rk[8]
+ xor 12(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+
+ cmp \$7,%ecx
+ je .L12break
+ add \$1,%ecx
+
+ xor 16(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 20(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ lea 24(%rdi),%rdi
+ jmp .L12loop
+.L12break:
+ movl \$12,72(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L14rounds:
+ mov 0(%rsi),%eax # copy first 8 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%eax
+ mov 20(%rsi),%ebx
+ mov 24(%rsi),%ecx
+ mov 28(%rsi),%edx
+ mov %eax,16(%rdi)
+ mov %ebx,20(%rdi)
+ mov %ecx,24(%rdi)
+ mov %edx,28(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L14shortcut
+.align 4
+.L14loop:
+ mov 28(%rdi),%edx # rk[4]
+.L14shortcut:
+ mov 0(%rdi),%eax # rk[0]
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,32(%rdi) # rk[8]
+ xor 4(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+ xor 8(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 12(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ cmp \$6,%ecx
+ je .L14break
+ add \$1,%ecx
+
+ mov %eax,%edx
+ mov 16(%rdi),%eax # rk[4]
+ movz %dl,%esi # rk[11]>>0
+ mov 2(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[11]>>8
+ and \$0x000000FF,%ebx
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ shr \$16,%edx
+ and \$0x0000FF00,%ebx
+ movz %dl,%esi # rk[11]>>16
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[11]>>24
+ and \$0x00FF0000,%ebx
+ xor %ebx,%eax
+
+ mov 2(%rbp,%rsi,8),%ebx
+ and \$0xFF000000,%ebx
+ xor %ebx,%eax
+
+ mov %eax,48(%rdi) # rk[12]
+ xor 20(%rdi),%eax
+ mov %eax,52(%rdi) # rk[13]
+ xor 24(%rdi),%eax
+ mov %eax,56(%rdi) # rk[14]
+ xor 28(%rdi),%eax
+ mov %eax,60(%rdi) # rk[15]
+
+ lea 32(%rdi),%rdi
+ jmp .L14loop
+.L14break:
+ movl \$14,48(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.Lbadpointer:
+ mov \$-1,%rax
+.Lexit:
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+___
+
+sub deckey()
+{ my ($i,$ptr,$te,$td) = @_;
+$code.=<<___;
+ mov $i($ptr),%eax
+ mov %eax,%edx
+ movz %ah,%ebx
+ shr \$16,%edx
+ and \$0xFF,%eax
+ movzb 2($te,%rax,8),%rax
+ movzb 2($te,%rbx,8),%rbx
+ mov 0($td,%rax,8),%eax
+ xor 3($td,%rbx,8),%eax
+ movzb %dh,%ebx
+ and \$0xFF,%edx
+ movzb 2($te,%rdx,8),%rdx
+ movzb 2($te,%rbx,8),%rbx
+ xor 2($td,%rdx,8),%eax
+ xor 1($td,%rbx,8),%eax
+ mov %eax,$i($ptr)
+___
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_decrypt_key
+.type AES_set_decrypt_key,\@function,3
+.align 16
+AES_set_decrypt_key:
+ push %rbx
+ push %rbp
+ push %rdx # save key schedule
+
+ call _x86_64_AES_set_encrypt_key
+ mov (%rsp),%r8 # restore key schedule
+ cmp \$0,%eax
+ jne .Labort
+
+ mov 240(%r8),%ecx # pull number of rounds
+ xor %rdi,%rdi
+ lea (%rdi,%rcx,4),%rcx
+ mov %r8,%rsi
+ lea (%r8,%rcx,4),%rdi # pointer to last chunk
+.align 4
+.Linvert:
+ mov 0(%rsi),%rax
+ mov 8(%rsi),%rbx
+ mov 0(%rdi),%rcx
+ mov 8(%rdi),%rdx
+ mov %rax,0(%rdi)
+ mov %rbx,8(%rdi)
+ mov %rcx,0(%rsi)
+ mov %rdx,8(%rsi)
+ lea 16(%rsi),%rsi
+ lea -16(%rdi),%rdi
+ cmp %rsi,%rdi
+ jne .Linvert
+
+ .picmeup %r9
+ lea AES_Td-.(%r9),%rdi
+ lea AES_Te-AES_Td(%rdi),%r9
+
+ mov %r8,%rsi
+ mov 240(%r8),%ecx # pull number of rounds
+ sub \$1,%ecx
+.align 4
+.Lpermute:
+ lea 16(%rsi),%rsi
+___
+ &deckey (0,"%rsi","%r9","%rdi");
+ &deckey (4,"%rsi","%r9","%rdi");
+ &deckey (8,"%rsi","%r9","%rdi");
+ &deckey (12,"%rsi","%r9","%rdi");
+$code.=<<___;
+ sub \$1,%ecx
+ jnz .Lpermute
+
+ xor %rax,%rax
+.Labort:
+ mov 8(%rsp),%rbp
+ mov 16(%rsp),%rbx
+ add \$24,%rsp
+ ret
+.size AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -8(%rsp) return address
+my $_rsp="0(%rsp)"; # saved %rsp
+my $_len="8(%rsp)"; # copy of 3rd parameter, length
+my $_key="16(%rsp)"; # copy of 4th parameter, key
+my $_ivp="24(%rsp)"; # copy of 5th parameter, ivp
+my $keyp="32(%rsp)"; # one to pass as $key
+my $ivec="40(%rsp)"; # ivec[16]
+my $aes_key="56(%rsp)"; # copy of aes_key
+my $mark="56+240(%rsp)"; # copy of aes_key->rounds
+
+$code.=<<___;
+.globl AES_cbc_encrypt
+.type AES_cbc_encrypt,\@function,6
+.align 16
+AES_cbc_encrypt:
+ cmp \$0,%rdx # check length
+ je .Lcbc_just_ret
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ cld
+ mov %r9d,%r9d # clear upper half of enc
+
+ .picmeup $sbox
+.Lcbc_pic_point:
+
+ cmp \$0,%r9
+ je .LDECRYPT
+
+ lea AES_Te-.Lcbc_pic_point($sbox),$sbox
+
+ # allocate aligned stack frame...
+ lea -64-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make it doesn't alias with AES_Te modulo 4096
+ mov $sbox,%r10
+ lea 2048($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_te_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_te_ok
+.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_te_ok:
+
+ xchg %rsp,$key
+ add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2048,%r10
+ jb .Lcbc_do_ecopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_ecopy
+.align 4
+.Lcbc_do_ecopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
+.Lcbc_skip_ecopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$16,%ecx
+.align 4
+.Lcbc_prefetch_te:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_te
+ sub \$2048,$sbox
+
+ test \$-16,%rdx # check upon length
+ mov %rdx,%r10
+ mov 0(%rbp),$s0 # load iv
+ mov 4(%rbp),$s1
+ mov 8(%rbp),$s2
+ mov 12(%rbp),$s3
+ jz .Lcbc_enc_tail # short input...
+
+.align 4
+.Lcbc_enc_loop:
+ xor 0($inp),$s0
+ xor 4($inp),$s1
+ xor 8($inp),$s2
+ xor 12($inp),$s3
+ mov $inp,$ivec # if ($verticalspin) save inp
+
+ mov $keyp,$key # restore key
+ call _x86_64_AES_encrypt
+
+ mov $ivec,$inp # if ($verticalspin) restore inp
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov $_len,%r10
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%r10
+ test \$-16,%r10
+ mov %r10,$_len
+ jnz .Lcbc_enc_loop
+ test \$15,%r10
+ jnz .Lcbc_enc_tail
+ mov $_ivp,%rbp # restore ivp
+ mov $s0,0(%rbp) # save ivec
+ mov $s1,4(%rbp)
+ mov $s2,8(%rbp)
+ mov $s3,12(%rbp)
+
+.align 4
+.Lcbc_cleanup:
+ cmpl \$0,$mark # was the key schedule copied?
+ lea $aes_key,%rdi
+ je .Lcbc_exit
+ mov \$240/8,%ecx
+ xor %rax,%rax
+ .long 0x90AB48F3 # rep stosq
+.Lcbc_exit:
+ mov $_rsp,%rsp
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+.Lcbc_just_ret:
+ ret
+.align 4
+.Lcbc_enc_tail:
+ mov %rax,%r11
+ mov %rcx,%r12
+ mov %r10,%rcx
+ mov $inp,%rsi
+ mov $out,%rdi
+ .long 0xF689A4F3 # rep movsb
+ mov \$16,%rcx # zero tail
+ sub %r10,%rcx
+ xor %rax,%rax
+ .long 0xF689AAF3 # rep stosb
+ mov $out,$inp # this is not a mistake!
+ movq \$16,$_len # len=16
+ mov %r11,%rax
+ mov %r12,%rcx
+ jmp .Lcbc_enc_loop # one more spin...
+#----------------------------- DECRYPT -----------------------------#
+.align 16
+.LDECRYPT:
+ lea AES_Td-.Lcbc_pic_point($sbox),$sbox
+
+ # allocate aligned stack frame...
+ lea -64-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make it doesn't alias with AES_Td modulo 4096
+ mov $sbox,%r10
+ lea 2304($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048+256)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_td_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_td_ok
+.Lcbc_td_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_td_ok:
+
+ xchg %rsp,$key
+ add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2304,%r10
+ jb .Lcbc_do_dcopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_dcopy
+.align 4
+.Lcbc_do_dcopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
+.Lcbc_skip_dcopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$18,%ecx
+.align 4
+.Lcbc_prefetch_td:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_td
+ sub \$2304,$sbox
+
+ cmp $inp,$out
+ je .Lcbc_dec_in_place
+
+ mov %rbp,$ivec
+.align 4
+.Lcbc_dec_loop:
+ mov 0($inp),$s0 # read input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+ mov $inp,8+$ivec # if ($verticalspin) save inp
+
+ mov $keyp,$key # restore key
+ call _x86_64_AES_decrypt
+
+ mov $ivec,%rbp # load ivp
+ mov 8+$ivec,$inp # if ($verticalspin) restore inp
+ xor 0(%rbp),$s0 # xor iv
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
+ mov $inp,%rbp # current input, next iv
+
+ mov $_len,%r10 # load len
+ sub \$16,%r10
+ jc .Lcbc_dec_partial
+ mov %r10,$_len # update len
+ mov %rbp,$ivec # update ivp
+
+ mov $s0,0($out) # write output
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ jnz .Lcbc_dec_loop
+.Lcbc_dec_end:
+ mov $_ivp,%r12 # load user ivp
+ mov 0(%rbp),%r10 # load iv
+ mov 8(%rbp),%r11
+ mov %r10,0(%r12) # copy back to user
+ mov %r11,8(%r12)
+ jmp .Lcbc_cleanup
+
+.align 4
+.Lcbc_dec_partial:
+ mov $s0,0+$ivec # dump output to stack
+ mov $s1,4+$ivec
+ mov $s2,8+$ivec
+ mov $s3,12+$ivec
+ mov $out,%rdi
+ lea $ivec,%rsi
+ mov \$16,%rcx
+ add %r10,%rcx # number of bytes to copy
+ .long 0xF689A4F3 # rep movsb
+ jmp .Lcbc_dec_end
+
+.align 16
+.Lcbc_dec_in_place:
+ mov 0($inp),$s0 # load input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ mov $inp,$ivec # if ($verticalspin) save inp
+ mov $keyp,$key
+ call _x86_64_AES_decrypt
+
+ mov $ivec,$inp # if ($verticalspin) restore inp
+ mov $_ivp,%rbp
+ xor 0(%rbp),$s0
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
+
+ mov 0($inp),%r10 # copy input to iv
+ mov 8($inp),%r11
+ mov %r10,0(%rbp)
+ mov %r11,8(%rbp)
+
+ mov $s0,0($out) # save output [zaps input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov $_len,%rcx
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%rcx
+ jc .Lcbc_dec_in_place_partial
+ mov %rcx,$_len
+ jnz .Lcbc_dec_in_place
+ jmp .Lcbc_cleanup
+
+.align 4
+.Lcbc_dec_in_place_partial:
+ # one can argue if this is actually required
+ lea ($out,%rcx),%rdi
+ lea (%rbp,%rcx),%rsi
+ neg %rcx
+ .long 0xF689A4F3 # rep movsb # restore tail
+ jmp .Lcbc_cleanup
+.size AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+
+$code.=<<___;
+.globl AES_Te
+.align 64
+AES_Te:
+___
+ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+ &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+ &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+ &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+ &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+ &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+ &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+ &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+ &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+ &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+ &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+ &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+ &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+ &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+ &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+ &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+ &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+ &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+ &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+ &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+ &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+ &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+ &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+ &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+ &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+ &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+ &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+ &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+ &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+ &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+ &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+ &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+ &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+ &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+ &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+ &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+ &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+ &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+ &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+ &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+ &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+ &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+ &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+ &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+ &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+ &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+ &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+ &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+ &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+ &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+ &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+ &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+ &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+ &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+ &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+ &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+ &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+ &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+ &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+ &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+ &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+ &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+ &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#rcon:
+$code.=<<___;
+ .long 0x00000001, 0x00000002, 0x00000004, 0x00000008
+ .long 0x00000010, 0x00000020, 0x00000040, 0x00000080
+ .long 0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
+___
+$code.=<<___;
+.globl AES_Td
+.align 64
+AES_Td:
+___
+ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+ &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+ &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+ &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+ &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+ &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+ &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+ &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+ &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+ &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+ &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+ &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+ &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+ &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+ &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+ &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+ &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+ &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+ &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+ &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+ &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+ &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+ &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+ &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+ &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+ &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+ &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+ &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+ &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+ &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+ &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+ &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+ &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+ &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+ &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+ &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+ &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+ &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+ &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+ &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+ &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+ &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+ &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+ &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+ &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+ &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+ &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+ &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+ &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+ &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+ &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+ &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+ &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+ &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+ &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+ &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+ &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+ &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+ &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+ &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+ &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+ &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+ &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+#Td4:
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
Added: vendor-crypto/openssl/dist/crypto/asn1/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,904 @@
+#
+# OpenSSL/crypto/asn1/Makefile
+#
+
+DIR= asn1
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+ a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+ d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+ f_int.c f_string.c n_pkey.c \
+ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+ d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+ f_int.o f_string.o n_pkey.o \
+ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+ asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test: test.c
+ cc -g -I../../include -c test.c
+ cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk: pk.c
+ cc -g -I../../include -c pk.c
+ cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bytes.o: ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_i2d_fp.o: ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_mbstr.o: ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_octet.o: ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_print.o: ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strnid.o: ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_err.o: ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+asn1_gen.o: ../cryptlib.h asn1_gen.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_par.o: ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_mime.o: ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn_mime.c
+asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_pkey.o: ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_dec.o: ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
Added: vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,225 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_BIT_STRING_set(x, d, len); }
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+ {
+ int ret,j,bits,len;
+ unsigned char *p,*d;
+
+ if (a == NULL) return(0);
+
+ len=a->length;
+
+ if (len > 0)
+ {
+ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
+ {
+ bits=(int)a->flags&0x07;
+ }
+ else
+ {
+ for ( ; len > 0; len--)
+ {
+ if (a->data[len-1]) break;
+ }
+ j=a->data[len-1];
+ if (j & 0x01) bits=0;
+ else if (j & 0x02) bits=1;
+ else if (j & 0x04) bits=2;
+ else if (j & 0x08) bits=3;
+ else if (j & 0x10) bits=4;
+ else if (j & 0x20) bits=5;
+ else if (j & 0x40) bits=6;
+ else if (j & 0x80) bits=7;
+ else bits=0; /* should not happen */
+ }
+ }
+ else
+ bits=0;
+
+ ret=1+len;
+ if (pp == NULL) return(ret);
+
+ p= *pp;
+
+ *(p++)=(unsigned char)bits;
+ d=a->data;
+ memcpy(p,d,len);
+ p+=len;
+ if (len > 0) p[-1]&=(0xff<<bits);
+ *pp=p;
+ return(ret);
+ }
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ const unsigned char **pp, long len)
+ {
+ ASN1_BIT_STRING *ret=NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ int i;
+
+ if (len < 1)
+ {
+ i=ASN1_R_STRING_TOO_SHORT;
+ goto err;
+ }
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
+ }
+ else
+ ret=(*a);
+
+ p= *pp;
+ i= *(p++);
+ /* We do this to preserve the settings. If we modify
+ * the settings, via the _set_bit function, we will recalculate
+ * on output */
+ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+
+ if (len-- > 1) /* using one because of the bits left byte */
+ {
+ s=(unsigned char *)OPENSSL_malloc((int)len);
+ if (s == NULL)
+ {
+ i=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ memcpy(s,p,(int)len);
+ s[len-1]&=(0xff<<i);
+ p+=len;
+ }
+ else
+ s=NULL;
+
+ ret->length=(int)len;
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ ret->data=s;
+ ret->type=V_ASN1_BIT_STRING;
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_BIT_STRING_free(ret);
+ return(NULL);
+ }
+
+/* These next 2 functions from Goetz Babin-Ebell <babinebell at trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+ {
+ int w,v,iv;
+ unsigned char *c;
+
+ w=n/8;
+ v=1<<(7-(n&0x07));
+ iv= ~v;
+ if (!value) v=0;
+
+ if (a == NULL)
+ return 0;
+
+ a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+
+ if ((a->length < (w+1)) || (a->data == NULL))
+ {
+ if (!value) return(1); /* Don't need to set */
+ if (a->data == NULL)
+ c=(unsigned char *)OPENSSL_malloc(w+1);
+ else
+ c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+ a->length,
+ w+1);
+ if (c == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
+ a->data=c;
+ a->length=w+1;
+ }
+ a->data[w]=((a->data[w])&iv)|v;
+ while ((a->length > 0) && (a->data[a->length-1] == 0))
+ a->length--;
+ return(1);
+ }
+
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+ {
+ int w,v;
+
+ w=n/8;
+ v=1<<(7-(n&0x07));
+ if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+ return(0);
+ return((a->data[w]&v) != 0);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/a_bool.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bool.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_bool.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,114 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+ {
+ int r;
+ unsigned char *p;
+
+ r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+ if (pp == NULL) return(r);
+ p= *pp;
+
+ ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+ *(p++)= (unsigned char)a;
+ *pp=p;
+ return(r);
+ }
+
+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
+ {
+ int ret= -1;
+ const unsigned char *p;
+ long len;
+ int inf,tag,xclass;
+ int i=0;
+
+ p= *pp;
+ inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (inf & 0x80)
+ {
+ i=ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_BOOLEAN)
+ {
+ i=ASN1_R_EXPECTING_A_BOOLEAN;
+ goto err;
+ }
+
+ if (len != 1)
+ {
+ i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+ goto err;
+ }
+ ret= (int)*(p++);
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+ return(ret);
+ }
+
+
Added: vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,314 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+/* type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int type)
+ {
+ ASN1_STRING *ret=NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf,tag,xclass;
+ int i=0;
+
+ p= *pp;
+ inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (inf & 0x80) goto err;
+
+ if (tag >= 32)
+ {
+ i=ASN1_R_TAG_VALUE_TOO_HIGH;
+ goto err;
+ }
+ if (!(ASN1_tag2bit(tag) & type))
+ {
+ i=ASN1_R_WRONG_TYPE;
+ goto err;
+ }
+
+ /* If a bit-string, exit early */
+ if (tag == V_ASN1_BIT_STRING)
+ return(d2i_ASN1_BIT_STRING(a,pp,length));
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+ }
+ else
+ ret=(*a);
+
+ if (len != 0)
+ {
+ s=(unsigned char *)OPENSSL_malloc((int)len+1);
+ if (s == NULL)
+ {
+ i=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ memcpy(s,p,(int)len);
+ s[len]='\0';
+ p+=len;
+ }
+ else
+ s=NULL;
+
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ ret->length=(int)len;
+ ret->data=s;
+ ret->type=tag;
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_STRING_free(ret);
+ return(NULL);
+ }
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+ {
+ int ret,r,constructed;
+ unsigned char *p;
+
+ if (a == NULL) return(0);
+
+ if (tag == V_ASN1_BIT_STRING)
+ return(i2d_ASN1_BIT_STRING(a,pp));
+
+ ret=a->length;
+ r=ASN1_object_size(0,ret,tag);
+ if (pp == NULL) return(r);
+ p= *pp;
+
+ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+ constructed=1;
+ else
+ constructed=0;
+ ASN1_put_object(&p,constructed,ret,tag,xclass);
+ memcpy(p,a->data,a->length);
+ p+=a->length;
+ *pp= p;
+ return(r);
+ }
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int Ptag, int Pclass)
+ {
+ ASN1_STRING *ret=NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf,tag,xclass;
+ int i=0;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+ }
+ else
+ ret=(*a);
+
+ p= *pp;
+ inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (inf & 0x80)
+ {
+ i=ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != Ptag)
+ {
+ i=ASN1_R_WRONG_TAG;
+ goto err;
+ }
+
+ if (inf & V_ASN1_CONSTRUCTED)
+ {
+ ASN1_const_CTX c;
+
+ c.pp=pp;
+ c.p=p;
+ c.inf=inf;
+ c.slen=len;
+ c.tag=Ptag;
+ c.xclass=Pclass;
+ c.max=(length == 0)?0:(p+length);
+ if (!asn1_collate_primitive(ret,&c))
+ goto err;
+ else
+ {
+ p=c.p;
+ }
+ }
+ else
+ {
+ if (len != 0)
+ {
+ if ((ret->length < len) || (ret->data == NULL))
+ {
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ s=(unsigned char *)OPENSSL_malloc((int)len + 1);
+ if (s == NULL)
+ {
+ i=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ }
+ else
+ s=ret->data;
+ memcpy(s,p,(int)len);
+ s[len] = '\0';
+ p+=len;
+ }
+ else
+ {
+ s=NULL;
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ }
+
+ ret->length=(int)len;
+ ret->data=s;
+ ret->type=Ptag;
+ }
+
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_STRING_free(ret);
+ ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+ return(NULL);
+ }
+
+
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh <paul.keogh at sse.ie>, many thanks to him */
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+ {
+ ASN1_STRING *os=NULL;
+ BUF_MEM b;
+ int num;
+
+ b.length=0;
+ b.max=0;
+ b.data=NULL;
+
+ if (a == NULL)
+ {
+ c->error=ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ num=0;
+ for (;;)
+ {
+ if (c->inf & 1)
+ {
+ c->eos=ASN1_const_check_infinite_end(&c->p,
+ (long)(c->max-c->p));
+ if (c->eos) break;
+ }
+ else
+ {
+ if (c->slen <= 0) break;
+ }
+
+ c->q=c->p;
+ if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+ == NULL)
+ {
+ c->error=ERR_R_ASN1_LIB;
+ goto err;
+ }
+
+ if (!BUF_MEM_grow_clean(&b,num+os->length))
+ {
+ c->error=ERR_R_BUF_LIB;
+ goto err;
+ }
+ memcpy(&(b.data[num]),os->data,os->length);
+ if (!(c->inf & 1))
+ c->slen-=(c->p-c->q);
+ num+=os->length;
+ }
+
+ if (!asn1_const_Finish(c)) goto err;
+
+ a->length=num;
+ if (a->data != NULL) OPENSSL_free(a->data);
+ a->data=(unsigned char *)b.data;
+ if (os != NULL) ASN1_STRING_free(os);
+ return(1);
+err:
+ ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
+ if (os != NULL) ASN1_STRING_free(os);
+ if (b.data != NULL) OPENSSL_free(b.data);
+ return(0);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,286 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
+
+void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
+ {
+ BIO *b;
+ void *ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+ return(NULL);
+ }
+ BIO_set_fp(b,in,BIO_NOCLOSE);
+ ret=ASN1_d2i_bio(xnew,d2i,b,x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
+ {
+ BUF_MEM *b = NULL;
+ const unsigned char *p;
+ void *ret=NULL;
+ int len;
+
+ len = asn1_d2i_read_bio(in, &b);
+ if(len < 0) goto err;
+
+ p=(unsigned char *)b->data;
+ ret=d2i(x,&p,len);
+err:
+ if (b != NULL) BUF_MEM_free(b);
+ return(ret);
+ }
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+ {
+ BUF_MEM *b = NULL;
+ const unsigned char *p;
+ void *ret=NULL;
+ int len;
+
+ len = asn1_d2i_read_bio(in, &b);
+ if(len < 0) goto err;
+
+ p=(const unsigned char *)b->data;
+ ret=ASN1_item_d2i(x,&p,len, it);
+err:
+ if (b != NULL) BUF_MEM_free(b);
+ return(ret);
+ }
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+ {
+ BIO *b;
+ char *ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
+ return(NULL);
+ }
+ BIO_set_fp(b,in,BIO_NOCLOSE);
+ ret=ASN1_item_d2i_bio(it,b,x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+#define HEADER_SIZE 8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+ {
+ BUF_MEM *b;
+ unsigned char *p;
+ int i;
+ ASN1_const_CTX c;
+ size_t want=HEADER_SIZE;
+ int eos=0;
+ size_t off=0;
+ size_t len=0;
+
+ b=BUF_MEM_new();
+ if (b == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ ERR_clear_error();
+ for (;;)
+ {
+ if (want >= (len-off))
+ {
+ want-=(len-off);
+
+ if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ i=BIO_read(in,&(b->data[len]),want);
+ if ((i < 0) && ((len-off) == 0))
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
+ if (i > 0)
+ {
+ if (len+i < len)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+ len+=i;
+ }
+ }
+ /* else data already loaded */
+
+ p=(unsigned char *)&(b->data[off]);
+ c.p=p;
+ c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+ len-off);
+ if (c.inf & 0x80)
+ {
+ unsigned long e;
+
+ e=ERR_GET_REASON(ERR_peek_error());
+ if (e != ASN1_R_TOO_LONG)
+ goto err;
+ else
+ ERR_clear_error(); /* clear error */
+ }
+ i=c.p-p;/* header length */
+ off+=i; /* end of data */
+
+ if (c.inf & 1)
+ {
+ /* no data body so go round again */
+ eos++;
+ if (eos < 0)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
+ goto err;
+ }
+ want=HEADER_SIZE;
+ }
+ else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+ {
+ /* eos value, so go back and read another header */
+ eos--;
+ if (eos <= 0)
+ break;
+ else
+ want=HEADER_SIZE;
+ }
+ else
+ {
+ /* suck in c.slen bytes of data */
+ want=c.slen;
+ if (want > (len-off))
+ {
+ want-=(len-off);
+ if (want > INT_MAX /* BIO_read takes an int length */ ||
+ len+want < len)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+ if (!BUF_MEM_grow_clean(b,len+want))
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ while (want > 0)
+ {
+ i=BIO_read(in,&(b->data[len]),want);
+ if (i <= 0)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
+ /* This can't overflow because
+ * |len+want| didn't overflow. */
+ len+=i;
+ want-=i;
+ }
+ }
+ if (off + c.slen < off)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+ off+=c.slen;
+ if (eos <= 0)
+ {
+ break;
+ }
+ else
+ want=HEADER_SIZE;
+ }
+ }
+
+ if (off > INT_MAX)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+
+ *pb = b;
+ return off;
+err:
+ if (b != NULL) BUF_MEM_free(b);
+ return -1;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_digest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_digest.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_digest.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,111 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+ unsigned char *md, unsigned int *len)
+ {
+ int i;
+ unsigned char *str,*p;
+
+ i=i2d(data,NULL);
+ if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ p=str;
+ i2d(data,&p);
+
+ EVP_Digest(str, i, md, len, type, NULL);
+ OPENSSL_free(str);
+ return(1);
+ }
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+ unsigned char *md, unsigned int *len)
+ {
+ int i;
+ unsigned char *str = NULL;
+
+ i=ASN1_item_i2d(asn,&str, it);
+ if (!str) return(0);
+
+ EVP_Digest(str, i, md, len, type, NULL);
+ OPENSSL_free(str);
+ return(1);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/a_dup.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_dup.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_dup.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,109 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+ {
+ unsigned char *b,*p;
+ const unsigned char *p2;
+ int i;
+ char *ret;
+
+ if (x == NULL) return(NULL);
+
+ i=i2d(x,NULL);
+ b=OPENSSL_malloc(i+10);
+ if (b == NULL)
+ { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+ p= b;
+ i=i2d(x,&p);
+ p2= b;
+ ret=d2i(NULL,&p2,i);
+ OPENSSL_free(b);
+ return(ret);
+ }
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+ {
+ unsigned char *b = NULL;
+ const unsigned char *p;
+ long i;
+ void *ret;
+
+ if (x == NULL) return(NULL);
+
+ i=ASN1_item_i2d(x,&b,it);
+ if (b == NULL)
+ { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+ p= b;
+ ret=ASN1_item_d2i(NULL,&p,i, it);
+ OPENSSL_free(b);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_enum.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_enum.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,182 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+/*
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+ {
+ int j,k;
+ unsigned int i;
+ unsigned char buf[sizeof(long)+1];
+ long d;
+
+ a->type=V_ASN1_ENUMERATED;
+ if (a->length < (int)(sizeof(long)+1))
+ {
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+ memset((char *)a->data,0,sizeof(long)+1);
+ }
+ if (a->data == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ d=v;
+ if (d < 0)
+ {
+ d= -d;
+ a->type=V_ASN1_NEG_ENUMERATED;
+ }
+
+ for (i=0; i<sizeof(long); i++)
+ {
+ if (d == 0) break;
+ buf[i]=(int)d&0xff;
+ d>>=8;
+ }
+ j=0;
+ for (k=i-1; k >=0; k--)
+ a->data[j++]=buf[k];
+ a->length=j;
+ return(1);
+ }
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+ {
+ int neg=0,i;
+ long r=0;
+
+ if (a == NULL) return(0L);
+ i=a->type;
+ if (i == V_ASN1_NEG_ENUMERATED)
+ neg=1;
+ else if (i != V_ASN1_ENUMERATED)
+ return -1;
+
+ if (a->length > (int)sizeof(long))
+ {
+ /* hmm... a bit ugly */
+ return(0xffffffffL);
+ }
+ if (a->data == NULL)
+ return 0;
+
+ for (i=0; i<a->length; i++)
+ {
+ r<<=8;
+ r|=(unsigned char)a->data[i];
+ }
+ if (neg) r= -r;
+ return(r);
+ }
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+ {
+ ASN1_ENUMERATED *ret;
+ int len,j;
+
+ if (ai == NULL)
+ ret=M_ASN1_ENUMERATED_new();
+ else
+ ret=ai;
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+ else ret->type=V_ASN1_ENUMERATED;
+ j=BN_num_bits(bn);
+ len=((j == 0)?0:((j/8)+1));
+ if (ret->length < len+4)
+ {
+ unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+ if (!new_data)
+ {
+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->data=new_data;
+ }
+
+ ret->length=BN_bn2bin(bn,ret->data);
+ return(ret);
+err:
+ if (ret != ai) M_ASN1_ENUMERATED_free(ret);
+ return(NULL);
+ }
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+ {
+ BIGNUM *ret;
+
+ if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+ else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,246 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+ {
+#ifdef CHARSET_EBCDIC
+ /* KLUDGE! We convert to ascii before writing DER */
+ int len;
+ char tmp[24];
+ ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+ len = tmpstr.length;
+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ tmpstr.data = tmp;
+
+ a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+ return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+ V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+ }
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+ unsigned char **pp, long length)
+ {
+ ASN1_GENERALIZEDTIME *ret=NULL;
+
+ ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+ V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+ return(NULL);
+ }
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+ if (!ASN1_GENERALIZEDTIME_check(ret))
+ {
+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+ goto err;
+ }
+
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_GENERALIZEDTIME_free(ret);
+ return(NULL);
+ }
+
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+ {
+ static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+ static int max[9]={99, 99,12,31,23,59,59,12,59};
+ char *a;
+ int n,i,l,o;
+
+ if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+ l=d->length;
+ a=(char *)d->data;
+ o=0;
+ /* GENERALIZEDTIME is similar to UTCTIME except the year is
+ * represented as YYYY. This stuff treats everything as a two digit
+ * field so make first two fields 00 to 99
+ */
+ if (l < 13) goto err;
+ for (i=0; i<7; i++)
+ {
+ if ((i == 6) && ((a[o] == 'Z') ||
+ (a[o] == '+') || (a[o] == '-')))
+ { i++; break; }
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n= a[o]-'0';
+ if (++o > l) goto err;
+
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n=(n*10)+ a[o]-'0';
+ if (++o > l) goto err;
+
+ if ((n < min[i]) || (n > max[i])) goto err;
+ }
+ /* Optional fractional seconds: decimal point followed by one
+ * or more digits.
+ */
+ if (a[o] == '.')
+ {
+ if (++o > l) goto err;
+ i = o;
+ while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+ o++;
+ /* Must have at least one digit after decimal point */
+ if (i == o) goto err;
+ }
+
+ if (a[o] == 'Z')
+ o++;
+ else if ((a[o] == '+') || (a[o] == '-'))
+ {
+ o++;
+ if (o+4 > l) goto err;
+ for (i=7; i<9; i++)
+ {
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n= a[o]-'0';
+ o++;
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n=(n*10)+ a[o]-'0';
+ if ((n < min[i]) || (n > max[i])) goto err;
+ o++;
+ }
+ }
+ return(o == l);
+err:
+ return(0);
+ }
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+ {
+ ASN1_GENERALIZEDTIME t;
+
+ t.type=V_ASN1_GENERALIZEDTIME;
+ t.length=strlen(str);
+ t.data=(unsigned char *)str;
+ if (ASN1_GENERALIZEDTIME_check(&t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
+ s->type=V_ASN1_GENERALIZEDTIME;
+ }
+ return(1);
+ }
+ else
+ return(0);
+ }
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+ time_t t)
+ {
+ char *p;
+ struct tm *ts;
+ struct tm data;
+ size_t len = 20;
+
+ if (s == NULL)
+ s=M_ASN1_GENERALIZEDTIME_new();
+ if (s == NULL)
+ return(NULL);
+
+ ts=OPENSSL_gmtime(&t, &data);
+ if (ts == NULL)
+ return(NULL);
+
+ p=(char *)s->data;
+ if ((p == NULL) || ((size_t)s->length < len))
+ {
+ p=OPENSSL_malloc(len);
+ if (p == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+ ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ if (s->data != NULL)
+ OPENSSL_free(s->data);
+ s->data=(unsigned char *)p;
+ }
+
+ BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ s->length=strlen(p);
+ s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+ ebcdic2ascii(s->data, s->data, s->length);
+#endif
+ return(s);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
+
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(a->data, a->meth->i2d);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(a->data, a->meth->i2d);
+
+ M_ASN1_I2D_finish();
+ }
+
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
+ if (ret->meth != NULL)
+ {
+ M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
+ }
+ else
+ {
+ if (a != NULL) (*a)=ret;
+ return(ret);
+ }
+ M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+ }
+
+ASN1_HEADER *ASN1_HEADER_new(void)
+ {
+ ASN1_HEADER *ret=NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret,ASN1_HEADER);
+ M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
+ ret->meth=NULL;
+ ret->data=NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+ }
+
+void ASN1_HEADER_free(ASN1_HEADER *a)
+ {
+ if (a == NULL) return;
+ M_ASN1_OCTET_STRING_free(a->header);
+ if (a->meth != NULL)
+ a->meth->destroy(a->data);
+ OPENSSL_free(a);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,163 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,out,BIO_NOCLOSE);
+ ret=ASN1_i2d_bio(i2d,b,x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+ {
+ char *b;
+ unsigned char *p;
+ int i,j=0,n,ret=1;
+
+ n=i2d(x,NULL);
+ b=(char *)OPENSSL_malloc(n);
+ if (b == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+ p=(unsigned char *)b;
+ i2d(x,&p);
+
+ for (;;)
+ {
+ i=BIO_write(out,&(b[j]),n);
+ if (i == n) break;
+ if (i <= 0)
+ {
+ ret=0;
+ break;
+ }
+ j+=i;
+ n-=i;
+ }
+ OPENSSL_free(b);
+ return(ret);
+ }
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,out,BIO_NOCLOSE);
+ ret=ASN1_item_i2d_bio(it,b,x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+ {
+ unsigned char *b = NULL;
+ int i,j=0,n,ret=1;
+
+ n = ASN1_item_i2d(x, &b, it);
+ if (b == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+ for (;;)
+ {
+ i=BIO_write(out,&(b[j]),n);
+ if (i == n) break;
+ if (i <= 0)
+ {
+ ret=0;
+ break;
+ }
+ j+=i;
+ n-=i;
+ }
+ OPENSSL_free(b);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_int.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_int.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,458 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+{ return M_ASN1_INTEGER_dup(x);}
+
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+ {
+ int neg, ret;
+ /* Compare signs */
+ neg = x->type & V_ASN1_NEG;
+ if (neg != (y->type & V_ASN1_NEG))
+ {
+ if (neg)
+ return -1;
+ else
+ return 1;
+ }
+
+ ret = ASN1_STRING_cmp(x, y);
+
+ if (neg)
+ return -ret;
+ else
+ return ret;
+ }
+
+
+/*
+ * This converts an ASN1 INTEGER into its content encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+ {
+ int pad=0,ret,i,neg;
+ unsigned char *p,*n,pb=0;
+
+ if (a == NULL) return(0);
+ neg=a->type & V_ASN1_NEG;
+ if (a->length == 0)
+ ret=1;
+ else
+ {
+ ret=a->length;
+ i=a->data[0];
+ if (!neg && (i > 127)) {
+ pad=1;
+ pb=0;
+ } else if(neg) {
+ if(i>128) {
+ pad=1;
+ pb=0xFF;
+ } else if(i == 128) {
+ /*
+ * Special case: if any other bytes non zero we pad:
+ * otherwise we don't.
+ */
+ for(i = 1; i < a->length; i++) if(a->data[i]) {
+ pad=1;
+ pb=0xFF;
+ break;
+ }
+ }
+ }
+ ret+=pad;
+ }
+ if (pp == NULL) return(ret);
+ p= *pp;
+
+ if (pad) *(p++)=pb;
+ if (a->length == 0) *(p++)=0;
+ else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
+ else {
+ /* Begin at the end of the encoding */
+ n=a->data + a->length - 1;
+ p += a->length - 1;
+ i = a->length;
+ /* Copy zeros to destination as long as source is zero */
+ while(!*n) {
+ *(p--) = 0;
+ n--;
+ i--;
+ }
+ /* Complement and increment next octet */
+ *(p--) = ((*(n--)) ^ 0xff) + 1;
+ i--;
+ /* Complement any octets left */
+ for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+ }
+
+ *pp+=ret;
+ return(ret);
+ }
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long len)
+ {
+ ASN1_INTEGER *ret=NULL;
+ const unsigned char *p, *pend;
+ unsigned char *to,*s;
+ int i;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+ ret->type=V_ASN1_INTEGER;
+ }
+ else
+ ret=(*a);
+
+ p= *pp;
+ pend = p + len;
+
+ /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+ * signifies a missing NULL parameter. */
+ s=(unsigned char *)OPENSSL_malloc((int)len+1);
+ if (s == NULL)
+ {
+ i=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ to=s;
+ if(!len) {
+ /* Strictly speaking this is an illegal INTEGER but we
+ * tolerate it.
+ */
+ ret->type=V_ASN1_INTEGER;
+ } else if (*p & 0x80) /* a negative number */
+ {
+ ret->type=V_ASN1_NEG_INTEGER;
+ if ((*p == 0xff) && (len != 1)) {
+ p++;
+ len--;
+ }
+ i = len;
+ p += i - 1;
+ to += i - 1;
+ while((!*p) && i) {
+ *(to--) = 0;
+ i--;
+ p--;
+ }
+ /* Special case: if all zeros then the number will be of
+ * the form FF followed by n zero bytes: this corresponds to
+ * 1 followed by n zero bytes. We've already written n zeros
+ * so we just append an extra one and set the first byte to
+ * a 1. This is treated separately because it is the only case
+ * where the number of bytes is larger than len.
+ */
+ if(!i) {
+ *s = 1;
+ s[len] = 0;
+ len++;
+ } else {
+ *(to--) = (*(p--) ^ 0xff) + 1;
+ i--;
+ for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+ }
+ } else {
+ ret->type=V_ASN1_INTEGER;
+ if ((*p == 0) && (len != 1))
+ {
+ p++;
+ len--;
+ }
+ memcpy(s,p,(int)len);
+ }
+
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ ret->data=s;
+ ret->length=(int)len;
+ if (a != NULL) (*a)=ret;
+ *pp=pend;
+ return(ret);
+err:
+ ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_INTEGER_free(ret);
+ return(NULL);
+ }
+
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length)
+ {
+ ASN1_INTEGER *ret=NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf,tag,xclass;
+ int i;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+ ret->type=V_ASN1_INTEGER;
+ }
+ else
+ ret=(*a);
+
+ p= *pp;
+ inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (inf & 0x80)
+ {
+ i=ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_INTEGER)
+ {
+ i=ASN1_R_EXPECTING_AN_INTEGER;
+ goto err;
+ }
+
+ /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+ * signifies a missing NULL parameter. */
+ s=(unsigned char *)OPENSSL_malloc((int)len+1);
+ if (s == NULL)
+ {
+ i=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ ret->type=V_ASN1_INTEGER;
+ if(len) {
+ if ((*p == 0) && (len != 1))
+ {
+ p++;
+ len--;
+ }
+ memcpy(s,p,(int)len);
+ p+=len;
+ }
+
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ ret->data=s;
+ ret->length=(int)len;
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_INTEGER_free(ret);
+ return(NULL);
+ }
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+ {
+ int j,k;
+ unsigned int i;
+ unsigned char buf[sizeof(long)+1];
+ long d;
+
+ a->type=V_ASN1_INTEGER;
+ if (a->length < (int)(sizeof(long)+1))
+ {
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+ memset((char *)a->data,0,sizeof(long)+1);
+ }
+ if (a->data == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ d=v;
+ if (d < 0)
+ {
+ d= -d;
+ a->type=V_ASN1_NEG_INTEGER;
+ }
+
+ for (i=0; i<sizeof(long); i++)
+ {
+ if (d == 0) break;
+ buf[i]=(int)d&0xff;
+ d>>=8;
+ }
+ j=0;
+ for (k=i-1; k >=0; k--)
+ a->data[j++]=buf[k];
+ a->length=j;
+ return(1);
+ }
+
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
+ {
+ int neg=0,i;
+ long r=0;
+
+ if (a == NULL) return(0L);
+ i=a->type;
+ if (i == V_ASN1_NEG_INTEGER)
+ neg=1;
+ else if (i != V_ASN1_INTEGER)
+ return -1;
+
+ if (a->length > (int)sizeof(long))
+ {
+ /* hmm... a bit ugly */
+ return(0xffffffffL);
+ }
+ if (a->data == NULL)
+ return 0;
+
+ for (i=0; i<a->length; i++)
+ {
+ r<<=8;
+ r|=(unsigned char)a->data[i];
+ }
+ if (neg) r= -r;
+ return(r);
+ }
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+ {
+ ASN1_INTEGER *ret;
+ int len,j;
+
+ if (ai == NULL)
+ ret=M_ASN1_INTEGER_new();
+ else
+ ret=ai;
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if (BN_is_negative(bn))
+ ret->type = V_ASN1_NEG_INTEGER;
+ else ret->type=V_ASN1_INTEGER;
+ j=BN_num_bits(bn);
+ len=((j == 0)?0:((j/8)+1));
+ if (ret->length < len+4)
+ {
+ unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+ if (!new_data)
+ {
+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->data=new_data;
+ }
+ ret->length=BN_bn2bin(bn,ret->data);
+ /* Correct zero case */
+ if(!ret->length)
+ {
+ ret->data[0] = 0;
+ ret->length = 1;
+ }
+ return(ret);
+err:
+ if (ret != ai) M_ASN1_INTEGER_free(ret);
+ return(NULL);
+ }
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+ {
+ BIGNUM *ret;
+
+ if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+ else if(ai->type == V_ASN1_NEG_INTEGER)
+ BN_set_negative(ret, 1);
+ return(ret);
+ }
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
Added: vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,400 @@
+/* a_mbstr.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc)(unsigned long value, void *in), void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/* These functions take a string in UTF8, ASCII or multibyte form and
+ * a mask of permissible ASN1 string types. It then works out the minimal
+ * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data.
+ * Yes this is horrible: it has to be :-(
+ * The 'ncopy' form checks minimum and maximum size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask)
+{
+ return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize)
+{
+ int str_type;
+ int ret;
+ char free_out;
+ int outform, outlen = 0;
+ ASN1_STRING *dest;
+ unsigned char *p;
+ int nchar;
+ char strbuf[32];
+ int (*cpyfunc)(unsigned long,void *) = NULL;
+ if(len == -1) len = strlen((const char *)in);
+ if(!mask) mask = DIRSTRING_TYPE;
+
+ /* First do a string check and work out the number of characters */
+ switch(inform) {
+
+ case MBSTRING_BMP:
+ if(len & 1) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ASN1_R_INVALID_BMPSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 1;
+ break;
+
+ case MBSTRING_UNIV:
+ if(len & 3) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 2;
+ break;
+
+ case MBSTRING_UTF8:
+ nchar = 0;
+ /* This counts the characters and does utf8 syntax checking */
+ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+ if(ret < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ASN1_R_INVALID_UTF8STRING);
+ return -1;
+ }
+ break;
+
+ case MBSTRING_ASC:
+ nchar = len;
+ break;
+
+ default:
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+ return -1;
+ }
+
+ if((minsize > 0) && (nchar < minsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+ ERR_add_error_data(2, "minsize=", strbuf);
+ return -1;
+ }
+
+ if((maxsize > 0) && (nchar > maxsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+ ERR_add_error_data(2, "maxsize=", strbuf);
+ return -1;
+ }
+
+ /* Now work out minimal type (if any) */
+ if(traverse_string(in, len, inform, type_str, &mask) < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+ return -1;
+ }
+
+
+ /* Now work out output format and string type */
+ outform = MBSTRING_ASC;
+ if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
+ else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
+ else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
+ else if(mask & B_ASN1_BMPSTRING) {
+ str_type = V_ASN1_BMPSTRING;
+ outform = MBSTRING_BMP;
+ } else if(mask & B_ASN1_UNIVERSALSTRING) {
+ str_type = V_ASN1_UNIVERSALSTRING;
+ outform = MBSTRING_UNIV;
+ } else {
+ str_type = V_ASN1_UTF8STRING;
+ outform = MBSTRING_UTF8;
+ }
+ if(!out) return str_type;
+ if(*out) {
+ free_out = 0;
+ dest = *out;
+ if(dest->data) {
+ dest->length = 0;
+ OPENSSL_free(dest->data);
+ dest->data = NULL;
+ }
+ dest->type = str_type;
+ } else {
+ free_out = 1;
+ dest = ASN1_STRING_type_new(str_type);
+ if(!dest) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ *out = dest;
+ }
+ /* If both the same type just copy across */
+ if(inform == outform) {
+ if(!ASN1_STRING_set(dest, in, len)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ return str_type;
+ }
+
+ /* Work out how much space the destination will need */
+ switch(outform) {
+ case MBSTRING_ASC:
+ outlen = nchar;
+ cpyfunc = cpy_asc;
+ break;
+
+ case MBSTRING_BMP:
+ outlen = nchar << 1;
+ cpyfunc = cpy_bmp;
+ break;
+
+ case MBSTRING_UNIV:
+ outlen = nchar << 2;
+ cpyfunc = cpy_univ;
+ break;
+
+ case MBSTRING_UTF8:
+ outlen = 0;
+ traverse_string(in, len, inform, out_utf8, &outlen);
+ cpyfunc = cpy_utf8;
+ break;
+ }
+ if(!(p = OPENSSL_malloc(outlen + 1))) {
+ if(free_out) ASN1_STRING_free(dest);
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dest->length = outlen;
+ dest->data = p;
+ p[outlen] = 0;
+ traverse_string(in, len, inform, cpyfunc, &p);
+ return str_type;
+}
+
+/* This function traverses a string and passes the value of each character
+ * to an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc)(unsigned long value, void *in), void *arg)
+{
+ unsigned long value;
+ int ret;
+ while(len) {
+ if(inform == MBSTRING_ASC) {
+ value = *p++;
+ len--;
+ } else if(inform == MBSTRING_BMP) {
+ value = *p++ << 8;
+ value |= *p++;
+ len -= 2;
+ } else if(inform == MBSTRING_UNIV) {
+ value = ((unsigned long)*p++) << 24;
+ value |= ((unsigned long)*p++) << 16;
+ value |= *p++ << 8;
+ value |= *p++;
+ len -= 4;
+ } else {
+ ret = UTF8_getc(p, len, &value);
+ if(ret < 0) return -1;
+ len -= ret;
+ p += ret;
+ }
+ if(rfunc) {
+ ret = rfunc(value, arg);
+ if(ret <= 0) return ret;
+ }
+ }
+ return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+ int *nchar;
+ nchar = arg;
+ (*nchar)++;
+ return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+ int *outlen;
+ outlen = arg;
+ *outlen += UTF8_putc(NULL, -1, value);
+ return 1;
+}
+
+/* Determine the "type" of a string: check each character against a
+ * supplied "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+ unsigned long types;
+ types = *((unsigned long *)arg);
+ if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+ types &= ~B_ASN1_PRINTABLESTRING;
+ if((types & B_ASN1_IA5STRING) && (value > 127))
+ types &= ~B_ASN1_IA5STRING;
+ if((types & B_ASN1_T61STRING) && (value > 0xff))
+ types &= ~B_ASN1_T61STRING;
+ if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+ types &= ~B_ASN1_BMPSTRING;
+ if(!types) return -1;
+ *((unsigned long *)arg) = types;
+ return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q = (unsigned char) value;
+ (*p)++;
+ return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char) ((value >> 8) & 0xff);
+ *q = (unsigned char) (value & 0xff);
+ *p += 2;
+ return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char) ((value >> 24) & 0xff);
+ *q++ = (unsigned char) ((value >> 16) & 0xff);
+ *q++ = (unsigned char) ((value >> 8) & 0xff);
+ *q = (unsigned char) (value & 0xff);
+ *p += 4;
+ return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+ unsigned char **p;
+ int ret;
+ p = arg;
+ /* We already know there is enough room so pass 0xff as the length */
+ ret = UTF8_putc(*p, 0xff, value);
+ *p += ret;
+ return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+ int ch;
+ if(value > 0x7f) return 0;
+ ch = (int) value;
+ /* Note: we can't use 'isalnum' because certain accented
+ * characters may count as alphanumeric in some environments.
+ */
+#ifndef CHARSET_EBCDIC
+ if((ch >= 'a') && (ch <= 'z')) return 1;
+ if((ch >= 'A') && (ch <= 'Z')) return 1;
+ if((ch >= '0') && (ch <= '9')) return 1;
+ if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+#else /*CHARSET_EBCDIC*/
+ if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
+ if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
+ if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
+ if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
+#endif /*CHARSET_EBCDIC*/
+ return 0;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/a_meth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_meth.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_meth.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+static ASN1_METHOD ia5string_meth={
+ (I2D_OF(void)) i2d_ASN1_IA5STRING,
+ (D2I_OF(void)) d2i_ASN1_IA5STRING,
+ (void *(*)(void))ASN1_STRING_new,
+ (void (*)(void *))ASN1_STRING_free};
+
+static ASN1_METHOD bit_string_meth={
+ (I2D_OF(void)) i2d_ASN1_BIT_STRING,
+ (D2I_OF(void)) d2i_ASN1_BIT_STRING,
+ (void *(*)(void))ASN1_STRING_new,
+ (void (*)(void *))ASN1_STRING_free};
+
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
+ {
+ return(&ia5string_meth);
+ }
+
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
+ {
+ return(&bit_string_meth);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_object.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_object.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_object.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,409 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+ {
+ unsigned char *p;
+ int objsize;
+
+ if ((a == NULL) || (a->data == NULL)) return(0);
+
+ objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
+ if (pp == NULL) return objsize;
+
+ p= *pp;
+ ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+ memcpy(p,a->data,a->length);
+ p+=a->length;
+
+ *pp=p;
+ return(objsize);
+ }
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+ {
+ int i,first,len=0,c, use_bn;
+ char ftmp[24], *tmp = ftmp;
+ int tmpsize = sizeof ftmp;
+ const char *p;
+ unsigned long l;
+ BIGNUM *bl = NULL;
+
+ if (num == 0)
+ return(0);
+ else if (num == -1)
+ num=strlen(buf);
+
+ p=buf;
+ c= *(p++);
+ num--;
+ if ((c >= '0') && (c <= '2'))
+ {
+ first= c-'0';
+ }
+ else
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+ goto err;
+ }
+
+ if (num <= 0)
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+ goto err;
+ }
+ c= *(p++);
+ num--;
+ for (;;)
+ {
+ if (num <= 0) break;
+ if ((c != '.') && (c != ' '))
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+ goto err;
+ }
+ l=0;
+ use_bn = 0;
+ for (;;)
+ {
+ if (num <= 0) break;
+ num--;
+ c= *(p++);
+ if ((c == ' ') || (c == '.'))
+ break;
+ if ((c < '0') || (c > '9'))
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+ goto err;
+ }
+ if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
+ {
+ use_bn = 1;
+ if (!bl)
+ bl = BN_new();
+ if (!bl || !BN_set_word(bl, l))
+ goto err;
+ }
+ if (use_bn)
+ {
+ if (!BN_mul_word(bl, 10L)
+ || !BN_add_word(bl, c-'0'))
+ goto err;
+ }
+ else
+ l=l*10L+(long)(c-'0');
+ }
+ if (len == 0)
+ {
+ if ((first < 2) && (l >= 40))
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+ goto err;
+ }
+ if (use_bn)
+ {
+ if (!BN_add_word(bl, first * 40))
+ goto err;
+ }
+ else
+ l+=(long)first*40;
+ }
+ i=0;
+ if (use_bn)
+ {
+ int blsize;
+ blsize = BN_num_bits(bl);
+ blsize = (blsize + 6)/7;
+ if (blsize > tmpsize)
+ {
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ tmpsize = blsize + 32;
+ tmp = OPENSSL_malloc(tmpsize);
+ if (!tmp)
+ goto err;
+ }
+ while(blsize--)
+ tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+ }
+ else
+ {
+
+ for (;;)
+ {
+ tmp[i++]=(unsigned char)l&0x7f;
+ l>>=7L;
+ if (l == 0L) break;
+ }
+
+ }
+ if (out != NULL)
+ {
+ if (len+i > olen)
+ {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+ goto err;
+ }
+ while (--i > 0)
+ out[len++]=tmp[i]|0x80;
+ out[len++]=tmp[0];
+ }
+ else
+ len+=i;
+ }
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ if (bl)
+ BN_free(bl);
+ return(len);
+err:
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ if (bl)
+ BN_free(bl);
+ return(0);
+ }
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+ return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+ {
+ char buf[80], *p = buf;
+ int i;
+
+ if ((a == NULL) || (a->data == NULL))
+ return(BIO_write(bp,"NULL",4));
+ i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+ if (i > (int)(sizeof(buf) - 1))
+ {
+ p = OPENSSL_malloc(i + 1);
+ if (!p)
+ return -1;
+ i2t_ASN1_OBJECT(p,i + 1,a);
+ }
+ if (i <= 0)
+ return BIO_write(bp, "<INVALID>", 9);
+ BIO_write(bp,p,i);
+ if (p != buf)
+ OPENSSL_free(p);
+ return(i);
+ }
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length)
+{
+ const unsigned char *p;
+ long len;
+ int tag,xclass;
+ int inf,i;
+ ASN1_OBJECT *ret = NULL;
+ p= *pp;
+ inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (inf & 0x80)
+ {
+ i=ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_OBJECT)
+ {
+ i=ASN1_R_EXPECTING_AN_OBJECT;
+ goto err;
+ }
+ ret = c2i_ASN1_OBJECT(a, &p, len);
+ if(ret) *pp = p;
+ return ret;
+err:
+ ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_OBJECT_free(ret);
+ return(NULL);
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long len)
+ {
+ ASN1_OBJECT *ret=NULL;
+ const unsigned char *p;
+ int i, length;
+
+ /* Sanity check OID encoding.
+ * Need at least one content octet.
+ * MSB must be clear in the last octet.
+ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
+ */
+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+ p[len - 1] & 0x80)
+ {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+ return NULL;
+ }
+ /* Now 0 < len <= INT_MAX, so the cast is safe. */
+ length = (int)len;
+ for (i = 0; i < length; i++, p++)
+ {
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+ {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+ return NULL;
+ }
+ }
+
+ /* only the ASN1_OBJECTs from the 'table' will have values
+ * for ->sn or ->ln */
+ if ((a == NULL) || ((*a) == NULL) ||
+ !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+ {
+ if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+ }
+ else ret=(*a);
+
+ p= *pp;
+ if ((ret->data == NULL) || (ret->length < length))
+ {
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+ ret->data=(unsigned char *)OPENSSL_malloc(length);
+ ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+ if (ret->data == NULL)
+ { i=ERR_R_MALLOC_FAILURE; goto err; }
+ }
+ memcpy(ret->data,p,length);
+ ret->length=length;
+ ret->sn=NULL;
+ ret->ln=NULL;
+ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+ p+=length;
+
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+ return(ret);
+err:
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_OBJECT_free(ret);
+ return(NULL);
+ }
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+ {
+ ASN1_OBJECT *ret;
+
+ ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->length=0;
+ ret->data=NULL;
+ ret->nid=0;
+ ret->sn=NULL;
+ ret->ln=NULL;
+ ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+ return(ret);
+ }
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+ {
+ if (a == NULL) return;
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+ {
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
+ if (a->sn != NULL) OPENSSL_free((void *)a->sn);
+ if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+#endif
+ a->sn=a->ln=NULL;
+ }
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+ {
+ if (a->data != NULL) OPENSSL_free(a->data);
+ a->data=NULL;
+ a->length=0;
+ }
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+ OPENSSL_free(a);
+ }
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+ const char *sn, const char *ln)
+ {
+ ASN1_OBJECT o;
+
+ o.sn=sn;
+ o.ln=ln;
+ o.data=data;
+ o.nid=nid;
+ o.length=len;
+ o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+ ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+ return(OBJ_dup(&o));
+ }
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
Added: vendor-crypto/openssl/dist/crypto/asn1/a_octet.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_octet.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_octet.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,71 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+{ return M_ASN1_OCTET_STRING_dup(x); }
+
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+{ return M_ASN1_OCTET_STRING_cmp(a, b); }
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
+{ return M_ASN1_OCTET_STRING_set(x, d, len); }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/a_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_print.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_print.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,127 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+ {
+ int c;
+ int ia5=0;
+ int t61=0;
+
+ if (len <= 0) len= -1;
+ if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+
+ while ((*s) && (len-- != 0))
+ {
+ c= *(s++);
+#ifndef CHARSET_EBCDIC
+ if (!( ((c >= 'a') && (c <= 'z')) ||
+ ((c >= 'A') && (c <= 'Z')) ||
+ (c == ' ') ||
+ ((c >= '0') && (c <= '9')) ||
+ (c == ' ') || (c == '\'') ||
+ (c == '(') || (c == ')') ||
+ (c == '+') || (c == ',') ||
+ (c == '-') || (c == '.') ||
+ (c == '/') || (c == ':') ||
+ (c == '=') || (c == '?')))
+ ia5=1;
+ if (c&0x80)
+ t61=1;
+#else
+ if (!isalnum(c) && (c != ' ') &&
+ strchr("'()+,-./:=?", c) == NULL)
+ ia5=1;
+ if (os_toascii[c] & 0x80)
+ t61=1;
+#endif
+ }
+ if (t61) return(V_ASN1_T61STRING);
+ if (ia5) return(V_ASN1_IA5STRING);
+ return(V_ASN1_PRINTABLESTRING);
+ }
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+ {
+ int i;
+ unsigned char *p;
+
+ if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+ if ((s->length%4) != 0) return(0);
+ p=s->data;
+ for (i=0; i<s->length; i+=4)
+ {
+ if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+ break;
+ else
+ p+=4;
+ }
+ if (i < s->length) return(0);
+ p=s->data;
+ for (i=3; i<s->length; i+=4)
+ {
+ *(p++)=s->data[i];
+ }
+ *(p)='\0';
+ s->length/=4;
+ s->type=ASN1_PRINTABLE_type(s->data,s->length);
+ return(1);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_set.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_set.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_set.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,238 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct
+ {
+ unsigned char *pbData;
+ int cbData;
+ } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+ {
+ const MYBLOB *b1 = (const MYBLOB *)elem1;
+ const MYBLOB *b2 = (const MYBLOB *)elem2;
+ int r;
+
+ r = memcmp(b1->pbData, b2->pbData,
+ b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+ if(r != 0)
+ return r;
+ return b1->cbData-b2->cbData;
+ }
+
+/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+ int ex_class, int is_set)
+ {
+ int ret=0,r;
+ int i;
+ unsigned char *p;
+ unsigned char *pStart, *pTempMem;
+ MYBLOB *rgSetBlob;
+ int totSize;
+
+ if (a == NULL) return(0);
+ for (i=sk_num(a)-1; i>=0; i--)
+ ret+=i2d(sk_value(a,i),NULL);
+ r=ASN1_object_size(1,ret,ex_tag);
+ if (pp == NULL) return(r);
+
+ p= *pp;
+ ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+
+/* Modified by gp at nsj.co.jp */
+ /* And then again by Ben */
+ /* And again by Steve */
+
+ if(!is_set || (sk_num(a) < 2))
+ {
+ for (i=0; i<sk_num(a); i++)
+ i2d(sk_value(a,i),&p);
+
+ *pp=p;
+ return(r);
+ }
+
+ pStart = p; /* Catch the beg of Setblobs*/
+ /* In this array we will store the SET blobs */
+ rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+ if (rgSetBlob == NULL)
+ {
+ ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+ for (i=0; i<sk_num(a); i++)
+ {
+ rgSetBlob[i].pbData = p; /* catch each set encode blob */
+ i2d(sk_value(a,i),&p);
+ rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+SetBlob
+*/
+ }
+ *pp=p;
+ totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /* Now we have to sort the blobs. I am using a simple algo.
+ *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+ qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+ if (!(pTempMem = OPENSSL_malloc(totSize)))
+ {
+ ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+/* Copy to temp mem */
+ p = pTempMem;
+ for(i=0; i<sk_num(a); ++i)
+ {
+ memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+ p += rgSetBlob[i].cbData;
+ }
+
+/* Copy back to user mem*/
+ memcpy(pStart, pTempMem, totSize);
+ OPENSSL_free(pTempMem);
+ OPENSSL_free(rgSetBlob);
+
+ return(r);
+ }
+
+STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+ d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
+ int ex_class)
+ {
+ ASN1_const_CTX c;
+ STACK *ret=NULL;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=sk_new_null()) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ else
+ ret=(*a);
+
+ c.p= *pp;
+ c.max=(length == 0)?0:(c.p+length);
+
+ c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
+ if (c.inf & 0x80) goto err;
+ if (ex_class != c.xclass)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
+ goto err;
+ }
+ if (ex_tag != c.tag)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
+ goto err;
+ }
+ if ((c.slen+c.p) > c.max)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+ goto err;
+ }
+ /* check for infinite constructed - it can be as long
+ * as the amount of data passed to us */
+ if (c.inf == (V_ASN1_CONSTRUCTED+1))
+ c.slen=length+ *pp-c.p;
+ c.max=c.p+c.slen;
+
+ while (c.p < c.max)
+ {
+ char *s;
+
+ if (M_ASN1_D2I_end_sequence()) break;
+ /* XXX: This was called with 4 arguments, incorrectly, it seems
+ if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
+ if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
+ asn1_add_error(*pp,(int)(c.q- *pp));
+ goto err;
+ }
+ if (!sk_push(ret,s)) goto err;
+ }
+ if (a != NULL) (*a)=ret;
+ *pp=c.p;
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ {
+ if (free_func != NULL)
+ sk_pop_free(ret,free_func);
+ else
+ sk_free(ret);
+ }
+ return(NULL);
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/a_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_sign.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_sign.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,300 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+ const EVP_MD *type)
+ {
+ EVP_MD_CTX ctx;
+ unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+ int i,inl=0,outl=0,outll=0;
+ X509_ALGOR *a;
+
+ EVP_MD_CTX_init(&ctx);
+ for (i=0; i<2; i++)
+ {
+ if (i == 0)
+ a=algor1;
+ else
+ a=algor2;
+ if (a == NULL) continue;
+ if (type->pkey_type == NID_dsaWithSHA1)
+ {
+ /* special case: RFC 2459 tells us to omit 'parameters'
+ * with id-dsa-with-sha1 */
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = NULL;
+ }
+ else if ((a->parameter == NULL) ||
+ (a->parameter->type != V_ASN1_NULL))
+ {
+ ASN1_TYPE_free(a->parameter);
+ if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+ a->parameter->type=V_ASN1_NULL;
+ }
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm=OBJ_nid2obj(type->pkey_type);
+ if (a->algorithm == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+ goto err;
+ }
+ if (a->algorithm->length == 0)
+ {
+ ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ goto err;
+ }
+ }
+ inl=i2d(data,NULL);
+ buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
+ outll=outl=EVP_PKEY_size(pkey);
+ buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+ if ((buf_in == NULL) || (buf_out == NULL))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p=buf_in;
+
+ i2d(data,&p);
+ EVP_SignInit_ex(&ctx,type, NULL);
+ EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+ if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+ (unsigned int *)&outl,pkey))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (signature->data != NULL) OPENSSL_free(signature->data);
+ signature->data=buf_out;
+ buf_out=NULL;
+ signature->length=outl;
+ /* In the interests of compatibility, I'll make sure that
+ * the bit string has a 'not-used bits' value of 0
+ */
+ signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+ EVP_MD_CTX_cleanup(&ctx);
+ if (buf_in != NULL)
+ { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+ if (buf_out != NULL)
+ { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+ return(outl);
+ }
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+ ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+ const EVP_MD *type)
+ {
+ EVP_MD_CTX ctx;
+ unsigned char *buf_in=NULL,*buf_out=NULL;
+ int i,inl=0,outl=0,outll=0;
+ X509_ALGOR *a;
+
+ EVP_MD_CTX_init(&ctx);
+ for (i=0; i<2; i++)
+ {
+ if (i == 0)
+ a=algor1;
+ else
+ a=algor2;
+ if (a == NULL) continue;
+ if (type->pkey_type == NID_dsaWithSHA1 ||
+ type->pkey_type == NID_ecdsa_with_SHA1)
+ {
+ /* special case: RFC 3279 tells us to omit 'parameters'
+ * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = NULL;
+ }
+ else if ((a->parameter == NULL) ||
+ (a->parameter->type != V_ASN1_NULL))
+ {
+ ASN1_TYPE_free(a->parameter);
+ if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+ a->parameter->type=V_ASN1_NULL;
+ }
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm=OBJ_nid2obj(type->pkey_type);
+ if (a->algorithm == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+ goto err;
+ }
+ if (a->algorithm->length == 0)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ goto err;
+ }
+ }
+ inl=ASN1_item_i2d(asn,&buf_in, it);
+ outll=outl=EVP_PKEY_size(pkey);
+ buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+ if ((buf_in == NULL) || (buf_out == NULL))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EVP_SignInit_ex(&ctx,type, NULL))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+ goto err;
+ }
+ EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+ if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+ (unsigned int *)&outl,pkey))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (signature->data != NULL) OPENSSL_free(signature->data);
+ signature->data=buf_out;
+ buf_out=NULL;
+ signature->length=outl;
+ /* In the interests of compatibility, I'll make sure that
+ * the bit string has a 'not-used bits' value of 0
+ */
+ signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+ EVP_MD_CTX_cleanup(&ctx);
+ if (buf_in != NULL)
+ { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+ if (buf_out != NULL)
+ { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+ return(outl);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_strex.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_strex.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_strex.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,575 @@
+/* a_strex.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
+ * Enhanced string and name printing routines handling
+ * multibyte characters, RFC2253 and a host of other
+ * options.
+ */
+
+
+#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB)
+
+
+/* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+#if 0 /* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
+{
+ unsigned char **out = arg;
+ if(!out) return 1;
+ memcpy(*out, buf, len);
+ *out += len;
+ return 1;
+}
+#endif
+
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+ if(!arg) return 1;
+ if(BIO_write(arg, buf, len) != len) return 0;
+ return 1;
+}
+
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+ if(!arg) return 1;
+ if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
+ return 1;
+}
+
+typedef int char_io(void *arg, const void *buf, int len);
+
+/* This function handles display of
+ * strings, one character at a time.
+ * It is passed an unsigned long for each
+ * character because it could come from 2 or even
+ * 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+{
+ unsigned char chflgs, chtmp;
+ char tmphex[HEX_SIZE(long)+3];
+
+ if(c > 0xffffffffL)
+ return -1;
+ if(c > 0xffff) {
+ BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+ if(!io_ch(arg, tmphex, 10)) return -1;
+ return 10;
+ }
+ if(c > 0xff) {
+ BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+ if(!io_ch(arg, tmphex, 6)) return -1;
+ return 6;
+ }
+ chtmp = (unsigned char)c;
+ if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+ else chflgs = char_type[chtmp] & flags;
+ if(chflgs & CHARTYPE_BS_ESC) {
+ /* If we don't escape with quotes, signal we need quotes */
+ if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+ if(do_quotes) *do_quotes = 1;
+ if(!io_ch(arg, &chtmp, 1)) return -1;
+ return 1;
+ }
+ if(!io_ch(arg, "\\", 1)) return -1;
+ if(!io_ch(arg, &chtmp, 1)) return -1;
+ return 2;
+ }
+ if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
+ BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+ if(!io_ch(arg, tmphex, 3)) return -1;
+ return 3;
+ }
+ /* If we get this far and do any escaping at all must escape
+ * the escape character itself: backslash.
+ */
+ if (chtmp == '\\' && flags & ESC_FLAGS) {
+ if(!io_ch(arg, "\\\\", 2)) return -1;
+ return 2;
+ }
+ if(!io_ch(arg, &chtmp, 1)) return -1;
+ return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK 0x7
+#define BUF_TYPE_CONVUTF8 0x8
+
+/* This function sends each character in a buffer to
+ * do_esc_char(). It interprets the content formats
+ * and converts to or from UTF8 as appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+ int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+{
+ int i, outlen, len;
+ unsigned char orflags, *p, *q;
+ unsigned long c;
+ p = buf;
+ q = buf + buflen;
+ outlen = 0;
+ while(p != q) {
+ if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
+ else orflags = 0;
+ switch(type & BUF_TYPE_WIDTH_MASK) {
+ case 4:
+ c = ((unsigned long)*p++) << 24;
+ c |= ((unsigned long)*p++) << 16;
+ c |= ((unsigned long)*p++) << 8;
+ c |= *p++;
+ break;
+
+ case 2:
+ c = ((unsigned long)*p++) << 8;
+ c |= *p++;
+ break;
+
+ case 1:
+ c = *p++;
+ break;
+
+ case 0:
+ i = UTF8_getc(p, buflen, &c);
+ if(i < 0) return -1; /* Invalid UTF8String */
+ p += i;
+ break;
+ default:
+ return -1; /* invalid width */
+ }
+ if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
+ if(type & BUF_TYPE_CONVUTF8) {
+ unsigned char utfbuf[6];
+ int utflen;
+ utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+ for(i = 0; i < utflen; i++) {
+ /* We don't need to worry about setting orflags correctly
+ * because if utflen==1 its value will be correct anyway
+ * otherwise each character will be > 0x7f and so the
+ * character will never be escaped on first and last.
+ */
+ len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
+ if(len < 0) return -1;
+ outlen += len;
+ }
+ } else {
+ len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
+ if(len < 0) return -1;
+ outlen += len;
+ }
+ }
+ return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+{
+ static const char hexdig[] = "0123456789ABCDEF";
+ unsigned char *p, *q;
+ char hextmp[2];
+ if(arg) {
+ p = buf;
+ q = buf + buflen;
+ while(p != q) {
+ hextmp[0] = hexdig[*p >> 4];
+ hextmp[1] = hexdig[*p & 0xf];
+ if(!io_ch(arg, hextmp, 2)) return -1;
+ p++;
+ }
+ }
+ return buflen << 1;
+}
+
+/* "dump" a string. This is done when the type is unknown,
+ * or the flags request it. We can either dump the content
+ * octets or the entire DER encoding. This uses the RFC2253
+ * #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+{
+ /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
+ * the DER encoding to readily obtained
+ */
+ ASN1_TYPE t;
+ unsigned char *der_buf, *p;
+ int outlen, der_len;
+
+ if(!io_ch(arg, "#", 1)) return -1;
+ /* If we don't dump DER encoding just dump content octets */
+ if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+ outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+ if(outlen < 0) return -1;
+ return outlen + 1;
+ }
+ t.type = str->type;
+ t.value.ptr = (char *)str;
+ der_len = i2d_ASN1_TYPE(&t, NULL);
+ der_buf = OPENSSL_malloc(der_len);
+ if(!der_buf) return -1;
+ p = der_buf;
+ i2d_ASN1_TYPE(&t, &p);
+ outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+ OPENSSL_free(der_buf);
+ if(outlen < 0) return -1;
+ return outlen + 1;
+}
+
+/* Lookup table to convert tags to character widths,
+ * 0 = UTF8 encoded, -1 is used for non string types
+ * otherwise it is the number of bytes per character
+ */
+
+static const signed char tag2nbyte[] = {
+ -1, -1, -1, -1, -1, /* 0-4 */
+ -1, -1, -1, -1, -1, /* 5-9 */
+ -1, -1, 0, -1, /* 10-13 */
+ -1, -1, -1, -1, /* 15-17 */
+ -1, 1, 1, /* 18-20 */
+ -1, 1, 1, 1, /* 21-24 */
+ -1, 1, -1, /* 25-27 */
+ 4, -1, 2 /* 28-30 */
+};
+
+/* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+ * characters written or -1 if an error
+ * occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+{
+ int outlen, len;
+ int type;
+ char quotes;
+ unsigned char flags;
+ quotes = 0;
+ /* Keep a copy of escape flags */
+ flags = (unsigned char)(lflags & ESC_FLAGS);
+
+ type = str->type;
+
+ outlen = 0;
+
+
+ if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
+ const char *tagname;
+ tagname = ASN1_tag2str(type);
+ outlen += strlen(tagname);
+ if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;
+ outlen++;
+ }
+
+ /* Decide what to do with type, either dump content or display it */
+
+ /* Dump everything */
+ if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
+ /* Ignore the string type */
+ else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
+ else {
+ /* Else determine width based on type */
+ if((type > 0) && (type < 31)) type = tag2nbyte[type];
+ else type = -1;
+ if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
+ }
+
+ if(type == -1) {
+ len = do_dump(lflags, io_ch, arg, str);
+ if(len < 0) return -1;
+ outlen += len;
+ return outlen;
+ }
+
+ if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+ /* Note: if string is UTF8 and we want
+ * to convert to UTF8 then we just interpret
+ * it as 1 byte per character to avoid converting
+ * twice.
+ */
+ if(!type) type = 1;
+ else type |= BUF_TYPE_CONVUTF8;
+ }
+
+ len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
+ if(len < 0) return -1;
+ outlen += len;
+ if(quotes) outlen += 2;
+ if(!arg) return outlen;
+ if(quotes && !io_ch(arg, "\"", 1)) return -1;
+ if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+ return -1;
+ if(quotes && !io_ch(arg, "\"", 1)) return -1;
+ return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+ int i;
+ for(i = 0; i < indent; i++)
+ if(!io_ch(arg, " ", 1)) return 0;
+ return 1;
+}
+
+#define FN_WIDTH_LN 25
+#define FN_WIDTH_SN 10
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+ int indent, unsigned long flags)
+{
+ int i, prev = -1, orflags, cnt;
+ int fn_opt, fn_nid;
+ ASN1_OBJECT *fn;
+ ASN1_STRING *val;
+ X509_NAME_ENTRY *ent;
+ char objtmp[80];
+ const char *objbuf;
+ int outlen, len;
+ char *sep_dn, *sep_mv, *sep_eq;
+ int sep_dn_len, sep_mv_len, sep_eq_len;
+ if(indent < 0) indent = 0;
+ outlen = indent;
+ if(!do_indent(io_ch, arg, indent)) return -1;
+ switch (flags & XN_FLAG_SEP_MASK)
+ {
+ case XN_FLAG_SEP_MULTILINE:
+ sep_dn = "\n";
+ sep_dn_len = 1;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ break;
+
+ case XN_FLAG_SEP_COMMA_PLUS:
+ sep_dn = ",";
+ sep_dn_len = 1;
+ sep_mv = "+";
+ sep_mv_len = 1;
+ indent = 0;
+ break;
+
+ case XN_FLAG_SEP_CPLUS_SPC:
+ sep_dn = ", ";
+ sep_dn_len = 2;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ indent = 0;
+ break;
+
+ case XN_FLAG_SEP_SPLUS_SPC:
+ sep_dn = "; ";
+ sep_dn_len = 2;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ indent = 0;
+ break;
+
+ default:
+ return -1;
+ }
+
+ if(flags & XN_FLAG_SPC_EQ) {
+ sep_eq = " = ";
+ sep_eq_len = 3;
+ } else {
+ sep_eq = "=";
+ sep_eq_len = 1;
+ }
+
+ fn_opt = flags & XN_FLAG_FN_MASK;
+
+ cnt = X509_NAME_entry_count(n);
+ for(i = 0; i < cnt; i++) {
+ if(flags & XN_FLAG_DN_REV)
+ ent = X509_NAME_get_entry(n, cnt - i - 1);
+ else ent = X509_NAME_get_entry(n, i);
+ if(prev != -1) {
+ if(prev == ent->set) {
+ if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
+ outlen += sep_mv_len;
+ } else {
+ if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
+ outlen += sep_dn_len;
+ if(!do_indent(io_ch, arg, indent)) return -1;
+ outlen += indent;
+ }
+ }
+ prev = ent->set;
+ fn = X509_NAME_ENTRY_get_object(ent);
+ val = X509_NAME_ENTRY_get_data(ent);
+ fn_nid = OBJ_obj2nid(fn);
+ if(fn_opt != XN_FLAG_FN_NONE) {
+ int objlen, fld_len;
+ if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
+ OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+ fld_len = 0; /* XXX: what should this be? */
+ objbuf = objtmp;
+ } else {
+ if(fn_opt == XN_FLAG_FN_SN) {
+ fld_len = FN_WIDTH_SN;
+ objbuf = OBJ_nid2sn(fn_nid);
+ } else if(fn_opt == XN_FLAG_FN_LN) {
+ fld_len = FN_WIDTH_LN;
+ objbuf = OBJ_nid2ln(fn_nid);
+ } else {
+ fld_len = 0; /* XXX: what should this be? */
+ objbuf = "";
+ }
+ }
+ objlen = strlen(objbuf);
+ if(!io_ch(arg, objbuf, objlen)) return -1;
+ if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+ if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+ outlen += fld_len - objlen;
+ }
+ if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
+ outlen += objlen + sep_eq_len;
+ }
+ /* If the field name is unknown then fix up the DER dump
+ * flag. We might want to limit this further so it will
+ * DER dump on anything other than a few 'standard' fields.
+ */
+ if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+ orflags = ASN1_STRFLGS_DUMP_ALL;
+ else orflags = 0;
+
+ len = do_print_ex(io_ch, arg, flags | orflags, val);
+ if(len < 0) return -1;
+ outlen += len;
+ }
+ return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+{
+ if(flags == XN_FLAG_COMPAT)
+ return X509_NAME_print(out, nm, indent);
+ return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+{
+ if(flags == XN_FLAG_COMPAT)
+ {
+ BIO *btmp;
+ int ret;
+ btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+ if(!btmp) return -1;
+ ret = X509_NAME_print(btmp, nm, indent);
+ BIO_free(btmp);
+ return ret;
+ }
+ return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+ return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+ return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/* Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+ ASN1_STRING stmp, *str = &stmp;
+ int mbflag, type, ret;
+ if(!in) return -1;
+ type = in->type;
+ if((type < 0) || (type > 30)) return -1;
+ mbflag = tag2nbyte[type];
+ if(mbflag == -1) return -1;
+ mbflag |= MBSTRING_FLAG;
+ stmp.data = NULL;
+ stmp.length = 0;
+ ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ if(ret < 0) return ret;
+ *out = stmp.data;
+ return stmp.length;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,290 @@
+/* a_strnid.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+ const ASN1_STRING_TABLE * const *b);
+static int table_cmp(const void *a, const void *b);
+
+
+/* This is the global mask for the mbstring functions: this is use to
+ * mask out certain types (such as BMPString and UTF8String) because
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+ global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+ return global_mask;
+}
+
+/* This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default: the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(const char *p)
+{
+ unsigned long mask;
+ char *end;
+ if(!strncmp(p, "MASK:", 5)) {
+ if(!p[5]) return 0;
+ mask = strtoul(p + 5, &end, 0);
+ if(*end) return 0;
+ } else if(!strcmp(p, "nombstr"))
+ mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+ else if(!strcmp(p, "pkix"))
+ mask = ~((unsigned long)B_ASN1_T61STRING);
+ else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+ else if(!strcmp(p, "default"))
+ mask = 0xFFFFFFFFL;
+ else return 0;
+ ASN1_STRING_set_default_mask(mask);
+ return 1;
+}
+
+/* The following function generates an ASN1_STRING based on limits in a table.
+ * Frequently the types and length of an ASN1_STRING are restricted by a
+ * corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+ int inlen, int inform, int nid)
+{
+ ASN1_STRING_TABLE *tbl;
+ ASN1_STRING *str = NULL;
+ unsigned long mask;
+ int ret;
+ if(!out) out = &str;
+ tbl = ASN1_STRING_TABLE_get(nid);
+ if(tbl) {
+ mask = tbl->mask;
+ if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
+ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+ tbl->minsize, tbl->maxsize);
+ } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
+ if(ret <= 0) return NULL;
+ return *out;
+}
+
+/* Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name 32768
+#define ub_common_name 64
+#define ub_locality_name 128
+#define ub_state_name 128
+#define ub_organization_name 64
+#define ub_organization_unit_name 64
+#define ub_title 64
+#define ub_email_address 128
+#define ub_serial_number 64
+
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+ const ASN1_STRING_TABLE * const *b)
+{
+ return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(const void *a, const void *b)
+{
+ const ASN1_STRING_TABLE *sa = a, *sb = b;
+ return sa->nid - sb->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+ int idx;
+ ASN1_STRING_TABLE *ttmp;
+ ASN1_STRING_TABLE fnd;
+ fnd.nid = nid;
+ ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+ (char *)tbl_standard,
+ sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+ sizeof(ASN1_STRING_TABLE), table_cmp);
+ if(ttmp) return ttmp;
+ if(!stable) return NULL;
+ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+ if(idx < 0) return NULL;
+ return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+ long minsize, long maxsize, unsigned long mask,
+ unsigned long flags)
+{
+ ASN1_STRING_TABLE *tmp;
+ char new_nid = 0;
+ flags &= ~STABLE_FLAGS_MALLOC;
+ if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+ if(!stable) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
+ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+ if(!tmp) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ tmp->flags = flags | STABLE_FLAGS_MALLOC;
+ tmp->nid = nid;
+ new_nid = 1;
+ } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+ if(minsize != -1) tmp->minsize = minsize;
+ if(maxsize != -1) tmp->maxsize = maxsize;
+ tmp->mask = mask;
+ if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
+ return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+ STACK_OF(ASN1_STRING_TABLE) *tmp;
+ tmp = stable;
+ if(!tmp) return;
+ stable = NULL;
+ sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+ if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
+}
+
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+ ASN1_STRING_TABLE *tmp;
+ int i, last_nid = -1;
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+ {
+ if (tmp->nid < last_nid)
+ {
+ last_nid = 0;
+ break;
+ }
+ last_nid = tmp->nid;
+ }
+
+ if (last_nid != 0)
+ {
+ printf("Table order OK\n");
+ exit(0);
+ }
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+ printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+ OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/a_time.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_time.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_time.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,164 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1t.h>
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+#if 0
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+ {
+#ifdef CHARSET_EBCDIC
+ /* KLUDGE! We convert to ascii before writing DER */
+ char tmp[24];
+ ASN1_STRING tmpstr;
+
+ if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+ int len;
+
+ tmpstr = *(ASN1_STRING *)a;
+ len = tmpstr.length;
+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ tmpstr.data = tmp;
+ a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+ }
+#endif
+ if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+ return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+ a->type ,V_ASN1_UNIVERSAL));
+ ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+ return -1;
+ }
+#endif
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+ {
+ struct tm *ts;
+ struct tm data;
+
+ ts=OPENSSL_gmtime(&t,&data);
+ if (ts == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+ return NULL;
+ }
+ if((ts->tm_year >= 50) && (ts->tm_year < 150))
+ return ASN1_UTCTIME_set(s, t);
+ return ASN1_GENERALIZEDTIME_set(s,t);
+ }
+
+int ASN1_TIME_check(ASN1_TIME *t)
+ {
+ if (t->type == V_ASN1_GENERALIZEDTIME)
+ return ASN1_GENERALIZEDTIME_check(t);
+ else if (t->type == V_ASN1_UTCTIME)
+ return ASN1_UTCTIME_check(t);
+ return 0;
+ }
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+ {
+ ASN1_GENERALIZEDTIME *ret;
+ char *str;
+ int newlen;
+
+ if (!ASN1_TIME_check(t)) return NULL;
+
+ if (!out || !*out)
+ {
+ if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+ return NULL;
+ if (out) *out = ret;
+ }
+ else ret = *out;
+
+ /* If already GeneralizedTime just copy across */
+ if (t->type == V_ASN1_GENERALIZEDTIME)
+ {
+ if(!ASN1_STRING_set(ret, t->data, t->length))
+ return NULL;
+ return ret;
+ }
+
+ /* grow the string */
+ if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+ return NULL;
+ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+ newlen = t->length + 2 + 1;
+ str = (char *)ret->data;
+ /* Work out the century and prepend */
+ if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
+ else BUF_strlcpy(str, "20", newlen);
+
+ BUF_strlcat(str, (char *)t->data, newlen);
+
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/a_type.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_type.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_type.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,110 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+ {
+ if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+ return(a->type);
+ else
+ return(0);
+ }
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+ {
+ if (a->value.ptr != NULL)
+ {
+ ASN1_TYPE **tmp_a = &a;
+ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+ }
+ a->type=type;
+ a->value.ptr=value;
+ }
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+ {
+ if (!value || (type == V_ASN1_BOOLEAN))
+ {
+ void *p = (void *)value;
+ ASN1_TYPE_set(a, type, p);
+ }
+ else if (type == V_ASN1_OBJECT)
+ {
+ ASN1_OBJECT *odup;
+ odup = OBJ_dup(value);
+ if (!odup)
+ return 0;
+ ASN1_TYPE_set(a, type, odup);
+ }
+ else
+ {
+ ASN1_STRING *sdup;
+ sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+ if (!sdup)
+ return 0;
+ ASN1_TYPE_set(a, type, sdup);
+ }
+ return 1;
+ }
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
Added: vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,303 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+ {
+#ifndef CHARSET_EBCDIC
+ return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+ V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+ /* KLUDGE! We convert to ascii before writing DER */
+ int len;
+ char tmp[24];
+ ASN1_STRING x = *(ASN1_STRING *)a;
+
+ len = x.length;
+ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ x.data = tmp;
+ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
+ }
+
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+ long length)
+ {
+ ASN1_UTCTIME *ret=NULL;
+
+ ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+ V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
+ return(NULL);
+ }
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+ if (!ASN1_UTCTIME_check(ret))
+ {
+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+ goto err;
+ }
+
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_UTCTIME_free(ret);
+ return(NULL);
+ }
+
+#endif
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+ {
+ static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+ static int max[8]={99,12,31,23,59,59,12,59};
+ char *a;
+ int n,i,l,o;
+
+ if (d->type != V_ASN1_UTCTIME) return(0);
+ l=d->length;
+ a=(char *)d->data;
+ o=0;
+
+ if (l < 11) goto err;
+ for (i=0; i<6; i++)
+ {
+ if ((i == 5) && ((a[o] == 'Z') ||
+ (a[o] == '+') || (a[o] == '-')))
+ { i++; break; }
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n= a[o]-'0';
+ if (++o > l) goto err;
+
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n=(n*10)+ a[o]-'0';
+ if (++o > l) goto err;
+
+ if ((n < min[i]) || (n > max[i])) goto err;
+ }
+ if (a[o] == 'Z')
+ o++;
+ else if ((a[o] == '+') || (a[o] == '-'))
+ {
+ o++;
+ if (o+4 > l) goto err;
+ for (i=6; i<8; i++)
+ {
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n= a[o]-'0';
+ o++;
+ if ((a[o] < '0') || (a[o] > '9')) goto err;
+ n=(n*10)+ a[o]-'0';
+ if ((n < min[i]) || (n > max[i])) goto err;
+ o++;
+ }
+ }
+ return(o == l);
+err:
+ return(0);
+ }
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+ {
+ ASN1_UTCTIME t;
+
+ t.type=V_ASN1_UTCTIME;
+ t.length=strlen(str);
+ t.data=(unsigned char *)str;
+ if (ASN1_UTCTIME_check(&t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
+ s->type = V_ASN1_UTCTIME;
+ }
+ return(1);
+ }
+ else
+ return(0);
+ }
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+ {
+ char *p;
+ struct tm *ts;
+ struct tm data;
+ size_t len = 20;
+
+ if (s == NULL)
+ s=M_ASN1_UTCTIME_new();
+ if (s == NULL)
+ return(NULL);
+
+ ts=OPENSSL_gmtime(&t, &data);
+ if (ts == NULL)
+ return(NULL);
+
+ p=(char *)s->data;
+ if ((p == NULL) || ((size_t)s->length < len))
+ {
+ p=OPENSSL_malloc(len);
+ if (p == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ if (s->data != NULL)
+ OPENSSL_free(s->data);
+ s->data=(unsigned char *)p;
+ }
+
+ BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ s->length=strlen(p);
+ s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+ ebcdic2ascii(s->data, s->data, s->length);
+#endif
+ return(s);
+ }
+
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+ {
+ struct tm *tm;
+ struct tm data;
+ int offset;
+ int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+ if (s->data[12] == 'Z')
+ offset=0;
+ else
+ {
+ offset = g2(s->data+13)*60+g2(s->data+15);
+ if (s->data[12] == '-')
+ offset = -offset;
+ }
+
+ t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+ tm = OPENSSL_gmtime(&t, &data);
+
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+ year = g2(s->data);
+ if (year < 50)
+ year += 100;
+ return_cmp(year, tm->tm_year);
+ return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+ return_cmp(g2(s->data+4), tm->tm_mday);
+ return_cmp(g2(s->data+6), tm->tm_hour);
+ return_cmp(g2(s->data+8), tm->tm_min);
+ return_cmp(g2(s->data+10), tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+ return 0;
+ }
+
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+ {
+ struct tm tm;
+ int offset;
+
+ memset(&tm,'\0',sizeof tm);
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+ tm.tm_year=g2(s->data);
+ if(tm.tm_year < 50)
+ tm.tm_year+=100;
+ tm.tm_mon=g2(s->data+2)-1;
+ tm.tm_mday=g2(s->data+4);
+ tm.tm_hour=g2(s->data+6);
+ tm.tm_min=g2(s->data+8);
+ tm.tm_sec=g2(s->data+10);
+ if(s->data[12] == 'Z')
+ offset=0;
+ else
+ {
+ offset=g2(s->data+13)*60+g2(s->data+15);
+ if(s->data[12] == '-')
+ offset= -offset;
+ }
+#undef g2
+
+ return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+ * instead of UTC, and unless we rewrite OpenSSL
+ * in Lisp we cannot locally change the timezone
+ * without possibly interfering with other parts
+ * of the program. timegm, which uses UTC, is
+ * non-standard.
+ * Also time_t is inappropriate for general
+ * UTC times because it may a 32 bit type. */
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,211 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+
+/* UTF8 utilities */
+
+/* This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+ const unsigned char *p;
+ unsigned long value;
+ int ret;
+ if(len <= 0) return 0;
+ p = str;
+
+ /* Check syntax and work out the encoded value (if correct) */
+ if((*p & 0x80) == 0) {
+ value = *p++ & 0x7f;
+ ret = 1;
+ } else if((*p & 0xe0) == 0xc0) {
+ if(len < 2) return -1;
+ if((p[1] & 0xc0) != 0x80) return -3;
+ value = (*p++ & 0x1f) << 6;
+ value |= *p++ & 0x3f;
+ if(value < 0x80) return -4;
+ ret = 2;
+ } else if((*p & 0xf0) == 0xe0) {
+ if(len < 3) return -1;
+ if( ((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80) ) return -3;
+ value = (*p++ & 0xf) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if(value < 0x800) return -4;
+ ret = 3;
+ } else if((*p & 0xf8) == 0xf0) {
+ if(len < 4) return -1;
+ if( ((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80) ) return -3;
+ value = ((unsigned long)(*p++ & 0x7)) << 18;
+ value |= (*p++ & 0x3f) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if(value < 0x10000) return -4;
+ ret = 4;
+ } else if((*p & 0xfc) == 0xf8) {
+ if(len < 5) return -1;
+ if( ((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80)
+ || ((p[4] & 0xc0) != 0x80) ) return -3;
+ value = ((unsigned long)(*p++ & 0x3)) << 24;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if(value < 0x200000) return -4;
+ ret = 5;
+ } else if((*p & 0xfe) == 0xfc) {
+ if(len < 6) return -1;
+ if( ((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80)
+ || ((p[4] & 0xc0) != 0x80)
+ || ((p[5] & 0xc0) != 0x80) ) return -3;
+ value = ((unsigned long)(*p++ & 0x1)) << 30;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if(value < 0x4000000) return -4;
+ ret = 6;
+ } else return -2;
+ *val = value;
+ return ret;
+}
+
+/* This takes a character 'value' and writes the UTF8 encoded value in
+ * 'str' where 'str' is a buffer containing 'len' characters. Returns
+ * the number of characters written or -1 if 'len' is too small. 'str' can
+ * be set to NULL in which case it just returns the number of characters.
+ * It will need at most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+ if(!str) len = 6; /* Maximum we will need */
+ else if(len <= 0) return -1;
+ if(value < 0x80) {
+ if(str) *str = (unsigned char)value;
+ return 1;
+ }
+ if(value < 0x800) {
+ if(len < 2) return -1;
+ if(str) {
+ *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 2;
+ }
+ if(value < 0x10000) {
+ if(len < 3) return -1;
+ if(str) {
+ *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 3;
+ }
+ if(value < 0x200000) {
+ if(len < 4) return -1;
+ if(str) {
+ *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 4;
+ }
+ if(value < 0x4000000) {
+ if(len < 5) return -1;
+ if(str) {
+ *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 5;
+ }
+ if(len < 6) return -1;
+ if(str) {
+ *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+ *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 6;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/a_verify.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_verify.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/a_verify.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,192 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+ char *data, EVP_PKEY *pkey)
+ {
+ EVP_MD_CTX ctx;
+ const EVP_MD *type;
+ unsigned char *p,*buf_in=NULL;
+ int ret= -1,i,inl;
+
+ EVP_MD_CTX_init(&ctx);
+ i=OBJ_obj2nid(a->algorithm);
+ type=EVP_get_digestbyname(OBJ_nid2sn(i));
+ if (type == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
+
+ inl=i2d(data,NULL);
+ buf_in=OPENSSL_malloc((unsigned int)inl);
+ if (buf_in == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p=buf_in;
+
+ i2d(data,&p);
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
+ EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+ OPENSSL_cleanse(buf_in,(unsigned int)inl);
+ OPENSSL_free(buf_in);
+
+ if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+ (unsigned int)signature->length,pkey) <= 0)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
+ /* we don't need to zero the 'ctx' because we just checked
+ * public information */
+ /* memset(&ctx,0,sizeof(ctx)); */
+ ret=1;
+err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return(ret);
+ }
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+ void *asn, EVP_PKEY *pkey)
+ {
+ EVP_MD_CTX ctx;
+ const EVP_MD *type;
+ unsigned char *buf_in=NULL;
+ int ret= -1,i,inl;
+
+ if (!pkey)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+
+ EVP_MD_CTX_init(&ctx);
+ i=OBJ_obj2nid(a->algorithm);
+ type=EVP_get_digestbyname(OBJ_nid2sn(i));
+ if (type == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
+
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
+
+ inl = ASN1_item_i2d(asn, &buf_in, it);
+
+ if (buf_in == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+ OPENSSL_cleanse(buf_in,(unsigned int)inl);
+ OPENSSL_free(buf_in);
+
+ if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+ (unsigned int)signature->length,pkey) <= 0)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
+ /* we don't need to zero the 'ctx' because we just checked
+ * public information */
+ /* memset(&ctx,0,sizeof(ctx)); */
+ ret=1;
+err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return(ret);
+ }
+
+
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1332 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+
+#include <time.h>
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+
+#include <openssl/symhacks.h>
+
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define V_ASN1_UNIVERSAL 0x00
+#define V_ASN1_APPLICATION 0x40
+#define V_ASN1_CONTEXT_SPECIFIC 0x80
+#define V_ASN1_PRIVATE 0xc0
+
+#define V_ASN1_CONSTRUCTED 0x20
+#define V_ASN1_PRIMITIVE_TAG 0x1f
+#define V_ASN1_PRIMATIVE_TAG 0x1f
+
+#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
+#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */
+#define V_ASN1_ANY -4 /* used in ASN1 template code */
+
+#define V_ASN1_NEG 0x100 /* negative flag */
+
+#define V_ASN1_UNDEF -1
+#define V_ASN1_EOC 0
+#define V_ASN1_BOOLEAN 1 /**/
+#define V_ASN1_INTEGER 2
+#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
+#define V_ASN1_BIT_STRING 3
+#define V_ASN1_OCTET_STRING 4
+#define V_ASN1_NULL 5
+#define V_ASN1_OBJECT 6
+#define V_ASN1_OBJECT_DESCRIPTOR 7
+#define V_ASN1_EXTERNAL 8
+#define V_ASN1_REAL 9
+#define V_ASN1_ENUMERATED 10
+#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
+#define V_ASN1_UTF8STRING 12
+#define V_ASN1_SEQUENCE 16
+#define V_ASN1_SET 17
+#define V_ASN1_NUMERICSTRING 18 /**/
+#define V_ASN1_PRINTABLESTRING 19
+#define V_ASN1_T61STRING 20
+#define V_ASN1_TELETEXSTRING 20 /* alias */
+#define V_ASN1_VIDEOTEXSTRING 21 /**/
+#define V_ASN1_IA5STRING 22
+#define V_ASN1_UTCTIME 23
+#define V_ASN1_GENERALIZEDTIME 24 /**/
+#define V_ASN1_GRAPHICSTRING 25 /**/
+#define V_ASN1_ISO64STRING 26 /**/
+#define V_ASN1_VISIBLESTRING 26 /* alias */
+#define V_ASN1_GENERALSTRING 27 /**/
+#define V_ASN1_UNIVERSALSTRING 28 /**/
+#define V_ASN1_BMPSTRING 30
+
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING 0x0001
+#define B_ASN1_PRINTABLESTRING 0x0002
+#define B_ASN1_T61STRING 0x0004
+#define B_ASN1_TELETEXSTRING 0x0004
+#define B_ASN1_VIDEOTEXSTRING 0x0008
+#define B_ASN1_IA5STRING 0x0010
+#define B_ASN1_GRAPHICSTRING 0x0020
+#define B_ASN1_ISO64STRING 0x0040
+#define B_ASN1_VISIBLESTRING 0x0040
+#define B_ASN1_GENERALSTRING 0x0080
+#define B_ASN1_UNIVERSALSTRING 0x0100
+#define B_ASN1_OCTET_STRING 0x0200
+#define B_ASN1_BIT_STRING 0x0400
+#define B_ASN1_BMPSTRING 0x0800
+#define B_ASN1_UNKNOWN 0x1000
+#define B_ASN1_UTF8STRING 0x2000
+#define B_ASN1_UTCTIME 0x4000
+#define B_ASN1_GENERALIZEDTIME 0x8000
+#define B_ASN1_SEQUENCE 0x10000
+
+/* For use with ASN1_mbstring_copy() */
+#define MBSTRING_FLAG 0x1000
+#define MBSTRING_UTF8 (MBSTRING_FLAG)
+#define MBSTRING_ASC (MBSTRING_FLAG|1)
+#define MBSTRING_BMP (MBSTRING_FLAG|2)
+#define MBSTRING_UNIV (MBSTRING_FLAG|4)
+
+#define SMIME_OLDMIME 0x400
+#define SMIME_CRLFEOL 0x800
+#define SMIME_STREAM 0x1000
+
+struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
+
+#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
+#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
+
+/* We MUST make sure that, except for constness, asn1_ctx_st and
+ asn1_const_ctx are exactly the same. Fortunately, as soon as
+ the old ASN1 parsing macros are gone, we can throw this away
+ as well... */
+typedef struct asn1_ctx_st
+ {
+ unsigned char *p;/* work char pointer */
+ int eos; /* end of sequence read for indefinite encoding */
+ int error; /* error code to use when returning an error */
+ int inf; /* constructed if 0x20, indefinite is 0x21 */
+ int tag; /* tag from last 'get object' */
+ int xclass; /* class from last 'get object' */
+ long slen; /* length of last 'get object' */
+ unsigned char *max; /* largest value of p allowed */
+ unsigned char *q;/* temporary variable */
+ unsigned char **pp;/* variable */
+ int line; /* used in error processing */
+ } ASN1_CTX;
+
+typedef struct asn1_const_ctx_st
+ {
+ const unsigned char *p;/* work char pointer */
+ int eos; /* end of sequence read for indefinite encoding */
+ int error; /* error code to use when returning an error */
+ int inf; /* constructed if 0x20, indefinite is 0x21 */
+ int tag; /* tag from last 'get object' */
+ int xclass; /* class from last 'get object' */
+ long slen; /* length of last 'get object' */
+ const unsigned char *max; /* largest value of p allowed */
+ const unsigned char *q;/* temporary variable */
+ const unsigned char **pp;/* variable */
+ int line; /* used in error processing */
+ } ASN1_const_CTX;
+
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */
+typedef struct asn1_object_st
+ {
+ const char *sn,*ln;
+ int nid;
+ int length;
+ unsigned char *data;
+ int flags; /* Should we free this one */
+ } ASN1_OBJECT;
+
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/* This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should
+ * be inserted in the memory buffer
+ */
+#define ASN1_STRING_FLAG_NDEF 0x010
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been
+ * accessed. The flag will be reset when content has been written to it.
+ */
+#define ASN1_STRING_FLAG_CONT 0x020
+
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+ {
+ int length;
+ int type;
+ unsigned char *data;
+ /* The value of the following field depends on the type being
+ * held. It is mostly being used for BIT_STRING so if the
+ * input data has a non-zero 'unused bits' value, it will be
+ * handled correctly */
+ long flags;
+ } ASN1_STRING;
+
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+ {
+ unsigned char *enc; /* DER encoding */
+ long len; /* Length of encoding */
+ int modified; /* set to 1 if 'enc' is invalid */
+ } ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF 0x7fffffffL
+
+#define STABLE_FLAGS_MALLOC 0x01
+#define STABLE_NO_MASK 0x02
+#define DIRSTRING_TYPE \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+ int nid;
+ long minsize;
+ long maxsize;
+ unsigned long mask;
+ unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DECLARE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name 32768
+#define ub_common_name 64
+#define ub_locality_name 128
+#define ub_state_name 128
+#define ub_organization_name 64
+#define ub_organization_unit_name 64
+#define ub_title 64
+#define ub_email_address 128
+
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(itname)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(const type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_NDEF_FUNCTION(name) \
+ int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ type *name##_new(void); \
+ void name##_free(type *a);
+
+#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+#define I2D_OF(type) int (*)(type *,unsigned char **)
+#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+#define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+#define CHECKED_PTR_OF_TO_CHAR(type, p) \
+ ((char*) (1 ? p : (type*)0))
+
+#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ * ...
+ * ASN1_ITEM_EXP *iptr;
+ * ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+ OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+#else
+
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+ const ASN1_ITEM * name##_it(void);
+
+#endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253 1
+#define ASN1_STRFLGS_ESC_CTRL 2
+#define ASN1_STRFLGS_ESC_MSB 4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE 8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING 0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253 0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253 0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT 0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE 0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE 0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL 0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER 0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ ASN1_STRFLGS_UTF8_CONVERT | \
+ ASN1_STRFLGS_DUMP_UNKNOWN | \
+ ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
+typedef struct asn1_type_st
+ {
+ int type;
+ union {
+ char *ptr;
+ ASN1_BOOLEAN boolean;
+ ASN1_STRING * asn1_string;
+ ASN1_OBJECT * object;
+ ASN1_INTEGER * integer;
+ ASN1_ENUMERATED * enumerated;
+ ASN1_BIT_STRING * bit_string;
+ ASN1_OCTET_STRING * octet_string;
+ ASN1_PRINTABLESTRING * printablestring;
+ ASN1_T61STRING * t61string;
+ ASN1_IA5STRING * ia5string;
+ ASN1_GENERALSTRING * generalstring;
+ ASN1_BMPSTRING * bmpstring;
+ ASN1_UNIVERSALSTRING * universalstring;
+ ASN1_UTCTIME * utctime;
+ ASN1_GENERALIZEDTIME * generalizedtime;
+ ASN1_VISIBLESTRING * visiblestring;
+ ASN1_UTF8STRING * utf8string;
+ /* set and sequence are left complete and still
+ * contain the set or sequence bytes */
+ ASN1_STRING * set;
+ ASN1_STRING * sequence;
+ ASN1_VALUE * asn1_value;
+ } value;
+ } ASN1_TYPE;
+
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
+typedef struct asn1_method_st
+ {
+ i2d_of_void *i2d;
+ d2i_of_void *d2i;
+ void *(*create)(void);
+ void (*destroy)(void *);
+ } ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+ {
+ ASN1_OCTET_STRING *header;
+ void *data;
+ ASN1_METHOD *meth;
+ } ASN1_HEADER;
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+ int bitnum;
+ const char *lname;
+ const char *sname;
+} BIT_STRING_BITNAME;
+
+
+#define M_ASN1_STRING_length(x) ((x)->length)
+#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
+#define M_ASN1_STRING_type(x) ((x)->type)
+#define M_ASN1_STRING_data(x) ((x)->data)
+
+/* Macros for string operations */
+#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
+ ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+ ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+
+#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
+ ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
+ ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
+ ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+ ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+ V_ASN1_UNIVERSAL)
+
+#define B_ASN1_TIME \
+ B_ASN1_UTCTIME | \
+ B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
+ B_ASN1_NUMERICSTRING| \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_T61STRING| \
+ B_ASN1_IA5STRING| \
+ B_ASN1_BIT_STRING| \
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING|\
+ B_ASN1_SEQUENCE|\
+ B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_TELETEXSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+ B_ASN1_IA5STRING| \
+ B_ASN1_VISIBLESTRING| \
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_PRINTABLE)
+
+#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_DIRECTORYSTRING)
+
+#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_DISPLAYTEXT)
+
+#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
+ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\
+ ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+ (ASN1_T61STRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
+ ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_IA5STRING_dup(a) \
+ (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+ B_ASN1_IA5STRING)
+
+#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
+ ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
+ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
+ (ASN1_STRING *)a)
+
+#define M_ASN1_TIME_new() (ASN1_TIME *)\
+ ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
+#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\
+ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
+ ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+ V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+ /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE 0
+#define IS_SET 1
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+
+ASN1_OBJECT * ASN1_OBJECT_new(void );
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ long length);
+ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING * ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING * ASN1_STRING_type_new(int type );
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+ /* Since this is used to store all sorts of things, via macros, for now, make
+ its data void * */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
+ long length);
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
+ int length );
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
+#ifndef OPENSSL_NO_BIO
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent);
+#endif
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+ BIT_STRING_BITNAME *tbl);
+
+int i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ long length);
+ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+
+int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+ d2i_of_void *d2i, void (*free_func)(void *),
+ int ex_tag, int ex_class);
+
+#ifndef OPENSSL_NO_BIO
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+ const char *sn, const char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
+ long length,int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+int asn1_const_Finish(ASN1_const_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+int ASN1_const_check_infinite_end(const unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+ int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
+#define ASN1_dup_of(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF_TO_CHAR(type, x)))
+
+#define ASN1_dup_of_const(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF_TO_CHAR(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
+#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
+#define ASN1_i2d_fp_of(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+#endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+#ifndef OPENSSL_NO_BIO
+void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
+#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
+#define ASN1_i2d_bio_of(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+#endif
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+ unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+ unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+ unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+ unsigned char *data, int max_len);
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func)(void *));
+unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+ unsigned char **buf, int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
+ ASN1_OCTET_STRING **oct);
+
+#define ASN1_pack_string_of(type,obj,i2d,oct) \
+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+ CHECKED_I2D_OF(type, i2d), \
+ oct))
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+ const unsigned char *in, int inlen, int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn *data_fn,
+ const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ASN1_strings(void);
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT 100
+#define ASN1_F_A2I_ASN1_ENUMERATED 101
+#define ASN1_F_A2I_ASN1_INTEGER 102
+#define ASN1_F_A2I_ASN1_STRING 103
+#define ASN1_F_APPEND_EXP 176
+#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
+#define ASN1_F_ASN1_CB 177
+#define ASN1_F_ASN1_CHECK_TLEN 104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
+#define ASN1_F_ASN1_COLLECT 106
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
+#define ASN1_F_ASN1_D2I_FP 109
+#define ASN1_F_ASN1_D2I_READ_BIO 107
+#define ASN1_F_ASN1_DIGEST 184
+#define ASN1_F_ASN1_DO_ADB 110
+#define ASN1_F_ASN1_DUP 111
+#define ASN1_F_ASN1_ENUMERATED_SET 112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+#define ASN1_F_ASN1_EX_C2I 204
+#define ASN1_F_ASN1_FIND_END 190
+#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
+#define ASN1_F_ASN1_GENERATE_V3 178
+#define ASN1_F_ASN1_GET_OBJECT 114
+#define ASN1_F_ASN1_HEADER_NEW 115
+#define ASN1_F_ASN1_I2D_BIO 116
+#define ASN1_F_ASN1_I2D_FP 117
+#define ASN1_F_ASN1_INTEGER_SET 118
+#define ASN1_F_ASN1_INTEGER_TO_BN 119
+#define ASN1_F_ASN1_ITEM_D2I_FP 206
+#define ASN1_F_ASN1_ITEM_DUP 191
+#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+#define ASN1_F_ASN1_ITEM_EX_D2I 120
+#define ASN1_F_ASN1_ITEM_I2D_BIO 192
+#define ASN1_F_ASN1_ITEM_I2D_FP 193
+#define ASN1_F_ASN1_ITEM_PACK 198
+#define ASN1_F_ASN1_ITEM_SIGN 195
+#define ASN1_F_ASN1_ITEM_UNPACK 199
+#define ASN1_F_ASN1_ITEM_VERIFY 197
+#define ASN1_F_ASN1_MBSTRING_NCOPY 122
+#define ASN1_F_ASN1_OBJECT_NEW 123
+#define ASN1_F_ASN1_OUTPUT_DATA 207
+#define ASN1_F_ASN1_PACK_STRING 124
+#define ASN1_F_ASN1_PCTX_NEW 205
+#define ASN1_F_ASN1_PKCS5_PBE_SET 125
+#define ASN1_F_ASN1_SEQ_PACK 126
+#define ASN1_F_ASN1_SEQ_UNPACK 127
+#define ASN1_F_ASN1_SIGN 128
+#define ASN1_F_ASN1_STR2TYPE 179
+#define ASN1_F_ASN1_STRING_SET 186
+#define ASN1_F_ASN1_STRING_TABLE_ADD 129
+#define ASN1_F_ASN1_STRING_TYPE_NEW 130
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
+#define ASN1_F_ASN1_TEMPLATE_NEW 133
+#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
+#define ASN1_F_ASN1_TIME_SET 175
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
+#define ASN1_F_ASN1_UNPACK_STRING 136
+#define ASN1_F_ASN1_UTCTIME_SET 187
+#define ASN1_F_ASN1_VERIFY 137
+#define ASN1_F_B64_READ_ASN1 208
+#define ASN1_F_B64_WRITE_ASN1 209
+#define ASN1_F_BITSTR_CB 180
+#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
+#define ASN1_F_BN_TO_ASN1_INTEGER 139
+#define ASN1_F_C2I_ASN1_BIT_STRING 189
+#define ASN1_F_C2I_ASN1_INTEGER 194
+#define ASN1_F_C2I_ASN1_OBJECT 196
+#define ASN1_F_COLLECT_DATA 140
+#define ASN1_F_D2I_ASN1_BIT_STRING 141
+#define ASN1_F_D2I_ASN1_BOOLEAN 142
+#define ASN1_F_D2I_ASN1_BYTES 143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144
+#define ASN1_F_D2I_ASN1_HEADER 145
+#define ASN1_F_D2I_ASN1_INTEGER 146
+#define ASN1_F_D2I_ASN1_OBJECT 147
+#define ASN1_F_D2I_ASN1_SET 148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES 149
+#define ASN1_F_D2I_ASN1_UINTEGER 150
+#define ASN1_F_D2I_ASN1_UTCTIME 151
+#define ASN1_F_D2I_NETSCAPE_RSA 152
+#define ASN1_F_D2I_NETSCAPE_RSA_2 153
+#define ASN1_F_D2I_PRIVATEKEY 154
+#define ASN1_F_D2I_PUBLICKEY 155
+#define ASN1_F_D2I_RSA_NET 200
+#define ASN1_F_D2I_RSA_NET_2 201
+#define ASN1_F_D2I_X509 156
+#define ASN1_F_D2I_X509_CINF 157
+#define ASN1_F_D2I_X509_PKEY 159
+#define ASN1_F_I2D_ASN1_SET 188
+#define ASN1_F_I2D_ASN1_TIME 160
+#define ASN1_F_I2D_DSA_PUBKEY 161
+#define ASN1_F_I2D_EC_PUBKEY 181
+#define ASN1_F_I2D_PRIVATEKEY 163
+#define ASN1_F_I2D_PUBLICKEY 164
+#define ASN1_F_I2D_RSA_NET 162
+#define ASN1_F_I2D_RSA_PUBKEY 165
+#define ASN1_F_LONG_C2I 166
+#define ASN1_F_OID_MODULE_INIT 174
+#define ASN1_F_PARSE_TAGGING 182
+#define ASN1_F_PKCS5_PBE2_SET 167
+#define ASN1_F_PKCS5_PBE_SET 202
+#define ASN1_F_SMIME_READ_ASN1 210
+#define ASN1_F_SMIME_TEXT 211
+#define ASN1_F_X509_CINF_NEW 168
+#define ASN1_F_X509_CRL_ADD0_REVOKED 169
+#define ASN1_F_X509_INFO_NEW 170
+#define ASN1_F_X509_NAME_ENCODE 203
+#define ASN1_F_X509_NAME_EX_D2I 158
+#define ASN1_F_X509_NAME_EX_NEW 171
+#define ASN1_F_X509_NEW 172
+#define ASN1_F_X509_PKEY_NEW 173
+
+/* Reason codes. */
+#define ASN1_R_ADDING_OBJECT 171
+#define ASN1_R_ASN1_PARSE_ERROR 198
+#define ASN1_R_ASN1_SIG_PARSE_ERROR 199
+#define ASN1_R_AUX_ERROR 100
+#define ASN1_R_BAD_CLASS 101
+#define ASN1_R_BAD_OBJECT_HEADER 102
+#define ASN1_R_BAD_PASSWORD_READ 103
+#define ASN1_R_BAD_TAG 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
+#define ASN1_R_BN_LIB 105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
+#define ASN1_R_BUFFER_TOO_SMALL 107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
+#define ASN1_R_DATA_IS_WRONG 109
+#define ASN1_R_DECODE_ERROR 110
+#define ASN1_R_DECODING_ERROR 111
+#define ASN1_R_DEPTH_EXCEEDED 174
+#define ASN1_R_ENCODE_ERROR 112
+#define ASN1_R_ERROR_GETTING_TIME 173
+#define ASN1_R_ERROR_LOADING_SECTION 172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
+#define ASN1_R_EXPECTING_AN_INTEGER 115
+#define ASN1_R_EXPECTING_AN_OBJECT 116
+#define ASN1_R_EXPECTING_A_BOOLEAN 117
+#define ASN1_R_EXPECTING_A_TIME 118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
+#define ASN1_R_FIELD_MISSING 121
+#define ASN1_R_FIRST_NUM_TOO_LARGE 122
+#define ASN1_R_HEADER_TOO_LONG 123
+#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175
+#define ASN1_R_ILLEGAL_BOOLEAN 176
+#define ASN1_R_ILLEGAL_CHARACTERS 124
+#define ASN1_R_ILLEGAL_FORMAT 177
+#define ASN1_R_ILLEGAL_HEX 178
+#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179
+#define ASN1_R_ILLEGAL_INTEGER 180
+#define ASN1_R_ILLEGAL_NESTED_TAGGING 181
+#define ASN1_R_ILLEGAL_NULL 125
+#define ASN1_R_ILLEGAL_NULL_VALUE 182
+#define ASN1_R_ILLEGAL_OBJECT 183
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170
+#define ASN1_R_ILLEGAL_TAGGED_ANY 127
+#define ASN1_R_ILLEGAL_TIME_VALUE 184
+#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
+#define ASN1_R_INVALID_DIGIT 130
+#define ASN1_R_INVALID_MIME_TYPE 200
+#define ASN1_R_INVALID_MODIFIER 186
+#define ASN1_R_INVALID_NUMBER 187
+#define ASN1_R_INVALID_OBJECT_ENCODING 212
+#define ASN1_R_INVALID_SEPARATOR 131
+#define ASN1_R_INVALID_TIME_FORMAT 132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
+#define ASN1_R_INVALID_UTF8STRING 134
+#define ASN1_R_IV_TOO_LARGE 135
+#define ASN1_R_LENGTH_ERROR 136
+#define ASN1_R_LIST_ERROR 188
+#define ASN1_R_MIME_NO_CONTENT_TYPE 201
+#define ASN1_R_MIME_PARSE_ERROR 202
+#define ASN1_R_MIME_SIG_PARSE_ERROR 203
+#define ASN1_R_MISSING_EOC 137
+#define ASN1_R_MISSING_SECOND_NUMBER 138
+#define ASN1_R_MISSING_VALUE 189
+#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
+#define ASN1_R_MSTRING_WRONG_TAG 140
+#define ASN1_R_NESTED_ASN1_STRING 197
+#define ASN1_R_NON_HEX_CHARACTERS 141
+#define ASN1_R_NOT_ASCII_FORMAT 190
+#define ASN1_R_NOT_ENOUGH_DATA 142
+#define ASN1_R_NO_CONTENT_TYPE 204
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
+#define ASN1_R_NO_MULTIPART_BOUNDARY 206
+#define ASN1_R_NO_SIG_CONTENT_TYPE 207
+#define ASN1_R_NULL_IS_WRONG_LENGTH 144
+#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
+#define ASN1_R_ODD_NUMBER_OF_CHARS 145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
+#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
+#define ASN1_R_SHORT_LINE 150
+#define ASN1_R_SIG_INVALID_MIME_TYPE 208
+#define ASN1_R_STREAMING_NOT_SUPPORTED 209
+#define ASN1_R_STRING_TOO_LONG 151
+#define ASN1_R_STRING_TOO_SHORT 152
+#define ASN1_R_TAG_VALUE_TOO_HIGH 153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
+#define ASN1_R_TOO_LONG 155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
+#define ASN1_R_UNEXPECTED_EOC 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
+#define ASN1_R_UNKNOWN_FORMAT 160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
+#define ASN1_R_UNKNOWN_TAG 194
+#define ASN1_R_UNKOWN_FORMAT 195
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
+#define ASN1_R_UNSUPPORTED_CIPHER 165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
+#define ASN1_R_UNSUPPORTED_TYPE 196
+#define ASN1_R_WRONG_TAG 168
+#define ASN1_R_WRONG_TYPE 169
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,318 @@
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
+static ERR_STRING_DATA ASN1_str_functs[]=
+ {
+{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
+{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
+{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
+{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
+{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
+{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
+{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
+{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
+{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
+{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
+{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
+{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
+{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
+{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
+{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
+{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
+{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
+{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
+{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
+{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
+{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
+{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
+{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA ASN1_str_reasons[]=
+ {
+{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
+{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
+{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
+{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
+{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
+{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
+{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
+{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
+{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
+{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
+{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"},
+{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
+{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
+{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
+{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
+{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
+{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
+{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
+{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
+{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
+{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
+{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
+{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
+{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"},
+{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
+{ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"},
+{ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"},
+{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
+{ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"},
+{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"},
+{ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
+{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
+{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
+{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
+{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
+{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
+{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
+{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
+{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
+{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
+{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
+{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
+{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
+{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"},
+{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
+{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
+{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
+{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"},
+{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"},
+{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
+{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
+{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
+{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
+{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
+{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
+{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
+{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
+{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
+{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
+{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
+{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
+{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
+{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
+{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
+{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
+{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
+{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
+{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_ASN1_strings(void)
+ {
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
+ {
+ ERR_load_strings(0,ASN1_str_functs);
+ ERR_load_strings(0,ASN1_str_reasons);
+ }
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,855 @@
+/* asn1_gen.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG 0x10000
+#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX 20
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII 1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8 2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX 3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+
+struct tag_name_st
+ {
+ const char *strnam;
+ int len;
+ int tag;
+ };
+
+typedef struct
+ {
+ int exp_tag;
+ int exp_class;
+ int exp_constructed;
+ int exp_pad;
+ long exp_len;
+ } tag_exp_type;
+
+typedef struct
+ {
+ int imp_tag;
+ int imp_class;
+ int utype;
+ int format;
+ const char *str;
+ tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+ int exp_count;
+ } tag_exp_arg;
+
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+ {
+ X509V3_CTX cnf;
+
+ if (!nconf)
+ return ASN1_generate_v3(str, NULL);
+
+ X509V3_set_nconf(&cnf, nconf);
+ return ASN1_generate_v3(str, &cnf);
+ }
+
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+ {
+ ASN1_TYPE *ret;
+ tag_exp_arg asn1_tags;
+ tag_exp_type *etmp;
+
+ int i, len;
+
+ unsigned char *orig_der = NULL, *new_der = NULL;
+ const unsigned char *cpy_start;
+ unsigned char *p;
+ const unsigned char *cp;
+ int cpy_len;
+ long hdr_len;
+ int hdr_constructed = 0, hdr_tag, hdr_class;
+ int r;
+
+ asn1_tags.imp_tag = -1;
+ asn1_tags.imp_class = -1;
+ asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+ asn1_tags.exp_count = 0;
+ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+ return NULL;
+
+ if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
+ {
+ if (!cnf)
+ {
+ ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+ return NULL;
+ }
+ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+ }
+ else
+ ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+ if (!ret)
+ return NULL;
+
+ /* If no tagging return base type */
+ if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+ return ret;
+
+ /* Generate the encoding */
+ cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+ ASN1_TYPE_free(ret);
+ ret = NULL;
+ /* Set point to start copying for modified encoding */
+ cpy_start = orig_der;
+
+ /* Do we need IMPLICIT tagging? */
+ if (asn1_tags.imp_tag != -1)
+ {
+ /* If IMPLICIT we will replace the underlying tag */
+ /* Skip existing tag+len */
+ r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
+ if (r & 0x80)
+ goto err;
+ /* Update copy length */
+ cpy_len -= cpy_start - orig_der;
+ /* For IMPLICIT tagging the length should match the
+ * original length and constructed flag should be
+ * consistent.
+ */
+ if (r & 0x1)
+ {
+ /* Indefinite length constructed */
+ hdr_constructed = 2;
+ hdr_len = 0;
+ }
+ else
+ /* Just retain constructed flag */
+ hdr_constructed = r & V_ASN1_CONSTRUCTED;
+ /* Work out new length with IMPLICIT tag: ignore constructed
+ * because it will mess up if indefinite length
+ */
+ len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+ }
+ else
+ len = cpy_len;
+
+ /* Work out length in any EXPLICIT, starting from end */
+
+ for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
+ {
+ /* Content length: number of content octets + any padding */
+ len += etmp->exp_pad;
+ etmp->exp_len = len;
+ /* Total object length: length including new header */
+ len = ASN1_object_size(0, len, etmp->exp_tag);
+ }
+
+ /* Allocate buffer for new encoding */
+
+ new_der = OPENSSL_malloc(len);
+ if (!new_der)
+ goto err;
+
+ /* Generate tagged encoding */
+
+ p = new_der;
+
+ /* Output explicit tags first */
+
+ for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
+ {
+ ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+ etmp->exp_tag, etmp->exp_class);
+ if (etmp->exp_pad)
+ *p++ = 0;
+ }
+
+ /* If IMPLICIT, output tag */
+
+ if (asn1_tags.imp_tag != -1)
+ ASN1_put_object(&p, hdr_constructed, hdr_len,
+ asn1_tags.imp_tag, asn1_tags.imp_class);
+
+ /* Copy across original encoding */
+ memcpy(p, cpy_start, cpy_len);
+
+ cp = new_der;
+
+ /* Obtain new ASN1_TYPE structure */
+ ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+ if (orig_der)
+ OPENSSL_free(orig_der);
+ if (new_der)
+ OPENSSL_free(new_der);
+
+ return ret;
+
+ }
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+ {
+ tag_exp_arg *arg = bitstr;
+ int i;
+ int utype;
+ int vlen = 0;
+ const char *p, *vstart = NULL;
+
+ int tmp_tag, tmp_class;
+
+ for(i = 0, p = elem; i < len; p++, i++)
+ {
+ /* Look for the ':' in name value pairs */
+ if (*p == ':')
+ {
+ vstart = p + 1;
+ vlen = len - (vstart - elem);
+ len = p - elem;
+ break;
+ }
+ }
+
+ utype = asn1_str2tag(elem, len);
+
+ if (utype == -1)
+ {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+ ERR_add_error_data(2, "tag=", elem);
+ return -1;
+ }
+
+ /* If this is not a modifier mark end of string and exit */
+ if (!(utype & ASN1_GEN_FLAG))
+ {
+ arg->utype = utype;
+ arg->str = vstart;
+ /* If no value and not end of string, error */
+ if (!vstart && elem[len])
+ {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+ return -1;
+ }
+ return 0;
+ }
+
+ switch(utype)
+ {
+
+ case ASN1_GEN_FLAG_IMP:
+ /* Check for illegal multiple IMPLICIT tagging */
+ if (arg->imp_tag != -1)
+ {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+ return -1;
+ }
+ if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_EXP:
+
+ if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+ return -1;
+ if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_SEQWRAP:
+ if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_SETWRAP:
+ if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_BITWRAP:
+ if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_OCTWRAP:
+ if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_FORMAT:
+ if (!strncmp(vstart, "ASCII", 5))
+ arg->format = ASN1_GEN_FORMAT_ASCII;
+ else if (!strncmp(vstart, "UTF8", 4))
+ arg->format = ASN1_GEN_FORMAT_UTF8;
+ else if (!strncmp(vstart, "HEX", 3))
+ arg->format = ASN1_GEN_FORMAT_HEX;
+ else if (!strncmp(vstart, "BITLIST", 3))
+ arg->format = ASN1_GEN_FORMAT_BITLIST;
+ else
+ {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+ return -1;
+ }
+ break;
+
+ }
+
+ return 1;
+
+ }
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+ {
+ char erch[2];
+ long tag_num;
+ char *eptr;
+ if (!vstart)
+ return 0;
+ tag_num = strtoul(vstart, &eptr, 10);
+ /* Check we haven't gone past max length: should be impossible */
+ if (eptr && *eptr && (eptr > vstart + vlen))
+ return 0;
+ if (tag_num < 0)
+ {
+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+ return 0;
+ }
+ *ptag = tag_num;
+ /* If we have non numeric characters, parse them */
+ if (eptr)
+ vlen -= eptr - vstart;
+ else
+ vlen = 0;
+ if (vlen)
+ {
+ switch (*eptr)
+ {
+
+ case 'U':
+ *pclass = V_ASN1_UNIVERSAL;
+ break;
+
+ case 'A':
+ *pclass = V_ASN1_APPLICATION;
+ break;
+
+ case 'P':
+ *pclass = V_ASN1_PRIVATE;
+ break;
+
+ case 'C':
+ *pclass = V_ASN1_CONTEXT_SPECIFIC;
+ break;
+
+ default:
+ erch[0] = *eptr;
+ erch[1] = 0;
+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+ ERR_add_error_data(2, "Char=", erch);
+ return 0;
+ break;
+
+ }
+ }
+ else
+ *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+ return 1;
+
+ }
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+ {
+ ASN1_TYPE *ret = NULL, *typ = NULL;
+ STACK_OF(ASN1_TYPE) *sk = NULL;
+ STACK_OF(CONF_VALUE) *sect = NULL;
+ unsigned char *der = NULL, *p;
+ int derlen;
+ int i, is_set;
+ sk = sk_ASN1_TYPE_new_null();
+ if (!sk)
+ goto bad;
+ if (section)
+ {
+ if (!cnf)
+ goto bad;
+ sect = X509V3_get_section(cnf, (char *)section);
+ if (!sect)
+ goto bad;
+ for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
+ {
+ typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+ if (!typ)
+ goto bad;
+ if (!sk_ASN1_TYPE_push(sk, typ))
+ goto bad;
+ typ = NULL;
+ }
+ }
+
+ /* Now we has a STACK of the components, convert to the correct form */
+
+ if (utype == V_ASN1_SET)
+ is_set = 1;
+ else
+ is_set = 0;
+
+
+ derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
+ V_ASN1_UNIVERSAL, is_set);
+ der = OPENSSL_malloc(derlen);
+ if (!der)
+ goto bad;
+ p = der;
+ i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
+ V_ASN1_UNIVERSAL, is_set);
+
+ if (!(ret = ASN1_TYPE_new()))
+ goto bad;
+
+ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+ goto bad;
+
+ ret->type = utype;
+
+ ret->value.asn1_string->data = der;
+ ret->value.asn1_string->length = derlen;
+
+ der = NULL;
+
+ bad:
+
+ if (der)
+ OPENSSL_free(der);
+
+ if (sk)
+ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+ if (typ)
+ ASN1_TYPE_free(typ);
+ if (sect)
+ X509V3_section_free(cnf, sect);
+
+ return ret;
+ }
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
+ {
+ tag_exp_type *exp_tmp;
+ /* Can only have IMPLICIT if permitted */
+ if ((arg->imp_tag != -1) && !imp_ok)
+ {
+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+ return 0;
+ }
+
+ if (arg->exp_count == ASN1_FLAG_EXP_MAX)
+ {
+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+ return 0;
+ }
+
+ exp_tmp = &arg->exp_list[arg->exp_count++];
+
+ /* If IMPLICIT set tag to implicit value then
+ * reset implicit tag since it has been used.
+ */
+ if (arg->imp_tag != -1)
+ {
+ exp_tmp->exp_tag = arg->imp_tag;
+ exp_tmp->exp_class = arg->imp_class;
+ arg->imp_tag = -1;
+ arg->imp_class = -1;
+ }
+ else
+ {
+ exp_tmp->exp_tag = exp_tag;
+ exp_tmp->exp_class = exp_class;
+ }
+ exp_tmp->exp_constructed = exp_constructed;
+ exp_tmp->exp_pad = exp_pad;
+
+ return 1;
+ }
+
+
+static int asn1_str2tag(const char *tagstr, int len)
+ {
+ unsigned int i;
+ static struct tag_name_st *tntmp, tnst [] = {
+ ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+ ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+ ASN1_GEN_STR("NULL", V_ASN1_NULL),
+ ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+ ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+ ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+ ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+ ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+ ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+ ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+ ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+ ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+ ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+ ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+ ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+ ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+ ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+ ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+ ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+ ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+ ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+ ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+ ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+ ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+ ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+ ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+ ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+ ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+ ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+ ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+ ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+ ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+ ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+ ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+
+ /* Special cases */
+ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+ ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+ ASN1_GEN_STR("SET", V_ASN1_SET),
+ /* type modifiers */
+ /* Explicit tag */
+ ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+ ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+ /* Implicit tag */
+ ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+ ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+ /* OCTET STRING wrapper */
+ ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+ /* SEQUENCE wrapper */
+ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+ /* SET wrapper */
+ ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+ /* BIT STRING wrapper */
+ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+ ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+ ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+ };
+
+ if (len == -1)
+ len = strlen(tagstr);
+
+ tntmp = tnst;
+ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
+ {
+ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+ return tntmp->tag;
+ }
+
+ return -1;
+ }
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+ {
+ ASN1_TYPE *atmp = NULL;
+
+ CONF_VALUE vtmp;
+
+ unsigned char *rdata;
+ long rdlen;
+
+ int no_unused = 1;
+
+ if (!(atmp = ASN1_TYPE_new()))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!str)
+ str = "";
+
+ switch(utype)
+ {
+
+ case V_ASN1_NULL:
+ if (str && *str)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+ goto bad_form;
+ }
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (format != ASN1_GEN_FORMAT_ASCII)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ vtmp.name = NULL;
+ vtmp.section = NULL;
+ vtmp.value = (char *)str;
+ if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_ENUMERATED:
+ if (format != ASN1_GEN_FORMAT_ASCII)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_OBJECT:
+ if (format != ASN1_GEN_FORMAT_ASCII)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ if (format != ASN1_GEN_FORMAT_ASCII)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+ if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+ atmp->value.asn1_string->type = utype;
+ if (!ASN1_TIME_check(atmp->value.asn1_string))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+ goto bad_str;
+ }
+
+ break;
+
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_GENERALSTRING:
+
+ if (format == ASN1_GEN_FORMAT_ASCII)
+ format = MBSTRING_ASC;
+ else if (format == ASN1_GEN_FORMAT_UTF8)
+ format = MBSTRING_UTF8;
+ else
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+ goto bad_form;
+ }
+
+
+ if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+ -1, format, ASN1_tag2bit(utype)) <= 0)
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+
+
+ break;
+
+ case V_ASN1_BIT_STRING:
+
+ case V_ASN1_OCTET_STRING:
+
+ if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_form;
+ }
+
+ if (format == ASN1_GEN_FORMAT_HEX)
+ {
+
+ if (!(rdata = string_to_hex((char *)str, &rdlen)))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+ goto bad_str;
+ }
+
+ atmp->value.asn1_string->data = rdata;
+ atmp->value.asn1_string->length = rdlen;
+ atmp->value.asn1_string->type = utype;
+
+ }
+ else if (format == ASN1_GEN_FORMAT_ASCII)
+ ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+ else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
+ {
+ if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+ goto bad_str;
+ }
+ no_unused = 0;
+
+ }
+ else
+ {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+ goto bad_form;
+ }
+
+ if ((utype == V_ASN1_BIT_STRING) && no_unused)
+ {
+ atmp->value.asn1_string->flags
+ &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ atmp->value.asn1_string->flags
+ |= ASN1_STRING_FLAG_BITS_LEFT;
+ }
+
+
+ break;
+
+ default:
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+ goto bad_str;
+ break;
+ }
+
+
+ atmp->type = utype;
+ return atmp;
+
+
+ bad_str:
+ ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+ ASN1_TYPE_free(atmp);
+ return NULL;
+
+ }
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+ {
+ long bitnum;
+ char *eptr;
+ if (!elem)
+ return 0;
+ bitnum = strtoul(elem, &eptr, 10);
+ if (eptr && *eptr && (eptr != elem + len))
+ return 0;
+ if (bitnum < 0)
+ {
+ ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+ return 0;
+ }
+ if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
+ {
+ ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,473 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+ {
+ /* If there is 0 or 1 byte left, the length check should pick
+ * things up */
+ if (len <= 0)
+ return(1);
+ else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+ {
+ (*p)+=2;
+ return(1);
+ }
+ return(0);
+ }
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+ {
+ return _asn1_check_infinite_end((const unsigned char **)p, len);
+ }
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+ {
+ return _asn1_check_infinite_end(p, len);
+ }
+
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ int *pclass, long omax)
+ {
+ int i,ret;
+ long l;
+ const unsigned char *p= *pp;
+ int tag,xclass,inf;
+ long max=omax;
+
+ if (!max) goto err;
+ ret=(*p&V_ASN1_CONSTRUCTED);
+ xclass=(*p&V_ASN1_PRIVATE);
+ i= *p&V_ASN1_PRIMITIVE_TAG;
+ if (i == V_ASN1_PRIMITIVE_TAG)
+ { /* high-tag */
+ p++;
+ if (--max == 0) goto err;
+ l=0;
+ while (*p&0x80)
+ {
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
+ }
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ tag=(int)l;
+ if (--max == 0) goto err;
+ }
+ else
+ {
+ tag=i;
+ p++;
+ if (--max == 0) goto err;
+ }
+ *ptag=tag;
+ *pclass=xclass;
+ if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
+ if (inf && !(ret & V_ASN1_CONSTRUCTED))
+ goto err;
+
+#if 0
+ fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
+ (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+ (int)(omax+ *pp));
+
+#endif
+ if (*plength > (omax - (p - *pp)))
+ {
+ ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+ /* Set this so that even if things are not long enough
+ * the values are set correctly */
+ ret|=0x80;
+ }
+ *pp=p;
+ return(ret|inf);
+err:
+ ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+ return(0x80);
+ }
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
+ {
+ const unsigned char *p= *pp;
+ unsigned long ret=0;
+ unsigned int i;
+
+ if (max-- < 1) return(0);
+ if (*p == 0x80)
+ {
+ *inf=1;
+ ret=0;
+ p++;
+ }
+ else
+ {
+ *inf=0;
+ i= *p&0x7f;
+ if (*(p++) & 0x80)
+ {
+ if (i > sizeof(long))
+ return 0;
+ if (max-- == 0) return(0);
+ while (i-- > 0)
+ {
+ ret<<=8L;
+ ret|= *(p++);
+ if (max-- == 0) return(0);
+ }
+ }
+ else
+ ret=i;
+ }
+ if (ret > LONG_MAX)
+ return 0;
+ *pp=p;
+ *rl=(long)ret;
+ return(1);
+ }
+
+/* class 0 is constructed
+ * constructed == 2 for indefinite length constructed */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+ int xclass)
+ {
+ unsigned char *p= *pp;
+ int i, ttag;
+
+ i=(constructed)?V_ASN1_CONSTRUCTED:0;
+ i|=(xclass&V_ASN1_PRIVATE);
+ if (tag < 31)
+ *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
+ else
+ {
+ *(p++)=i|V_ASN1_PRIMITIVE_TAG;
+ for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+ ttag = i;
+ while(i-- > 0)
+ {
+ p[i] = tag & 0x7f;
+ if(i != (ttag - 1)) p[i] |= 0x80;
+ tag >>= 7;
+ }
+ p += ttag;
+ }
+ if (constructed == 2)
+ *(p++)=0x80;
+ else
+ asn1_put_length(&p,length);
+ *pp=p;
+ }
+
+int ASN1_put_eoc(unsigned char **pp)
+ {
+ unsigned char *p = *pp;
+ *p++ = 0;
+ *p++ = 0;
+ *pp = p;
+ return 2;
+ }
+
+static void asn1_put_length(unsigned char **pp, int length)
+ {
+ unsigned char *p= *pp;
+ int i,l;
+ if (length <= 127)
+ *(p++)=(unsigned char)length;
+ else
+ {
+ l=length;
+ for (i=0; l > 0; i++)
+ l>>=8;
+ *(p++)=i|0x80;
+ l=i;
+ while (i-- > 0)
+ {
+ p[i]=length&0xff;
+ length>>=8;
+ }
+ p+=l;
+ }
+ *pp=p;
+ }
+
+int ASN1_object_size(int constructed, int length, int tag)
+ {
+ int ret;
+
+ ret=length;
+ ret++;
+ if (tag >= 31)
+ {
+ while (tag > 0)
+ {
+ tag>>=7;
+ ret++;
+ }
+ }
+ if (constructed == 2)
+ return ret + 3;
+ ret++;
+ if (length > 127)
+ {
+ while (length > 0)
+ {
+ length>>=8;
+ ret++;
+ }
+ }
+ return(ret);
+ }
+
+static int _asn1_Finish(ASN1_const_CTX *c)
+ {
+ if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+ {
+ if (!ASN1_const_check_infinite_end(&c->p,c->slen))
+ {
+ c->error=ERR_R_MISSING_ASN1_EOS;
+ return(0);
+ }
+ }
+ if ( ((c->slen != 0) && !(c->inf & 1)) ||
+ ((c->slen < 0) && (c->inf & 1)))
+ {
+ c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+ return(0);
+ }
+ return(1);
+ }
+
+int asn1_Finish(ASN1_CTX *c)
+ {
+ return _asn1_Finish((ASN1_const_CTX *)c);
+ }
+
+int asn1_const_Finish(ASN1_const_CTX *c)
+ {
+ return _asn1_Finish(c);
+ }
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length)
+ {
+ const unsigned char *q;
+
+ q=c->p;
+ c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+ *length);
+ if (c->inf & 0x80)
+ {
+ c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+ return(0);
+ }
+ if (c->tag != V_ASN1_SEQUENCE)
+ {
+ c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+ return(0);
+ }
+ (*length)-=(c->p-q);
+ if (c->max && (*length < 0))
+ {
+ c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+ return(0);
+ }
+ if (c->inf == (1|V_ASN1_CONSTRUCTED))
+ c->slen= *length+ *(c->pp)-c->p;
+ c->eos=0;
+ return(1);
+ }
+
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+ {
+ ASN1_STRING *ret;
+
+ if (str == NULL) return(NULL);
+ if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+ return(NULL);
+ if (!ASN1_STRING_set(ret,str->data,str->length))
+ {
+ ASN1_STRING_free(ret);
+ return(NULL);
+ }
+ ret->flags = str->flags;
+ return(ret);
+ }
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+ {
+ unsigned char *c;
+ const char *data=_data;
+
+ if (len < 0)
+ {
+ if (data == NULL)
+ return(0);
+ else
+ len=strlen(data);
+ }
+ if ((str->length < len) || (str->data == NULL))
+ {
+ c=str->data;
+ if (c == NULL)
+ str->data=OPENSSL_malloc(len+1);
+ else
+ str->data=OPENSSL_realloc(c,len+1);
+
+ if (str->data == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
+ str->data=c;
+ return(0);
+ }
+ }
+ str->length=len;
+ if (data != NULL)
+ {
+ memcpy(str->data,data,len);
+ /* an allowance for strings :-) */
+ str->data[len]='\0';
+ }
+ return(1);
+ }
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+ {
+ if (str->data)
+ OPENSSL_free(str->data);
+ str->data = data;
+ str->length = len;
+ }
+
+ASN1_STRING *ASN1_STRING_new(void)
+ {
+ return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+ }
+
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+ {
+ ASN1_STRING *ret;
+
+ ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->length=0;
+ ret->type=type;
+ ret->data=NULL;
+ ret->flags=0;
+ return(ret);
+ }
+
+void ASN1_STRING_free(ASN1_STRING *a)
+ {
+ if (a == NULL) return;
+ if (a->data != NULL) OPENSSL_free(a->data);
+ OPENSSL_free(a);
+ }
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+ {
+ int i;
+
+ i=(a->length-b->length);
+ if (i == 0)
+ {
+ i=memcmp(a->data,b->data,a->length);
+ if (i == 0)
+ return(a->type-b->type);
+ else
+ return(i);
+ }
+ else
+ return(i);
+ }
+
+void asn1_add_error(const unsigned char *address, int offset)
+ {
+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+
+ BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+ BIO_snprintf(buf2,sizeof buf2,"%d",offset);
+ ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+ }
+
+int ASN1_STRING_length(ASN1_STRING *x)
+{ return M_ASN1_STRING_length(x); }
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{ M_ASN1_STRING_length_set(x, len); return; }
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{ return M_ASN1_STRING_type(x); }
+
+unsigned char * ASN1_STRING_data(ASN1_STRING *x)
+{ return M_ASN1_STRING_data(x); }
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,571 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+
+#include <openssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef ASN1_MAC_ERR_LIB
+#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
+#endif
+
+#define ASN1_MAC_H_err(f,r,line) \
+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+
+#define M_ASN1_D2I_vars(a,type,func) \
+ ASN1_const_CTX c; \
+ type ret=NULL; \
+ \
+ c.pp=(const unsigned char **)pp; \
+ c.q= *(const unsigned char **)pp; \
+ c.error=ERR_R_NESTED_ASN1_ERROR; \
+ if ((a == NULL) || ((*a) == NULL)) \
+ { if ((ret=(type)func()) == NULL) \
+ { c.line=__LINE__; goto err; } } \
+ else ret=(*a);
+
+#define M_ASN1_D2I_Init() \
+ c.p= *(const unsigned char **)pp; \
+ c.max=(length == 0)?0:(c.p+length);
+
+#define M_ASN1_D2I_Finish_2(a) \
+ if (!asn1_const_Finish(&c)) \
+ { c.line=__LINE__; goto err; } \
+ *(const unsigned char **)pp=c.p; \
+ if (a != NULL) (*a)=ret; \
+ return(ret);
+
+#define M_ASN1_D2I_Finish(a,func,e) \
+ M_ASN1_D2I_Finish_2(a); \
+err:\
+ ASN1_MAC_H_err((e),c.error,c.line); \
+ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+ return(NULL)
+
+#define M_ASN1_D2I_start_sequence() \
+ if (!asn1_GetSequence(&c,&length)) \
+ { c.line=__LINE__; goto err; }
+/* Begin reading ASN1 without a surrounding sequence */
+#define M_ASN1_D2I_begin() \
+ c.slen = length;
+
+/* End reading ASN1 with no check on length */
+#define M_ASN1_D2I_Finish_nolen(a, func, e) \
+ *pp=c.p; \
+ if (a != NULL) (*a)=ret; \
+ return(ret); \
+err:\
+ ASN1_MAC_H_err((e),c.error,c.line); \
+ asn1_add_error(*pp,(int)(c.q- *pp)); \
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+ return(NULL)
+
+#define M_ASN1_D2I_end_sequence() \
+ (((c.inf&1) == 0)?(c.slen <= 0): \
+ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get(b, func) \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get_x(type,b,func) \
+ c.q=c.p; \
+ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+/* use this instead () */
+#define M_ASN1_D2I_get_int(b,func) \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) < 0) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_opt(b,func,type) \
+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+ == (V_ASN1_UNIVERSAL|(type)))) \
+ { \
+ M_ASN1_D2I_get(b,func); \
+ }
+
+#define M_ASN1_D2I_get_imp(b,func, type) \
+ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+ c.slen-=(c.p-c.q);\
+ M_ASN1_next_prev=_tmp;
+
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+ { \
+ unsigned char _tmp = M_ASN1_next; \
+ M_ASN1_D2I_get_imp(b,func, type);\
+ }
+
+#define M_ASN1_D2I_get_set(r,func,free_func) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func, \
+ V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+ V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+ { M_ASN1_D2I_get_set(r,func,free_func); }
+
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+ { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+#define M_ASN1_I2D_len_SET_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_len_SET(a,f);
+
+#define M_ASN1_I2D_put_SET_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SET(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+ if ((c.slen != 0) && \
+ (M_ASN1_next == \
+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+ { \
+ M_ASN1_D2I_get_imp_set(b,func,free_func,\
+ tag,V_ASN1_CONTEXT_SPECIFIC); \
+ }
+
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+ if ((c.slen != 0) && \
+ (M_ASN1_next == \
+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+ { \
+ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+ tag,V_ASN1_CONTEXT_SPECIFIC); \
+ }
+
+#define M_ASN1_D2I_get_seq(r,func,free_func) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func,\
+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+ { M_ASN1_D2I_get_seq(r,func,free_func); }
+
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func,\
+ x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+ x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+ (void (*)())free_func,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+ free_func,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+ if ((c.slen != 0L) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (func(&(r),&c.p,Tlen) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
+ if ((c.slen != 0) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+ (void (*)())free_func, \
+ b,V_ASN1_UNIVERSAL) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+ if ((c.slen != 0) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+ free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
+ { c.line=__LINE__; goto err2; }
+
+#define M_ASN1_New(arg,func) \
+ if (((arg)=func()) == NULL) return(NULL)
+
+#define M_ASN1_New_Error(a) \
+/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+ return(NULL);*/ \
+ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
+ return(NULL)
+
+
+/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately,
+ some macros that use ASN1_const_CTX still insist on writing in the input
+ stream. ARGH! ARGH! ARGH! Let's get rid of this macro package.
+ Please? -- Richard Levitte */
+#define M_ASN1_next (*((unsigned char *)(c.p)))
+#define M_ASN1_next_prev (*((unsigned char *)(c.q)))
+
+/*************************************************/
+
+#define M_ASN1_I2D_vars(a) int r=0,ret=0; \
+ unsigned char *p; \
+ if (a == NULL) return(0)
+
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f)
+
+#define M_ASN1_I2D_len_SET(a,f) \
+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+ V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+ V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+ if (a != NULL)\
+ { \
+ v=f(a,NULL); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+ V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f) f(a,&p)
+
+#define M_ASN1_I2D_put_IMP_opt(a,f,t) \
+ if (a != NULL) \
+ { \
+ unsigned char *q=p; \
+ f(a,&p); \
+ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+ }
+
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+ V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+ V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+ if (a != NULL) \
+ { \
+ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+ f(a,&p); \
+ }
+
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+ }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+ }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ }
+
+#define M_ASN1_I2D_seq_total() \
+ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+ if (pp == NULL) return(r); \
+ p= *pp; \
+ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+ *(p++)=0x80
+
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+#define M_ASN1_I2D_finish() *pp=p; \
+ return(r);
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length);
+void asn1_add_error(const unsigned char *address,int offset);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,444 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+ int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+ int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+ int indent)
+ {
+ static const char fmt[]="%-18s";
+ static const char fmt2[]="%2d %-15s";
+ char str[128];
+ const char *p,*p2=NULL;
+
+ if (constructed & V_ASN1_CONSTRUCTED)
+ p="cons: ";
+ else
+ p="prim: ";
+ if (BIO_write(bp,p,6) < 6) goto err;
+ BIO_indent(bp,indent,128);
+
+ p=str;
+ if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+ BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
+ else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+ BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
+ else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+ BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
+ else if (tag > 30)
+ BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
+ else
+ p = ASN1_tag2str(tag);
+
+ if (p2 != NULL)
+ {
+ if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+ }
+ else
+ {
+ if (BIO_printf(bp,fmt,p) <= 0) goto err;
+ }
+ return(1);
+err:
+ return(0);
+ }
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+ {
+ return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+ }
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
+ {
+ return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
+ }
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
+ int depth, int indent, int dump)
+ {
+ const unsigned char *p,*ep,*tot,*op,*opp;
+ long len;
+ int tag,xclass,ret=0;
+ int nl,hl,j,r;
+ ASN1_OBJECT *o=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+ /* ASN1_BMPSTRING *bmp=NULL;*/
+ int dump_indent;
+
+#if 0
+ dump_indent = indent;
+#else
+ dump_indent = 6; /* Because we know BIO_dump_indent() */
+#endif
+ p= *pp;
+ tot=p+length;
+ op=p-1;
+ while ((p < tot) && (op < p))
+ {
+ op=p;
+ j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+ j=j;
+#endif
+ if (j & 0x80)
+ {
+ if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+ goto end;
+ ret=0;
+ goto end;
+ }
+ hl=(p-op);
+ length-=hl;
+ /* if j == 0x21 it is a constructed indefinite length object */
+ if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+ <= 0) goto end;
+
+ if (j != (V_ASN1_CONSTRUCTED | 1))
+ {
+ if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+ depth,(long)hl,len) <= 0)
+ goto end;
+ }
+ else
+ {
+ if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ",
+ depth,(long)hl) <= 0)
+ goto end;
+ }
+ if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+ goto end;
+ if (j & V_ASN1_CONSTRUCTED)
+ {
+ ep=p+len;
+ if (BIO_write(bp,"\n",1) <= 0) goto end;
+ if (len > length)
+ {
+ BIO_printf(bp,
+ "length is greater than %ld\n",length);
+ ret=0;
+ goto end;
+ }
+ if ((j == 0x21) && (len == 0))
+ {
+ for (;;)
+ {
+ r=asn1_parse2(bp,&p,(long)(tot-p),
+ offset+(p - *pp),depth+1,
+ indent,dump);
+ if (r == 0) { ret=0; goto end; }
+ if ((r == 2) || (p >= tot)) break;
+ }
+ }
+ else
+ while (p < ep)
+ {
+ r=asn1_parse2(bp,&p,(long)len,
+ offset+(p - *pp),depth+1,
+ indent,dump);
+ if (r == 0) { ret=0; goto end; }
+ }
+ }
+ else if (xclass != 0)
+ {
+ p+=len;
+ if (BIO_write(bp,"\n",1) <= 0) goto end;
+ }
+ else
+ {
+ nl=0;
+ if ( (tag == V_ASN1_PRINTABLESTRING) ||
+ (tag == V_ASN1_T61STRING) ||
+ (tag == V_ASN1_IA5STRING) ||
+ (tag == V_ASN1_VISIBLESTRING) ||
+ (tag == V_ASN1_NUMERICSTRING) ||
+ (tag == V_ASN1_UTF8STRING) ||
+ (tag == V_ASN1_UTCTIME) ||
+ (tag == V_ASN1_GENERALIZEDTIME))
+ {
+ if (BIO_write(bp,":",1) <= 0) goto end;
+ if ((len > 0) &&
+ BIO_write(bp,(const char *)p,(int)len)
+ != (int)len)
+ goto end;
+ }
+ else if (tag == V_ASN1_OBJECT)
+ {
+ opp=op;
+ if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+ {
+ if (BIO_write(bp,":",1) <= 0) goto end;
+ i2a_ASN1_OBJECT(bp,o);
+ }
+ else
+ {
+ if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+ goto end;
+ }
+ }
+ else if (tag == V_ASN1_BOOLEAN)
+ {
+ int ii;
+
+ opp=op;
+ ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+ if (ii < 0)
+ {
+ if (BIO_write(bp,"Bad boolean\n",12) <= 0)
+ goto end;
+ }
+ BIO_printf(bp,":%d",ii);
+ }
+ else if (tag == V_ASN1_BMPSTRING)
+ {
+ /* do the BMP thang */
+ }
+ else if (tag == V_ASN1_OCTET_STRING)
+ {
+ int i,printable=1;
+
+ opp=op;
+ os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+ if (os != NULL && os->length > 0)
+ {
+ opp = os->data;
+ /* testing whether the octet string is
+ * printable */
+ for (i=0; i<os->length; i++)
+ {
+ if (( (opp[i] < ' ') &&
+ (opp[i] != '\n') &&
+ (opp[i] != '\r') &&
+ (opp[i] != '\t')) ||
+ (opp[i] > '~'))
+ {
+ printable=0;
+ break;
+ }
+ }
+ if (printable)
+ /* printable string */
+ {
+ if (BIO_write(bp,":",1) <= 0)
+ goto end;
+ if (BIO_write(bp,(const char *)opp,
+ os->length) <= 0)
+ goto end;
+ }
+ else if (!dump)
+ /* not printable => print octet string
+ * as hex dump */
+ {
+ if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
+ goto end;
+ for (i=0; i<os->length; i++)
+ {
+ if (BIO_printf(bp,"%02X"
+ , opp[i]) <= 0)
+ goto end;
+ }
+ }
+ else
+ /* print the normal dump */
+ {
+ if (!nl)
+ {
+ if (BIO_write(bp,"\n",1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp,
+ (const char *)opp,
+ ((dump == -1 || dump >
+ os->length)?os->length:dump),
+ dump_indent) <= 0)
+ goto end;
+ nl=1;
+ }
+ }
+ if (os != NULL)
+ {
+ M_ASN1_OCTET_STRING_free(os);
+ os=NULL;
+ }
+ }
+ else if (tag == V_ASN1_INTEGER)
+ {
+ ASN1_INTEGER *bs;
+ int i;
+
+ opp=op;
+ bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+ if (bs != NULL)
+ {
+ if (BIO_write(bp,":",1) <= 0) goto end;
+ if (bs->type == V_ASN1_NEG_INTEGER)
+ if (BIO_write(bp,"-",1) <= 0)
+ goto end;
+ for (i=0; i<bs->length; i++)
+ {
+ if (BIO_printf(bp,"%02X",
+ bs->data[i]) <= 0)
+ goto end;
+ }
+ if (bs->length == 0)
+ {
+ if (BIO_write(bp,"00",2) <= 0)
+ goto end;
+ }
+ }
+ else
+ {
+ if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+ goto end;
+ }
+ M_ASN1_INTEGER_free(bs);
+ }
+ else if (tag == V_ASN1_ENUMERATED)
+ {
+ ASN1_ENUMERATED *bs;
+ int i;
+
+ opp=op;
+ bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+ if (bs != NULL)
+ {
+ if (BIO_write(bp,":",1) <= 0) goto end;
+ if (bs->type == V_ASN1_NEG_ENUMERATED)
+ if (BIO_write(bp,"-",1) <= 0)
+ goto end;
+ for (i=0; i<bs->length; i++)
+ {
+ if (BIO_printf(bp,"%02X",
+ bs->data[i]) <= 0)
+ goto end;
+ }
+ if (bs->length == 0)
+ {
+ if (BIO_write(bp,"00",2) <= 0)
+ goto end;
+ }
+ }
+ else
+ {
+ if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+ goto end;
+ }
+ M_ASN1_ENUMERATED_free(bs);
+ }
+ else if (len > 0 && dump)
+ {
+ if (!nl)
+ {
+ if (BIO_write(bp,"\n",1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp,(const char *)p,
+ ((dump == -1 || dump > len)?len:dump),
+ dump_indent) <= 0)
+ goto end;
+ nl=1;
+ }
+
+ if (!nl)
+ {
+ if (BIO_write(bp,"\n",1) <= 0) goto end;
+ }
+ p+=len;
+ if ((tag == V_ASN1_EOC) && (xclass == 0))
+ {
+ ret=2; /* End of sequence */
+ goto end;
+ }
+ }
+ length-=len;
+ }
+ ret=1;
+end:
+ if (o != NULL) ASN1_OBJECT_free(o);
+ if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+ *pp=p;
+ return(ret);
+ }
+
+const char *ASN1_tag2str(int tag)
+{
+ static const char *tag2str[] = {
+ "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
+ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
+ "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", /* 10-13 */
+ "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", /* 15-17 */
+ "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */
+ "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
+ "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */
+ "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING" /* 28-30 */
+ };
+
+ if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+ tag &= ~0x100;
+
+ if(tag < 0 || tag > 30) return "(unknown)";
+ return tag2str[tag];
+}
+
Added: vendor-crypto/openssl/dist/crypto/asn1/asn1t.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1t.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1t.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,893 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+ OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+ };
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+ const ASN1_ITEM * itname##_it(void) \
+ { \
+ static const ASN1_ITEM local_it = {
+
+#define ASN1_ITEM_end(itname) \
+ }; \
+ return &local_it; \
+ }
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+ static const ASN1_TEMPLATE tname##_item_tt
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_PRIMITIVE,\
+ -1,\
+ &tname##_item_tt,\
+ 0,\
+ NULL,\
+ 0,\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ * ASN1_SEQUENCE(stname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END(stname)
+ *
+ * This will produce an ASN1_ITEM called stname_it
+ * for a structure called stname.
+ *
+ * If you want the same structure but a different
+ * name then use:
+ *
+ * ASN1_SEQUENCE(itname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ * This will create an item called itname_it using
+ * a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+ static const ASN1_TEMPLATE tname##_seq_tt[]
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+#define ASN1_NDEF_SEQUENCE(tname) \
+ ASN1_SEQUENCE(tname)
+
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+ ASN1_SEQUENCE_cb(tname, cb)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+ ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+ ASN1_SEQUENCE(tname)
+
+#define ASN1_NDEF_SEQUENCE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(tname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ * ASN1_CHOICE(chname) = {
+ * ... CHOICE options ...
+ * ASN1_CHOICE_END(chname)
+ *
+ * This will produce an ASN1_ITEM called chname_it
+ * for a structure called chname. The structure
+ * definition must look like this:
+ * typedef struct {
+ * int type;
+ * union {
+ * ASN1_SOMETHING *opt1;
+ * ASN1_SOMEOTHER *opt2;
+ * } value;
+ * } chname;
+ *
+ * the name of the selector must be 'type'.
+ * to use an alternative selector name use the
+ * ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+ static const ASN1_TEMPLATE tname##_ch_tt[]
+
+#define ASN1_CHOICE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+ (flags), (tag), 0,\
+ #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+ (flags), (tag), offsetof(stname, field),\
+ #field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+#define ASN1_NDEF_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+ static const ASN1_ADB_TABLE name##_adbtbl[]
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+ ;\
+ static const ASN1_ADB name##_adb = {\
+ flags,\
+ offsetof(name, field),\
+ app_table,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+ ;\
+ static const ASN1_ITEM *name##_adb(void) \
+ { \
+ static const ASN1_ADB internal_adb = \
+ {\
+ flags,\
+ offsetof(name, field),\
+ app_table,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }; \
+ return (const ASN1_ITEM *) &internal_adb; \
+ } \
+ void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+ static const ASN1_TEMPLATE name##_tt
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags; /* Various flags */
+long tag; /* tag, not used if no tagging */
+unsigned long offset; /* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+const char *field_name; /* Field name */
+#endif
+ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+ unsigned long flags; /* Various flags */
+ unsigned long offset; /* Offset of selector field */
+ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+ const ASN1_ADB_TABLE *tbl; /* Table of possible types */
+ long tblcount; /* Number of entries in tbl */
+ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+ long value; /* NID for an object or value for an int */
+ const ASN1_TEMPLATE tt; /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL (0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK (0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG (0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG (0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK (0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */
+#define ASN1_TFLG_UNIVERSAL (0x0<<6)
+/* Application tag */
+#define ASN1_TFLG_APPLICATION (0x1<<6)
+/* Context specific tag */
+#define ASN1_TFLG_CONTEXT (0x2<<6)
+/* Private tag */
+#define ASN1_TFLG_PRIVATE (0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS (0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK (0x3<<8)
+
+#define ASN1_TFLG_ADB_OID (0x1<<8)
+
+#define ASN1_TFLG_ADB_INT (0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE (0x1<<10)
+
+/* This flag when present in a SEQUENCE OF, SET OF
+ * or EXPLICIT causes indefinite length constructed
+ * encoding to be used if required.
+ */
+
+#define ASN1_TFLG_NDEF (0x1<<11)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype; /* underlying type */
+const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
+long tcount; /* Number of templates if SEQUENCE or CHOICE */
+const void *funcs; /* functions that handle this type */
+long size; /* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname; /* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE 0x0
+
+#define ASN1_ITYPE_SEQUENCE 0x1
+
+#define ASN1_ITYPE_CHOICE 0x2
+
+#define ASN1_ITYPE_COMPAT 0x3
+
+#define ASN1_ITYPE_EXTERN 0x4
+
+#define ASN1_ITYPE_MSTRING 0x5
+
+#define ASN1_ITYPE_NDEF_SEQUENCE 0x6
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+ char valid; /* Values below are valid */
+ int ret; /* return value */
+ long plen; /* length */
+ int ptag; /* class value */
+ int pclass; /* class value */
+ int hdrlen; /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+ ASN1_new_func *asn1_new;
+ ASN1_free_func *asn1_free;
+ ASN1_d2i_func *asn1_d2i;
+ ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+ void *app_data;
+ ASN1_ex_new_func *asn1_ex_new;
+ ASN1_ex_free_func *asn1_ex_free;
+ ASN1_ex_free_func *asn1_ex_clear;
+ ASN1_ex_d2i *asn1_ex_d2i;
+ ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+ void *app_data;
+ unsigned long flags;
+ ASN1_ex_new_func *prim_new;
+ ASN1_ex_free_func *prim_free;
+ ASN1_ex_free_func *prim_clear;
+ ASN1_primitive_c2i *prim_c2i;
+ ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+ void *app_data;
+ int flags;
+ int ref_offset; /* Offset of reference value */
+ int ref_lock; /* Lock type to use */
+ ASN1_aux_cb *asn1_cb;
+ int enc_offset; /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT 1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING 2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN 4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE 0
+#define ASN1_OP_NEW_POST 1
+#define ASN1_OP_FREE_PRE 2
+#define ASN1_OP_FREE_POST 3
+#define ASN1_OP_D2I_PRE 4
+#define ASN1_OP_D2I_POST 5
+#define ASN1_OP_I2D_PRE 6
+#define ASN1_OP_I2D_POST 7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+ ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+ ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+ static const ASN1_COMPAT_FUNCS sname##_ff = { \
+ (ASN1_new_func *)sname##_new, \
+ (ASN1_free_func *)sname##_free, \
+ (ASN1_d2i_func *)d2i_##sname, \
+ (ASN1_i2d_func *)i2d_##sname, \
+ }; \
+ ASN1_ITEM_start(sname) \
+ ASN1_ITYPE_COMPAT, \
+ tag, \
+ NULL, \
+ 0, \
+ &sname##_ff, \
+ 0, \
+ #sname \
+ ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+ ASN1_ITEM_start(sname) \
+ ASN1_ITYPE_EXTERN, \
+ tag, \
+ NULL, \
+ 0, \
+ &fptrs, \
+ 0, \
+ #sname \
+ ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+ stname *fname##_new(void) \
+ { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ void fname##_free(stname *a) \
+ { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+ }
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(const stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+ stname * stname##_dup(stname *x) \
+ { \
+ return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+ }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,881 @@
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+ const ASN1_ITEM *it)
+ {
+ BIO *b64;
+ int r;
+ b64 = BIO_new(BIO_f_base64());
+ if(!b64)
+ {
+ ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* prepend the b64 BIO so all data is base64 encoded.
+ */
+ out = BIO_push(b64, out);
+ r = ASN1_item_i2d_bio(it, out, val);
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(b64);
+ return r;
+ }
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+ BIO *b64;
+ ASN1_VALUE *val;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ val = ASN1_item_d2i_bio(it, bio, NULL);
+ if(!val)
+ ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
+ (void)BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+ {
+ int i, have_unknown = 0, write_comma, md_nid;
+ have_unknown = 0;
+ write_comma = 0;
+ for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
+ {
+ if (write_comma)
+ BIO_write(out, ",", 1);
+ write_comma = 1;
+ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+ switch(md_nid)
+ {
+ case NID_sha1:
+ BIO_puts(out, "sha1");
+ break;
+
+ case NID_md5:
+ BIO_puts(out, "md5");
+ break;
+
+ case NID_sha256:
+ BIO_puts(out, "sha-256");
+ break;
+
+ case NID_sha384:
+ BIO_puts(out, "sha-384");
+ break;
+
+ case NID_sha512:
+ BIO_puts(out, "sha-512");
+ break;
+
+ default:
+ if (have_unknown)
+ write_comma = 0;
+ else
+ {
+ BIO_puts(out, "unknown");
+ have_unknown = 1;
+ }
+ break;
+
+ }
+ }
+
+ return 1;
+
+ }
+
+/* SMIME sender */
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn *data_fn,
+ const ASN1_ITEM *it)
+{
+ char bound[33], c;
+ int i;
+ const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+ const char *msg_type=NULL;
+ if (flags & SMIME_OLDMIME)
+ mime_prefix = "application/x-pkcs7-";
+ else
+ mime_prefix = "application/pkcs7-";
+
+ if (flags & SMIME_CRLFEOL)
+ mime_eol = "\r\n";
+ else
+ mime_eol = "\n";
+ if((flags & SMIME_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_pseudo_bytes((unsigned char *)bound, 32);
+ for(i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if(c < 10) c += '0';
+ else c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Type: multipart/signed;");
+ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+ BIO_puts(bio, " micalg=\"");
+ asn1_write_micalg(bio, mdalgs);
+ BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+ bound, mime_eol, mime_eol);
+ BIO_printf(bio, "This is an S/MIME signed message%s%s",
+ mime_eol, mime_eol);
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s%s", bound, mime_eol);
+ if (!data_fn(bio, data, val, flags, it))
+ return 0;
+ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+ mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+ mime_eol, mime_eol);
+ B64_write_ASN1(bio, val, NULL, 0, it);
+ BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+ mime_eol, mime_eol);
+ return 1;
+ }
+
+ /* Determine smime-type header */
+
+ if (ctype_nid == NID_pkcs7_enveloped)
+ msg_type = "enveloped-data";
+ else if (ctype_nid == NID_pkcs7_signed)
+ {
+ if (econt_nid == NID_id_smime_ct_receipt)
+ msg_type = "signed-receipt";
+ else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+ msg_type = "signed-data";
+ else
+ msg_type = "certs-only";
+ }
+ else if (ctype_nid == NID_id_smime_ct_compressedData)
+ {
+ msg_type = "compressed-data";
+ cname = "smime.p7z";
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ if (msg_type)
+ BIO_printf(bio, " smime-type=%s;", msg_type);
+ BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+ mime_eol, mime_eol);
+ if (!B64_write_ASN1(bio, val, data, flags, it))
+ return 0;
+ BIO_printf(bio, "%s", mime_eol);
+ return 1;
+}
+
+#if 0
+
+/* Handle output of ASN1 data */
+
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+ {
+ BIO *tmpbio;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_STREAM_ARG sarg;
+
+ if (!(flags & SMIME_DETACHED))
+ {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ if (!aux || !aux->asn1_cb)
+ {
+ ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
+ ASN1_R_STREAMING_NOT_SUPPORTED);
+ return 0;
+ }
+
+ sarg.out = out;
+ sarg.ndef_bio = NULL;
+ sarg.boundary = NULL;
+
+ /* Let ASN1 code prepend any needed BIOs */
+
+ if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+ /* Finalize structure */
+ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (sarg.ndef_bio != out)
+ {
+ tmpbio = BIO_pop(sarg.ndef_bio);
+ BIO_free(sarg.ndef_bio);
+ sarg.ndef_bio = tmpbio;
+ }
+
+ return 1;
+
+ }
+
+#endif
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+ BIO *asnin;
+ STACK_OF(MIME_HEADER) *headers = NULL;
+ STACK_OF(BIO) *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ ASN1_VALUE *val;
+ int ret;
+
+ if(bcont) *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if(!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if(!prm || !prm->param_value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ if(!ret || (sk_BIO_num(parts) != 2) ) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ asnin = sk_BIO_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(asnin))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+ !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ /* Read in ASN1 */
+ if(!(val = b64_read_asn1(asnin, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ if(bcont) {
+ *bcont = sk_BIO_value(parts, 0);
+ BIO_free(asnin);
+ sk_BIO_free(parts);
+ } else sk_BIO_pop_free(parts, BIO_vfree);
+ return val;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+ strcmp (hdr->value, "application/pkcs7-mime")) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+ if(!(val = b64_read_asn1(bio, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+ return NULL;
+ }
+ return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ BIO *bf;
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ /* Buffer output so we don't write one line at a time. This is
+ * useful when streaming as we don't end up with one OCTET STRING
+ * per line.
+ */
+ bf = BIO_new(BIO_f_buffer());
+ if (!bf)
+ return 0;
+ out = BIO_push(bf, out);
+ if(flags & SMIME_BINARY)
+ {
+ while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ }
+ else
+ {
+ if(flags & SMIME_TEXT)
+ BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
+ {
+ eol = strip_eol(linebuf, &len);
+ if (len)
+ BIO_write(out, linebuf, len);
+ if(eol) BIO_write(out, "\r\n", 2);
+ }
+ }
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(bf);
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK_OF(MIME_HEADER) *headers;
+ MIME_HEADER *hdr;
+
+ if (!(headers = mime_parse_hdr(in))) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp (hdr->value, "text/plain")) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ if (len < 0)
+ return 0;
+ return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ int eol = 0, next_eol = 0;
+ BIO *bpart = NULL;
+ STACK_OF(BIO) *parts;
+ char state, part, first;
+
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_BIO_new_null();
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if(state == 1) {
+ first = 1;
+ part++;
+ } else if(state == 2) {
+ sk_BIO_push(parts, bpart);
+ return 1;
+ } else if(part) {
+ /* Strip CR+LF from linebuf */
+ next_eol = strip_eol(linebuf, &len);
+ if(first) {
+ first = 0;
+ if(bpart) sk_BIO_push(parts, bpart);
+ bpart = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(bpart, 0);
+ } else if (eol)
+ BIO_write(bpart, "\r\n", 2);
+ eol = next_eol;
+ if (len)
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK_OF(MIME_HEADER) *headers;
+ int len, state, save_state = 0;
+
+ headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ if (!headers)
+ return NULL;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+ else state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ /* State machine to handle MIME headers
+ * if this looks horrible that's because it *is*
+ */
+
+ switch(state) {
+ case MIME_START:
+ if(c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if(c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if(c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if(c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break ;
+
+ case MIME_VALUE:
+ if(c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if(c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if(state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ } else if(state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for(p = name; (c = *p) ;p++) {
+ if(c == '"') {
+ /* Next char is start of string if non null */
+ if(p[1]) return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if(!isspace((unsigned char)c)) return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if(!name) return NULL;
+ /* Look for first non white space or quote */
+ for(p = name + strlen(name) - 1; p >= name ;p--) {
+ c = *p;
+ if(c == '"') {
+ if(p - 1 == name) return NULL;
+ *p = 0;
+ return name;
+ }
+ if(isspace((unsigned char)c)) *p = 0;
+ else return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if(name) {
+ if(!(tmpname = BUF_strdup(name))) return NULL;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ if(!(tmpval = BUF_strdup(value))) return NULL;
+ for(p = tmpval ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpval = NULL;
+ mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+ if(!mhdr) return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if(name) {
+ tmpname = BUF_strdup(name);
+ if(!tmpname) return 0;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ tmpval = BUF_strdup(value);
+ if(!tmpval) return 0;
+ } else tmpval = NULL;
+ /* Parameter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+ if(!mparam) return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_MIME_PARAM_push(mhdr->params, mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b)
+{
+ if (!(*a)->name || !(*b)->name)
+ return !!(*a)->name - !!(*b)->name;
+
+ return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b)
+{
+ if (!(*a)->param_name || !(*b)->param_name)
+ return !!(*a)->param_name - !!(*b)->param_name;
+ return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_MIME_HEADER_find(hdrs, &htmp);
+ if(idx < 0) return NULL;
+ return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_MIME_PARAM_find(hdr->params, ¶m);
+ if(idx < 0) return NULL;
+ return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if(hdr->name) OPENSSL_free(hdr->name);
+ if(hdr->value) OPENSSL_free(hdr->value);
+ if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+ OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if(param->param_name) OPENSSL_free(param->param_name);
+ if(param->param_value) OPENSSL_free(param->param_value);
+ OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if(linelen == -1) linelen = strlen(line);
+ if(blen == -1) blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if(blen + 2 > linelen) return 0;
+ /* Check for part boundary */
+ if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if(!strncmp(line + blen + 2, "--", 2)) return 2;
+ else return 1;
+ }
+ return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+ {
+ int len = *plen;
+ char *p, c;
+ int is_eol = 0;
+ p = linebuf + len - 1;
+ for (p = linebuf + len - 1; len > 0; len--, p--)
+ {
+ c = *p;
+ if (c == '\n')
+ is_eol = 1;
+ else if (c != '\r')
+ break;
+ }
+ *plen = len;
+ return is_eol;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,160 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(char *value, char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+ {
+ int i;
+ const char *oid_section;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *oval;
+ oid_section = CONF_imodule_get_value(md);
+ if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+ {
+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+ return 0;
+ }
+ for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+ {
+ oval = sk_CONF_VALUE_value(sktmp, i);
+ if(!do_create(oval->value, oval->name))
+ {
+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+ return 0;
+ }
+ }
+ return 1;
+ }
+
+static void oid_module_finish(CONF_IMODULE *md)
+ {
+ OBJ_cleanup();
+ }
+
+void ASN1_add_oid_module(void)
+ {
+ CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+ }
+
+/* Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+
+static int do_create(char *value, char *name)
+ {
+ int nid;
+ ASN1_OBJECT *oid;
+ char *ln, *ostr, *p, *lntmp;
+ p = strrchr(value, ',');
+ if (!p)
+ {
+ ln = name;
+ ostr = value;
+ }
+ else
+ {
+ ln = NULL;
+ ostr = p + 1;
+ if (!*ostr)
+ return 0;
+ while(isspace((unsigned char)*ostr)) ostr++;
+ }
+
+ nid = OBJ_create(ostr, name, ln);
+
+ if (nid == NID_undef)
+ return 0;
+
+ if (p)
+ {
+ ln = value;
+ while(isspace((unsigned char)*ln)) ln++;
+ p--;
+ while(isspace((unsigned char)*p))
+ {
+ if (p == ln)
+ return 0;
+ p--;
+ }
+ p++;
+ lntmp = OPENSSL_malloc((p - ln) + 1);
+ if (lntmp == NULL)
+ return 0;
+ memcpy(lntmp, ln, p - ln);
+ lntmp[p - ln] = 0;
+ oid = OBJ_nid2obj(nid);
+ oid->ln = lntmp;
+ }
+
+ return 1;
+ }
+
+
Added: vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,199 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_ASN1_OLD
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i,void (*free_func)(void *))
+{
+ STACK *sk;
+ const unsigned char *pbuf;
+ pbuf = buf;
+ if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+ ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+ return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+ unsigned char **buf, int *len)
+{
+ int safelen;
+ unsigned char *safe, *p;
+ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+ ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+ return NULL;
+ }
+ if (!(safe = OPENSSL_malloc (safelen))) {
+ ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p = safe;
+ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+ IS_SEQUENCE);
+ if (len) *len = safelen;
+ if (buf) *buf = safe;
+ return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
+{
+ const unsigned char *p;
+ char *ret;
+
+ p = oct->data;
+ if(!(ret = d2i(NULL, &p, oct->length)))
+ ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+ return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
+{
+ unsigned char *p;
+ ASN1_STRING *octmp;
+
+ if (!oct || !*oct) {
+ if (!(octmp = ASN1_STRING_new ())) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (oct) *oct = octmp;
+ } else octmp = *oct;
+
+ if (!(octmp->length = i2d(obj, NULL))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+ goto err;
+ }
+ if (!(p = OPENSSL_malloc (octmp->length))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ octmp->data = p;
+ i2d (obj, &p);
+ return octmp;
+ err:
+ if (!oct || !*oct)
+ {
+ ASN1_STRING_free(octmp);
+ if (oct)
+ *oct = NULL;
+ }
+ return NULL;
+}
+
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+ ASN1_STRING *octmp;
+
+ if (!oct || !*oct) {
+ if (!(octmp = ASN1_STRING_new ())) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (oct) *oct = octmp;
+ } else octmp = *oct;
+
+ if(octmp->data) {
+ OPENSSL_free(octmp->data);
+ octmp->data = NULL;
+ }
+
+ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
+ return NULL;
+ }
+ if (!octmp->data) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+ const unsigned char *p;
+ void *ret;
+
+ p = oct->data;
+ if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+ ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
+ return ret;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/charmap.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/charmap.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/charmap.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,15 @@
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+};
+
Added: vendor-crypto/openssl/dist/crypto/asn1/charmap.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/charmap.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/charmap.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1; # Character escaped with \
+my $ESC_CTRL = 2; # Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE = 8; # Not escaped if quoted
+my $PSTRING_CHAR = 0x10; # Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
+
+for($i = 0; $i < 128; $i++) {
+ # Set the RFC2253 escape characters (control)
+ $arr[$i] = 0;
+ if(($i < 32) || ($i > 126)) {
+ $arr[$i] |= $ESC_CTRL;
+ }
+
+ # Some PrintableString characters
+ if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+ || ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
+ || ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
+ $arr[$i] |= $PSTRING_CHAR;
+ }
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR;
+$arr[ord(".")] |= $PSTRING_CHAR;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+EOF
+
+for($i = 0; $i < 128; $i++) {
+ print("\n") if($i && (($i % 16) == 0));
+ printf("%2d", $arr[$i]);
+ print(",") if ($i != 127);
+}
+print("\n};\n\n");
+
Added: vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,161 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length)
+ {
+ EVP_PKEY *ret;
+
+ if ((a == NULL) || (*a == NULL))
+ {
+ if ((ret=EVP_PKEY_new()) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+ return(NULL);
+ }
+ }
+ else ret= *a;
+
+ ret->save_type=type;
+ ret->type=EVP_PKEY_type(type);
+ switch (ret->type)
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+ (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+ {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+ (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+ {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,
+ (const unsigned char **)pp, length)) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+ default:
+ ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+ goto err;
+ /* break; */
+ }
+ if (a != NULL) (*a)=ret;
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+ return(NULL);
+ }
+
+/* This works like d2i_PrivateKey() except it automatically works out the type */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+ long length)
+{
+ STACK_OF(ASN1_TYPE) *inkey;
+ const unsigned char *p;
+ int keytype;
+ p = *pp;
+ /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
+ * by analyzing it we can determine the passed structure: this
+ * assumes the input is surrounded by an ASN1 SEQUENCE.
+ */
+ inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
+ ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+ /* Since we only need to discern "traditional format" RSA and DSA
+ * keys we can just count the elements.
+ */
+ if(sk_ASN1_TYPE_num(inkey) == 6)
+ keytype = EVP_PKEY_DSA;
+ else if (sk_ASN1_TYPE_num(inkey) == 4)
+ keytype = EVP_PKEY_EC;
+ else keytype = EVP_PKEY_RSA;
+ sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+ return d2i_PrivateKey(keytype, a, pp, length);
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,135 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length)
+ {
+ EVP_PKEY *ret;
+
+ if ((a == NULL) || (*a == NULL))
+ {
+ if ((ret=EVP_PKEY_new()) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+ return(NULL);
+ }
+ }
+ else ret= *a;
+
+ ret->save_type=type;
+ ret->type=EVP_PKEY_type(type);
+ switch (ret->type)
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+ (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+ {
+ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
+ (const unsigned char **)pp,length)) /* TMP UGLY CAST */
+ {
+ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ if (!o2i_ECPublicKey(&(ret->pkey.ec),
+ (const unsigned char **)pp, length))
+ {
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+ default:
+ ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+ goto err;
+ /* break; */
+ }
+ if (a != NULL) (*a)=ret;
+ return(ret);
+err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+ return(NULL);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,193 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+ {
+ ASN1_STRING *os;
+
+ if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
+ if (!M_ASN1_OCTET_STRING_set(os,data,len))
+ {
+ M_ASN1_OCTET_STRING_free(os);
+ return 0;
+ }
+ ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
+ return(1);
+ }
+
+/* int max_len: for returned value */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+ int max_len)
+ {
+ int ret,num;
+ unsigned char *p;
+
+ if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
+ {
+ ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+ return(-1);
+ }
+ p=M_ASN1_STRING_data(a->value.octet_string);
+ ret=M_ASN1_STRING_length(a->value.octet_string);
+ if (ret < max_len)
+ num=ret;
+ else
+ num=max_len;
+ memcpy(data,p,num);
+ return(ret);
+ }
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+ int len)
+ {
+ int n,size;
+ ASN1_OCTET_STRING os,*osp;
+ ASN1_INTEGER in;
+ unsigned char *p;
+ unsigned char buf[32]; /* when they have 256bit longs,
+ * I'll be in trouble */
+ in.data=buf;
+ in.length=32;
+ os.data=data;
+ os.type=V_ASN1_OCTET_STRING;
+ os.length=len;
+ ASN1_INTEGER_set(&in,num);
+ n = i2d_ASN1_INTEGER(&in,NULL);
+ n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
+
+ size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
+
+ if ((osp=ASN1_STRING_new()) == NULL) return(0);
+ /* Grow the 'string' */
+ if (!ASN1_STRING_set(osp,NULL,size))
+ {
+ ASN1_STRING_free(osp);
+ return(0);
+ }
+
+ M_ASN1_STRING_length_set(osp, size);
+ p=M_ASN1_STRING_data(osp);
+
+ ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+ i2d_ASN1_INTEGER(&in,&p);
+ M_i2d_ASN1_OCTET_STRING(&os,&p);
+
+ ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
+ return(1);
+ }
+
+/* we return the actual length..., num may be missing, in which
+ * case, set it to zero */
+/* int max_len: for returned value */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+ int max_len)
+ {
+ int ret= -1,n;
+ ASN1_INTEGER *ai=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+ const unsigned char *p;
+ long length;
+ ASN1_const_CTX c;
+
+ if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
+ {
+ goto err;
+ }
+ p=M_ASN1_STRING_data(a->value.sequence);
+ length=M_ASN1_STRING_length(a->value.sequence);
+
+ c.pp= &p;
+ c.p=p;
+ c.max=p+length;
+ c.error=ASN1_R_DATA_IS_WRONG;
+
+ M_ASN1_D2I_start_sequence();
+ c.q=c.p;
+ if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
+ c.slen-=(c.p-c.q);
+ c.q=c.p;
+ if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
+ c.slen-=(c.p-c.q);
+ if (!M_ASN1_D2I_end_sequence()) goto err;
+
+ if (num != NULL)
+ *num=ASN1_INTEGER_get(ai);
+
+ ret=M_ASN1_STRING_length(os);
+ if (max_len > ret)
+ n=ret;
+ else
+ n=max_len;
+
+ if (data != NULL)
+ memcpy(data,M_ASN1_STRING_data(os),n);
+ if (0)
+ {
+err:
+ ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+ }
+ if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+ if (ai != NULL) M_ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/f_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_enum.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/f_enum.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,207 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+ {
+ int i,n=0;
+ static const char *h="0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL) return(0);
+
+ if (a->length == 0)
+ {
+ if (BIO_write(bp,"00",2) != 2) goto err;
+ n=2;
+ }
+ else
+ {
+ for (i=0; i<a->length; i++)
+ {
+ if ((i != 0) && (i%35 == 0))
+ {
+ if (BIO_write(bp,"\\\n",2) != 2) goto err;
+ n+=2;
+ }
+ buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+ buf[1]=h[((unsigned char)a->data[i] )&0x0f];
+ if (BIO_write(bp,buf,2) != 2) goto err;
+ n+=2;
+ }
+ }
+ return(n);
+err:
+ return(-1);
+ }
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+ {
+ int ret=0;
+ int i,j,k,m,n,again,bufsize;
+ unsigned char *s=NULL,*sp;
+ unsigned char *bufp;
+ int num=0,slen=0,first=1;
+
+ bs->type=V_ASN1_ENUMERATED;
+
+ bufsize=BIO_gets(bp,buf,size);
+ for (;;)
+ {
+ if (bufsize < 1) goto err_sl;
+ i=bufsize;
+ if (buf[i-1] == '\n') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ if (buf[i-1] == '\r') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ again=(buf[i-1] == '\\');
+
+ for (j=0; j<i; j++)
+ {
+ if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+ {
+ i=j;
+ break;
+ }
+ }
+ buf[i]='\0';
+ /* We have now cleared all the crap off the end of the
+ * line */
+ if (i < 2) goto err_sl;
+
+ bufp=(unsigned char *)buf;
+ if (first)
+ {
+ first=0;
+ if ((bufp[0] == '0') && (buf[1] == '0'))
+ {
+ bufp+=2;
+ i-=2;
+ }
+ }
+ k=0;
+ i-=again;
+ if (i%2 != 0)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i/=2;
+ if (num+i > slen)
+ {
+ if (s == NULL)
+ sp=(unsigned char *)OPENSSL_malloc(
+ (unsigned int)num+i*2);
+ else
+ sp=(unsigned char *)OPENSSL_realloc(s,
+ (unsigned int)num+i*2);
+ if (sp == NULL)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+ if (s != NULL) OPENSSL_free(s);
+ goto err;
+ }
+ s=sp;
+ slen=num+i*2;
+ }
+ for (j=0; j<i; j++,k+=2)
+ {
+ for (n=0; n<2; n++)
+ {
+ m=bufp[k+n];
+ if ((m >= '0') && (m <= '9'))
+ m-='0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m=m-'a'+10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m=m-'A'+10;
+ else
+ {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num+j]<<=4;
+ s[num+j]|=m;
+ }
+ }
+ num+=i;
+ if (again)
+ bufsize=BIO_gets(bp,buf,size);
+ else
+ break;
+ }
+ bs->length=num;
+ bs->data=s;
+ ret=1;
+err:
+ if (0)
+ {
+err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
+ }
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/f_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_int.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/f_int.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,219 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+ {
+ int i,n=0;
+ static const char *h="0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL) return(0);
+
+ if (a->type & V_ASN1_NEG)
+ {
+ if (BIO_write(bp, "-", 1) != 1) goto err;
+ n = 1;
+ }
+
+ if (a->length == 0)
+ {
+ if (BIO_write(bp,"00",2) != 2) goto err;
+ n += 2;
+ }
+ else
+ {
+ for (i=0; i<a->length; i++)
+ {
+ if ((i != 0) && (i%35 == 0))
+ {
+ if (BIO_write(bp,"\\\n",2) != 2) goto err;
+ n+=2;
+ }
+ buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+ buf[1]=h[((unsigned char)a->data[i] )&0x0f];
+ if (BIO_write(bp,buf,2) != 2) goto err;
+ n+=2;
+ }
+ }
+ return(n);
+err:
+ return(-1);
+ }
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+ {
+ int ret=0;
+ int i,j,k,m,n,again,bufsize;
+ unsigned char *s=NULL,*sp;
+ unsigned char *bufp;
+ int num=0,slen=0,first=1;
+
+ bs->type=V_ASN1_INTEGER;
+
+ bufsize=BIO_gets(bp,buf,size);
+ for (;;)
+ {
+ if (bufsize < 1) goto err_sl;
+ i=bufsize;
+ if (buf[i-1] == '\n') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ if (buf[i-1] == '\r') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ again=(buf[i-1] == '\\');
+
+ for (j=0; j<i; j++)
+ {
+#ifndef CHARSET_EBCDIC
+ if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+ /* This #ifdef is not strictly necessary, since
+ * the characters A...F a...f 0...9 are contiguous
+ * (yes, even in EBCDIC - but not the whole alphabet).
+ * Nevertheless, isxdigit() is faster.
+ */
+ if (!isxdigit(buf[j]))
+#endif
+ {
+ i=j;
+ break;
+ }
+ }
+ buf[i]='\0';
+ /* We have now cleared all the crap off the end of the
+ * line */
+ if (i < 2) goto err_sl;
+
+ bufp=(unsigned char *)buf;
+ if (first)
+ {
+ first=0;
+ if ((bufp[0] == '0') && (buf[1] == '0'))
+ {
+ bufp+=2;
+ i-=2;
+ }
+ }
+ k=0;
+ i-=again;
+ if (i%2 != 0)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i/=2;
+ if (num+i > slen)
+ {
+ if (s == NULL)
+ sp=(unsigned char *)OPENSSL_malloc(
+ (unsigned int)num+i*2);
+ else
+ sp=OPENSSL_realloc_clean(s,slen,num+i*2);
+ if (sp == NULL)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+ if (s != NULL) OPENSSL_free(s);
+ goto err;
+ }
+ s=sp;
+ slen=num+i*2;
+ }
+ for (j=0; j<i; j++,k+=2)
+ {
+ for (n=0; n<2; n++)
+ {
+ m=bufp[k+n];
+ if ((m >= '0') && (m <= '9'))
+ m-='0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m=m-'a'+10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m=m-'A'+10;
+ else
+ {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num+j]<<=4;
+ s[num+j]|=m;
+ }
+ }
+ num+=i;
+ if (again)
+ bufsize=BIO_gets(bp,buf,size);
+ else
+ break;
+ }
+ bs->length=num;
+ bs->data=s;
+ ret=1;
+err:
+ if (0)
+ {
+err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+ }
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/f_string.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_string.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/f_string.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,212 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+ {
+ int i,n=0;
+ static const char *h="0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL) return(0);
+
+ if (a->length == 0)
+ {
+ if (BIO_write(bp,"0",1) != 1) goto err;
+ n=1;
+ }
+ else
+ {
+ for (i=0; i<a->length; i++)
+ {
+ if ((i != 0) && (i%35 == 0))
+ {
+ if (BIO_write(bp,"\\\n",2) != 2) goto err;
+ n+=2;
+ }
+ buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+ buf[1]=h[((unsigned char)a->data[i] )&0x0f];
+ if (BIO_write(bp,buf,2) != 2) goto err;
+ n+=2;
+ }
+ }
+ return(n);
+err:
+ return(-1);
+ }
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+ {
+ int ret=0;
+ int i,j,k,m,n,again,bufsize;
+ unsigned char *s=NULL,*sp;
+ unsigned char *bufp;
+ int num=0,slen=0,first=1;
+
+ bufsize=BIO_gets(bp,buf,size);
+ for (;;)
+ {
+ if (bufsize < 1)
+ {
+ if (first)
+ break;
+ else
+ goto err_sl;
+ }
+ first=0;
+
+ i=bufsize;
+ if (buf[i-1] == '\n') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ if (buf[i-1] == '\r') buf[--i]='\0';
+ if (i == 0) goto err_sl;
+ again=(buf[i-1] == '\\');
+
+ for (j=i-1; j>0; j--)
+ {
+#ifndef CHARSET_EBCDIC
+ if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+ /* This #ifdef is not strictly necessary, since
+ * the characters A...F a...f 0...9 are contiguous
+ * (yes, even in EBCDIC - but not the whole alphabet).
+ * Nevertheless, isxdigit() is faster.
+ */
+ if (!isxdigit(buf[j]))
+#endif
+ {
+ i=j;
+ break;
+ }
+ }
+ buf[i]='\0';
+ /* We have now cleared all the crap off the end of the
+ * line */
+ if (i < 2) goto err_sl;
+
+ bufp=(unsigned char *)buf;
+
+ k=0;
+ i-=again;
+ if (i%2 != 0)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i/=2;
+ if (num+i > slen)
+ {
+ if (s == NULL)
+ sp=(unsigned char *)OPENSSL_malloc(
+ (unsigned int)num+i*2);
+ else
+ sp=(unsigned char *)OPENSSL_realloc(s,
+ (unsigned int)num+i*2);
+ if (sp == NULL)
+ {
+ ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+ if (s != NULL) OPENSSL_free(s);
+ goto err;
+ }
+ s=sp;
+ slen=num+i*2;
+ }
+ for (j=0; j<i; j++,k+=2)
+ {
+ for (n=0; n<2; n++)
+ {
+ m=bufp[k+n];
+ if ((m >= '0') && (m <= '9'))
+ m-='0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m=m-'a'+10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m=m-'A'+10;
+ else
+ {
+ ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num+j]<<=4;
+ s[num+j]|=m;
+ }
+ }
+ num+=i;
+ if (again)
+ bufsize=BIO_gets(bp,buf,size);
+ else
+ break;
+ }
+ bs->length=num;
+ bs->data=s;
+ ret=1;
+err:
+ if (0)
+ {
+err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+ }
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,99 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+ {
+#ifndef OPENSSL_NO_RSA
+ if (a->type == EVP_PKEY_RSA)
+ {
+ return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (a->type == EVP_PKEY_DSA)
+ {
+ return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (a->type == EVP_PKEY_EC)
+ {
+ return(i2d_ECPrivateKey(a->pkey.ec, pp));
+ }
+#endif
+
+ ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return(-1);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,95 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+ {
+ switch (a->type)
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ return(i2o_ECPublicKey(a->pkey.ec, pp));
+#endif
+ default:
+ ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return(-1);
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,343 @@
+/* crypto/asn1/n_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+
+#ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st
+ {
+ long version;
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *private_key;
+ } NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st
+ {
+ ASN1_OCTET_STRING *os;
+ /* This is the same structure as DigestInfo so use it:
+ * although this isn't really anything to do with
+ * digests.
+ */
+ X509_SIG *enckey;
+ } NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+ ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+ ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+ ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify),
+ int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify))
+{
+ return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+ int (*cb)(char *buf, int len, const char *prompt, int verify),
+ int sgckey)
+ {
+ int i, j, ret = 0;
+ int rsalen, pkeylen, olen;
+ NETSCAPE_PKEY *pkey = NULL;
+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+ unsigned char buf[256],*zz;
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ EVP_CIPHER_CTX ctx;
+
+ if (a == NULL) return(0);
+
+ if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+ if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+ pkey->version = 0;
+
+ pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+ if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+ pkey->algor->parameter->type=V_ASN1_NULL;
+
+ rsalen = i2d_RSAPrivateKey(a, NULL);
+
+ /* Fake some octet strings just for the initial length
+ * calculation.
+ */
+
+ pkey->private_key->length=rsalen;
+
+ pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
+
+ enckey->enckey->digest->length = pkeylen;
+
+ enckey->os->length = 11; /* "private-key" */
+
+ enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+ if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+ enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+
+ if (pp == NULL)
+ {
+ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+ NETSCAPE_PKEY_free(pkey);
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return olen;
+ }
+
+
+ /* Since its RC4 encrypted length is actual length */
+ if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
+ {
+ ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pkey->private_key->data = zz;
+ /* Write out private key encoding */
+ i2d_RSAPrivateKey(a,&zz);
+
+ if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
+ {
+ ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_STRING_set(enckey->os, "private-key", -1))
+ {
+ ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ enckey->enckey->digest->data = zz;
+ i2d_NETSCAPE_PKEY(pkey,&zz);
+
+ /* Wipe the private key encoding */
+ OPENSSL_cleanse(pkey->private_key->data, rsalen);
+
+ if (cb == NULL)
+ cb=EVP_read_pw_string;
+ i=cb((char *)buf,256,"Enter Private Key password:",1);
+ if (i != 0)
+ {
+ ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+ goto err;
+ }
+ i = strlen((char *)buf);
+ /* If the key is used for SGC the algorithm is modified a little. */
+ if(sgckey) {
+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+ memcpy(buf + 16, "SGCKEYSALT", 10);
+ i = 26;
+ }
+
+ EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+ OPENSSL_cleanse(buf,256);
+
+ /* Encrypt private key in place */
+ zz = enckey->enckey->digest->data;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+ EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+ EVP_EncryptFinal_ex(&ctx,zz + i,&j);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
+err:
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ NETSCAPE_PKEY_free(pkey);
+ return(ret);
+ }
+
+
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify))
+{
+ return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+ int (*cb)(char *buf, int len, const char *prompt, int verify),
+ int sgckey)
+ {
+ RSA *ret=NULL;
+ const unsigned char *p;
+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+ p = *pp;
+
+ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+ if(!enckey) {
+ ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+ return NULL;
+ }
+
+ if ((enckey->os->length != 11) || (strncmp("private-key",
+ (char *)enckey->os->data,11) != 0))
+ {
+ ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return NULL;
+ }
+ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+ {
+ ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+ goto err;
+ }
+ if (cb == NULL)
+ cb=EVP_read_pw_string;
+ if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+
+ *pp = p;
+
+ err:
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return ret;
+
+ }
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify), int sgckey)
+ {
+ NETSCAPE_PKEY *pkey=NULL;
+ RSA *ret=NULL;
+ int i,j;
+ unsigned char buf[256];
+ const unsigned char *zz;
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ EVP_CIPHER_CTX ctx;
+
+ i=cb((char *)buf,256,"Enter Private Key password:",0);
+ if (i != 0)
+ {
+ ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+ goto err;
+ }
+
+ i = strlen((char *)buf);
+ if(sgckey){
+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+ memcpy(buf + 16, "SGCKEYSALT", 10);
+ i = 26;
+ }
+
+ EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+ OPENSSL_cleanse(buf,256);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
+ EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+ EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ os->length=i+j;
+
+ zz=os->data;
+
+ if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+ goto err;
+ }
+
+ zz=pkey->private_key->data;
+ if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+ goto err;
+ }
+err:
+ NETSCAPE_PKEY_free(pkey);
+ return(ret);
+ }
+
+#endif /* OPENSSL_NO_RC4 */
+
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/nsseq.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/nsseq.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/nsseq.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,82 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if(operation == ASN1_OP_NEW_POST) {
+ NETSCAPE_CERT_SEQUENCE *nsseq;
+ nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+ nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+ }
+ return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+ ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+ ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
Added: vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,131 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+ ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+ int saltlen)
+{
+ PBEPARAM *pbe=NULL;
+ ASN1_OBJECT *al;
+ X509_ALGOR *algor;
+ ASN1_TYPE *astype=NULL;
+
+ if (!(pbe = PBEPARAM_new ())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+ if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!saltlen) saltlen = PKCS5_SALT_LEN;
+ if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pbe->salt->length = saltlen;
+ if (salt) memcpy (pbe->salt->data, salt, saltlen);
+ else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+ goto err;
+
+ if (!(astype = ASN1_TYPE_new())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ astype->type = V_ASN1_SEQUENCE;
+ if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
+ &astype->value.sequence)) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ PBEPARAM_free (pbe);
+ pbe = NULL;
+
+ al = OBJ_nid2obj(alg); /* never need to free al */
+ if (!(algor = X509_ALGOR_new())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ASN1_OBJECT_free(algor->algorithm);
+ algor->algorithm = al;
+ algor->parameter = astype;
+
+ return (algor);
+err:
+ if (pbe != NULL) PBEPARAM_free(pbe);
+ if (astype != NULL) ASN1_TYPE_free(astype);
+ return NULL;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,205 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+ ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+ ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+ ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+ ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+ ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+ ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+ unsigned char *salt, int saltlen)
+{
+ X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+ int alg_nid;
+ EVP_CIPHER_CTX ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ PBKDF2PARAM *kdf = NULL;
+ PBE2PARAM *pbe2 = NULL;
+ ASN1_OCTET_STRING *osalt = NULL;
+ ASN1_OBJECT *obj;
+
+ alg_nid = EVP_CIPHER_type(cipher);
+ if(alg_nid == NID_undef) {
+ ASN1err(ASN1_F_PKCS5_PBE2_SET,
+ ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+ goto err;
+ }
+ obj = OBJ_nid2obj(alg_nid);
+
+ if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+ /* Setup the AlgorithmIdentifier for the encryption scheme */
+ scheme = pbe2->encryption;
+
+ scheme->algorithm = obj;
+ if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+ /* Create random IV */
+ if (EVP_CIPHER_iv_length(cipher) &&
+ RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ goto err;
+
+ EVP_CIPHER_CTX_init(&ctx);
+
+ /* Dummy cipherinit to just setup the IV */
+ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+ if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+ ASN1err(ASN1_F_PKCS5_PBE2_SET,
+ ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ goto err;
+ }
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ if(!(kdf = PBKDF2PARAM_new())) goto merr;
+ if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
+
+ if (!saltlen) saltlen = PKCS5_SALT_LEN;
+ if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
+ osalt->length = saltlen;
+ if (salt) memcpy (osalt->data, salt, saltlen);
+ else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+
+ if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+ if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+ /* Now include salt in kdf structure */
+ kdf->salt->value.octet_string = osalt;
+ kdf->salt->type = V_ASN1_OCTET_STRING;
+ osalt = NULL;
+
+ /* If its RC2 then we'd better setup the key length */
+
+ if(alg_nid == NID_rc2_cbc) {
+ if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
+ if(!ASN1_INTEGER_set (kdf->keylength,
+ EVP_CIPHER_key_length(cipher))) goto merr;
+ }
+
+ /* prf can stay NULL because we are using hmacWithSHA1 */
+
+ /* Now setup the PBE2PARAM keyfunc structure */
+
+ pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+ /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+ if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+ if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+ &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+ pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+ PBKDF2PARAM_free(kdf);
+ kdf = NULL;
+
+ /* Now set up top level AlgorithmIdentifier */
+
+ if(!(ret = X509_ALGOR_new())) goto merr;
+ if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+ ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+ /* Encode PBE2PARAM into parameter */
+
+ if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+ &ret->parameter->value.sequence)) goto merr;
+ ret->parameter->type = V_ASN1_SEQUENCE;
+
+ PBE2PARAM_free(pbe2);
+ pbe2 = NULL;
+
+ return ret;
+
+ merr:
+ ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+ err:
+ PBE2PARAM_free(pbe2);
+ /* Note 'scheme' is freed as part of pbe2 */
+ M_ASN1_OCTET_STRING_free(osalt);
+ PBKDF2PARAM_free(kdf);
+ X509_ALGOR_free(kalg);
+ X509_ALGOR_free(ret);
+
+ return NULL;
+
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/p8_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p8_key.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/p8_key.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,131 @@
+/* crypto/asn1/p8_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_finish();
+ }
+
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+ {
+ M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+ M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+ M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+ }
+
+X509 *X509_KEY_new(void)
+ {
+ X509_KEY *ret=NULL;
+
+ M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
+ ret->references=1;
+ ret->type=NID
+ M_ASN1_New(ret->cert_info,X509_CINF_new);
+ M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+ M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_X509_NEW);
+ }
+
+void X509_KEY_free(X509 *a)
+ {
+ int i;
+
+ if (a == NULL) return;
+
+ i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+ REF_PRINT("X509_KEY",a);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"X509_KEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ X509_CINF_free(a->cert_info);
+ X509_ALGOR_free(a->sig_alg);
+ ASN1_BIT_STRING_free(a->signature);
+ OPENSSL_free(a);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,84 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+ if(operation == ASN1_OP_FREE_PRE) {
+ PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+ if (key->pkey->value.octet_string)
+ OPENSSL_cleanse(key->pkey->value.octet_string->data,
+ key->pkey->value.octet_string->length);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+ ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
Added: vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,102 @@
+/* t_bitst.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent)
+{
+ BIT_STRING_BITNAME *bnam;
+ char first = 1;
+ BIO_printf(out, "%*s", indent, "");
+ for(bnam = tbl; bnam->lname; bnam++) {
+ if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+ if(!first) BIO_puts(out, ", ");
+ BIO_puts(out, bnam->lname);
+ first = 0;
+ }
+ }
+ BIO_puts(out, "\n");
+ return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+ BIT_STRING_BITNAME *tbl)
+{
+ int bitnum;
+ bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+ if(bitnum < 0) return 0;
+ if(bs) {
+ if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+ return 0;
+ }
+ return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+ BIT_STRING_BITNAME *bnam;
+ for(bnam = tbl; bnam->lname; bnam++) {
+ if(!strcmp(bnam->sname, name) ||
+ !strcmp(bnam->lname, name) ) return bnam->bitnum;
+ }
+ return -1;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/t_crl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_crl.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_crl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,133 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=X509_CRL_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+ STACK_OF(X509_REVOKED) *rev;
+ X509_REVOKED *r;
+ long l;
+ int i;
+ char *p;
+
+ BIO_printf(out, "Certificate Revocation List (CRL):\n");
+ l = X509_CRL_get_version(x);
+ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+ i = OBJ_obj2nid(x->sig_alg->algorithm);
+ BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+ (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+ p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+ BIO_printf(out,"%8sIssuer: %s\n","",p);
+ OPENSSL_free(p);
+ BIO_printf(out,"%8sLast Update: ","");
+ ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+ BIO_printf(out,"\n%8sNext Update: ","");
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+ else BIO_printf(out,"NONE");
+ BIO_printf(out,"\n");
+
+ X509V3_extensions_print(out, "CRL extensions",
+ x->crl->extensions, 0, 8);
+
+ rev = X509_CRL_get_REVOKED(x);
+
+ if(sk_X509_REVOKED_num(rev) > 0)
+ BIO_printf(out, "Revoked Certificates:\n");
+ else BIO_printf(out, "No Revoked Certificates.\n");
+
+ for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+ r = sk_X509_REVOKED_value(rev, i);
+ BIO_printf(out," Serial Number: ");
+ i2a_ASN1_INTEGER(out,r->serialNumber);
+ BIO_printf(out,"\n Revocation Date: ");
+ ASN1_TIME_print(out,r->revocationDate);
+ BIO_printf(out,"\n");
+ X509V3_extensions_print(out, "CRL entry extensions",
+ r->extensions, 0, 8);
+ }
+ X509_signature_print(out, x->sig_alg, x->signature);
+
+ return 1;
+
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,834 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+static int print(BIO *fp,const char *str, const BIGNUM *num,
+ unsigned char *buf,int off);
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+ size_t len, int off);
+#endif
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=RSA_print(b,x,off);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+ {
+ char str[128];
+ const char *s;
+ unsigned char *m=NULL;
+ int ret=0, mod_len = 0;
+ size_t buf_len=0, i;
+
+ if (x->n)
+ buf_len = (size_t)BN_num_bytes(x->n);
+ if (x->e)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+ buf_len = i;
+ if (x->d)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+ buf_len = i;
+ if (x->p)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+ buf_len = i;
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->dmp1)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+ buf_len = i;
+ if (x->dmq1)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+ buf_len = i;
+ if (x->iqmp)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+ buf_len = i;
+
+ m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ if (m == NULL)
+ {
+ RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (x->n != NULL)
+ mod_len = BN_num_bits(x->n);
+
+ if (x->d != NULL)
+ {
+ if(!BIO_indent(bp,off,128))
+ goto err;
+ if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+ <= 0) goto err;
+ }
+
+ if (x->d == NULL)
+ BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
+ else
+ BUF_strlcpy(str,"modulus:",sizeof str);
+ if (!print(bp,str,x->n,m,off)) goto err;
+ s=(x->d == NULL)?"Exponent:":"publicExponent:";
+ if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+ goto err;
+ if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+ goto err;
+ if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+ goto err;
+ if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+ goto err;
+ if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
+ goto err;
+ if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
+ goto err;
+ if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
+ goto err;
+ ret=1;
+err:
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=DSA_print(b,x,off);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+ {
+ unsigned char *m=NULL;
+ int ret=0;
+ size_t buf_len=0,i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ if (x->priv_key)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+ buf_len = i;
+ if (x->pub_key)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+ buf_len = i;
+
+ m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ if (m == NULL)
+ {
+ DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (x->priv_key != NULL)
+ {
+ if(!BIO_indent(bp,off,128))
+ goto err;
+ if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+ <= 0) goto err;
+ }
+
+ if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+ goto err;
+ if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+ goto err;
+ if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err;
+ if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err;
+ if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err;
+ ret=1;
+err:
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = ECPKParameters_print(b, x, off);
+ BIO_free(b);
+ return(ret);
+ }
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+ return(0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = EC_KEY_print(b, x, off);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+ {
+ unsigned char *buffer=NULL;
+ size_t buf_len=0, i;
+ int ret=0, reason=ERR_R_BIO_LIB;
+ BN_CTX *ctx=NULL;
+ const EC_POINT *point=NULL;
+ BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
+ *order=NULL, *cofactor=NULL;
+ const unsigned char *seed;
+ size_t seed_len=0;
+
+ static const char *gen_compressed = "Generator (compressed):";
+ static const char *gen_uncompressed = "Generator (uncompressed):";
+ static const char *gen_hybrid = "Generator (hybrid):";
+
+ if (!x)
+ {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ if (EC_GROUP_get_asn1_flag(x))
+ {
+ /* the curve parameter are given by an asn1 OID */
+ int nid;
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ nid = EC_GROUP_get_curve_name(x);
+ if (nid == 0)
+ goto err;
+
+ if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+ goto err;
+ if (BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+ else
+ {
+ /* explicit parameters */
+ int is_char_two = 0;
+ point_conversion_form_t form;
+ int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+ if (tmp_nid == NID_X9_62_characteristic_two_field)
+ is_char_two = 1;
+
+ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+ (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+ (cofactor = BN_new()) == NULL)
+ {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (is_char_two)
+ {
+ if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ }
+ else /* prime field */
+ {
+ if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ }
+
+ if ((point = EC_GROUP_get0_generator(x)) == NULL)
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ if (!EC_GROUP_get_order(x, order, NULL) ||
+ !EC_GROUP_get_cofactor(x, cofactor, NULL))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ form = EC_GROUP_get_point_conversion_form(x);
+
+ if ((gen = EC_POINT_point2bn(x, point,
+ form, NULL, ctx)) == NULL)
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ buf_len = (size_t)BN_num_bytes(p);
+ if (buf_len < (i = (size_t)BN_num_bytes(a)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(b)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(order)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
+ buf_len = i;
+
+ if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+ seed_len = EC_GROUP_get_seed_len(x);
+
+ buf_len += 10;
+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+ {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ /* print the 'short name' of the field type */
+ if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+ <= 0)
+ goto err;
+
+ if (is_char_two)
+ {
+ /* print the 'short name' of the base type OID */
+ int basis_type = EC_GROUP_get_basis_type(x);
+ if (basis_type == 0)
+ goto err;
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ if (BIO_printf(bp, "Basis Type: %s\n",
+ OBJ_nid2sn(basis_type)) <= 0)
+ goto err;
+
+ /* print the polynomial */
+ if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
+ off))
+ goto err;
+ }
+ else
+ {
+ if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
+ goto err;
+ }
+ if ((a != NULL) && !print(bp, "A: ", a, buffer, off))
+ goto err;
+ if ((b != NULL) && !print(bp, "B: ", b, buffer, off))
+ goto err;
+ if (form == POINT_CONVERSION_COMPRESSED)
+ {
+ if ((gen != NULL) && !print(bp, gen_compressed, gen,
+ buffer, off))
+ goto err;
+ }
+ else if (form == POINT_CONVERSION_UNCOMPRESSED)
+ {
+ if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
+ buffer, off))
+ goto err;
+ }
+ else /* form == POINT_CONVERSION_HYBRID */
+ {
+ if ((gen != NULL) && !print(bp, gen_hybrid, gen,
+ buffer, off))
+ goto err;
+ }
+ if ((order != NULL) && !print(bp, "Order: ", order,
+ buffer, off)) goto err;
+ if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor,
+ buffer, off)) goto err;
+ if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+ goto err;
+ }
+ ret=1;
+err:
+ if (!ret)
+ ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+ if (p)
+ BN_free(p);
+ if (a)
+ BN_free(a);
+ if (b)
+ BN_free(b);
+ if (gen)
+ BN_free(gen);
+ if (order)
+ BN_free(order);
+ if (cofactor)
+ BN_free(cofactor);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buffer != NULL)
+ OPENSSL_free(buffer);
+ return(ret);
+ }
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+ {
+ unsigned char *buffer=NULL;
+ size_t buf_len=0, i;
+ int ret=0, reason=ERR_R_BIO_LIB;
+ BIGNUM *pub_key=NULL, *order=NULL;
+ BN_CTX *ctx=NULL;
+ const EC_GROUP *group;
+ const EC_POINT *public_key;
+ const BIGNUM *priv_key;
+
+ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+ {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ public_key = EC_KEY_get0_public_key(x);
+ if ((pub_key = EC_POINT_point2bn(group, public_key,
+ EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ buf_len = (size_t)BN_num_bytes(pub_key);
+ priv_key = EC_KEY_get0_private_key(x);
+ if (priv_key != NULL)
+ {
+ if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+ buf_len = i;
+ }
+
+ buf_len += 10;
+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+ {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (priv_key != NULL)
+ {
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+ if ((order = BN_new()) == NULL)
+ goto err;
+ if (!EC_GROUP_get_order(group, order, NULL))
+ goto err;
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n",
+ BN_num_bits(order)) <= 0) goto err;
+ }
+
+ if ((priv_key != NULL) && !print(bp, "priv:", priv_key,
+ buffer, off))
+ goto err;
+ if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
+ buffer, off))
+ goto err;
+ if (!ECPKParameters_print(bp, group, off))
+ goto err;
+ ret=1;
+err:
+ if (!ret)
+ ECerr(EC_F_EC_KEY_PRINT, reason);
+ if (pub_key)
+ BN_free(pub_key);
+ if (order)
+ BN_free(order);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buffer != NULL)
+ OPENSSL_free(buffer);
+ return(ret);
+ }
+#endif /* OPENSSL_NO_EC */
+
+static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
+ int off)
+ {
+ int n,i;
+ const char *neg;
+
+ if (num == NULL) return(1);
+ neg = (BN_is_negative(num))?"-":"";
+ if(!BIO_indent(bp,off,128))
+ return 0;
+ if (BN_is_zero(num))
+ {
+ if (BIO_printf(bp, "%s 0\n", number) <= 0)
+ return 0;
+ return 1;
+ }
+
+ if (BN_num_bytes(num) <= BN_BYTES)
+ {
+ if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+ (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+ <= 0) return(0);
+ }
+ else
+ {
+ buf[0]=0;
+ if (BIO_printf(bp,"%s%s",number,
+ (neg[0] == '-')?" (Negative)":"") <= 0)
+ return(0);
+ n=BN_bn2bin(num,&buf[1]);
+
+ if (buf[1] & 0x80)
+ n++;
+ else buf++;
+
+ for (i=0; i<n; i++)
+ {
+ if ((i%15) == 0)
+ {
+ if(BIO_puts(bp,"\n") <= 0
+ || !BIO_indent(bp,off+4,128))
+ return 0;
+ }
+ if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
+ <= 0) return(0);
+ }
+ if (BIO_write(bp,"\n",1) <= 0) return(0);
+ }
+ return(1);
+ }
+
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+ size_t len, int off)
+ {
+ size_t i;
+ char str[128];
+
+ if (buf == NULL)
+ return 1;
+ if (off)
+ {
+ if (off > 128)
+ off=128;
+ memset(str,' ',off);
+ if (BIO_write(fp, str, off) <= 0)
+ return 0;
+ }
+
+ if (BIO_printf(fp,"%s", name) <= 0)
+ return 0;
+
+ for (i=0; i<len; i++)
+ {
+ if ((i%15) == 0)
+ {
+ str[0]='\n';
+ memset(&(str[1]),' ',off+4);
+ if (BIO_write(fp, str, off+1+4) <= 0)
+ return 0;
+ }
+ if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
+ return 0;
+ }
+ if (BIO_write(fp,"\n",1) <= 0)
+ return 0;
+
+ return 1;
+ }
+#endif
+
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=DHparams_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int DHparams_print(BIO *bp, const DH *x)
+ {
+ unsigned char *m=NULL;
+ int reason=ERR_R_BUF_LIB,ret=0;
+ size_t buf_len=0, i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ else
+ {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ if (m == NULL)
+ {
+ reason=ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+ BN_num_bits(x->p)) <= 0)
+ goto err;
+ if (!print(bp,"prime:",x->p,m,4)) goto err;
+ if (!print(bp,"generator:",x->g,m,4)) goto err;
+ if (x->length != 0)
+ {
+ if (BIO_printf(bp," recommended-private-length: %d bits\n",
+ (int)x->length) <= 0) goto err;
+ }
+ ret=1;
+ if (0)
+ {
+err:
+ DHerr(DH_F_DHPARAMS_PRINT,reason);
+ }
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=DSAparams_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int DSAparams_print(BIO *bp, const DSA *x)
+ {
+ unsigned char *m=NULL;
+ int ret=0;
+ size_t buf_len=0,i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ else
+ {
+ DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
+ goto err;
+ }
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ if (m == NULL)
+ {
+ DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+ BN_num_bits(x->p)) <= 0)
+ goto err;
+ if (!print(bp,"p:",x->p,m,4)) goto err;
+ if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+ if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
+ ret=1;
+err:
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+ return(0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = ECParameters_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+ {
+ int reason=ERR_R_EC_LIB, ret=0;
+ BIGNUM *order=NULL;
+ const EC_GROUP *group;
+
+ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+ {
+ reason = ERR_R_PASSED_NULL_PARAMETER;;
+ goto err;
+ }
+
+ if ((order = BN_new()) == NULL)
+ {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (!EC_GROUP_get_order(group, order, NULL))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n",
+ BN_num_bits(order)) <= 0)
+ goto err;
+ if (!ECPKParameters_print(bp, group, 4))
+ goto err;
+ ret=1;
+err:
+ if (order)
+ BN_free(order);
+ ECerr(EC_F_ECPARAMETERS_PRINT, reason);
+ return(ret);
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/t_req.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_req.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_req.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,290 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=X509_REQ_print(b, x);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
+ {
+ unsigned long l;
+ int i;
+ const char *neg;
+ X509_REQ_INFO *ri;
+ EVP_PKEY *pkey;
+ STACK_OF(X509_ATTRIBUTE) *sk;
+ STACK_OF(X509_EXTENSION) *exts;
+ char mlch = ' ';
+ int nmindent = 0;
+
+ if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if(nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
+
+ ri=x->req_info;
+ if(!(cflag & X509_FLAG_NO_HEADER))
+ {
+ if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+ if (BIO_write(bp," Data:\n",10) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_VERSION))
+ {
+ neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+ l=0;
+ for (i=0; i<ri->version->length; i++)
+ { l<<=8; l+=ri->version->data[i]; }
+ if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+ l) <= 0)
+ goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_SUBJECT))
+ {
+ if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
+ if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_PUBKEY))
+ {
+ if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
+ goto err;
+ if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+ pkey=X509_REQ_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bp,"%12sUnable to load Public Key\n","");
+ ERR_print_errors(bp);
+ }
+ else
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(bp,pkey->pkey.rsa,16);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(bp,"%12sDSA Public Key:\n","");
+ DSA_print(bp,pkey->pkey.dsa,16);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ BIO_printf(bp, "%12sEC Public Key: \n","");
+ EC_KEY_print(bp, pkey->pkey.ec, 16);
+ }
+ else
+#endif
+ BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+ EVP_PKEY_free(pkey);
+ }
+
+ if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+ {
+ /* may not be */
+ if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+ goto err;
+
+ sk=x->req_info->attributes;
+ if (sk_X509_ATTRIBUTE_num(sk) == 0)
+ {
+ if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+ goto err;
+ }
+ else
+ {
+ for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+ {
+ ASN1_TYPE *at;
+ X509_ATTRIBUTE *a;
+ ASN1_BIT_STRING *bs=NULL;
+ ASN1_TYPE *t;
+ int j,type=0,count=1,ii=0;
+
+ a=sk_X509_ATTRIBUTE_value(sk,i);
+ if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+ continue;
+ if(BIO_printf(bp,"%12s","") <= 0)
+ goto err;
+ if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+ {
+ if (a->single)
+ {
+ t=a->value.single;
+ type=t->type;
+ bs=t->value.bit_string;
+ }
+ else
+ {
+ ii=0;
+ count=sk_ASN1_TYPE_num(a->value.set);
+get_next:
+ at=sk_ASN1_TYPE_value(a->value.set,ii);
+ type=at->type;
+ bs=at->value.asn1_string;
+ }
+ }
+ for (j=25-j; j>0; j--)
+ if (BIO_write(bp," ",1) != 1) goto err;
+ if (BIO_puts(bp,":") <= 0) goto err;
+ if ( (type == V_ASN1_PRINTABLESTRING) ||
+ (type == V_ASN1_T61STRING) ||
+ (type == V_ASN1_IA5STRING))
+ {
+ if (BIO_write(bp,(char *)bs->data,bs->length)
+ != bs->length)
+ goto err;
+ BIO_puts(bp,"\n");
+ }
+ else
+ {
+ BIO_puts(bp,"unable to print attribute\n");
+ }
+ if (++ii < count) goto get_next;
+ }
+ }
+ }
+ if(!(cflag & X509_FLAG_NO_EXTENSIONS))
+ {
+ exts = X509_REQ_get_extensions(x);
+ if(exts)
+ {
+ BIO_printf(bp,"%8sRequested Extensions:\n","");
+ for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+ {
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ex;
+ int j;
+ ex=sk_X509_EXTENSION_value(exts, i);
+ if (BIO_printf(bp,"%12s","") <= 0) goto err;
+ obj=X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(bp,obj);
+ j=X509_EXTENSION_get_critical(ex);
+ if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
+ goto err;
+ if(!X509V3_EXT_print(bp, ex, cflag, 16))
+ {
+ BIO_printf(bp, "%16s", "");
+ M_ASN1_OCTET_STRING_print(bp,ex->value);
+ }
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ }
+ }
+
+ if(!(cflag & X509_FLAG_NO_SIGDUMP))
+ {
+ if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
+ }
+
+ return(1);
+err:
+ X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
+ return(0);
+ }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+ {
+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/t_spki.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_spki.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_spki.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,132 @@
+/* t_spki.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+ EVP_PKEY *pkey;
+ ASN1_IA5STRING *chal;
+ int i, n;
+ char *s;
+ BIO_printf(out, "Netscape SPKI:\n");
+ i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+ BIO_printf(out," Public Key Algorithm: %s\n",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+ pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+ if(!pkey) BIO_printf(out, " Unable to load public key\n");
+ else {
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(out," RSA Public Key: (%d bit)\n",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(out,pkey->pkey.rsa,2);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(out," DSA Public Key:\n");
+ DSA_print(out,pkey->pkey.dsa,2);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ BIO_printf(out, " EC Public Key:\n");
+ EC_KEY_print(out, pkey->pkey.ec,2);
+ }
+ else
+#endif
+
+ BIO_printf(out," Unknown Public Key:\n");
+ EVP_PKEY_free(pkey);
+ }
+ chal = spki->spkac->challenge;
+ if(chal->length)
+ BIO_printf(out, " Challenge String: %s\n", chal->data);
+ i=OBJ_obj2nid(spki->sig_algor->algorithm);
+ BIO_printf(out," Signature Algorithm: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+ n=spki->signature->length;
+ s=(char *)spki->signature->data;
+ for (i=0; i<n; i++)
+ {
+ if ((i%18) == 0) BIO_write(out,"\n ",7);
+ BIO_printf(out,"%02x%s",(unsigned char)s[i],
+ ((i+1) == n)?"":":");
+ }
+ BIO_write(out,"\n",1);
+ return 1;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/t_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_x509.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_x509.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,520 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+ {
+ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+ }
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=X509_print_ex(b, x, nmflag, cflag);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
+ {
+ long l;
+ int ret=0,i;
+ char *m=NULL,mlch = ' ';
+ int nmindent = 0;
+ X509_CINF *ci;
+ ASN1_INTEGER *bs;
+ EVP_PKEY *pkey=NULL;
+ const char *neg;
+ ASN1_STRING *str=NULL;
+
+ if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if(nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
+ ci=x->cert_info;
+ if(!(cflag & X509_FLAG_NO_HEADER))
+ {
+ if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+ if (BIO_write(bp," Data:\n",10) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_VERSION))
+ {
+ l=X509_get_version(x);
+ if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_SERIAL))
+ {
+
+ if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
+
+ bs=X509_get_serialNumber(x);
+ if (bs->length <= 4)
+ {
+ l=ASN1_INTEGER_get(bs);
+ if (l < 0)
+ {
+ l= -l;
+ neg="-";
+ }
+ else
+ neg="";
+ if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+ goto err;
+ }
+ else
+ {
+ neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+ if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+ for (i=0; i<bs->length; i++)
+ {
+ if (BIO_printf(bp,"%02x%c",bs->data[i],
+ ((i+1 == bs->length)?'\n':':')) <= 0)
+ goto err;
+ }
+ }
+
+ }
+
+ if(!(cflag & X509_FLAG_NO_SIGNAME))
+ {
+ if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+ }
+
+ if(!(cflag & X509_FLAG_NO_ISSUER))
+ {
+ if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err;
+ if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_VALIDITY))
+ {
+ if (BIO_write(bp," Validity\n",17) <= 0) goto err;
+ if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
+ if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+ if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
+ if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_SUBJECT))
+ {
+ if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
+ if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_PUBKEY))
+ {
+ if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
+ goto err;
+ if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bp,"%12sUnable to load Public Key\n","");
+ ERR_print_errors(bp);
+ }
+ else
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(bp,pkey->pkey.rsa,16);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(bp,"%12sDSA Public Key:\n","");
+ DSA_print(bp,pkey->pkey.dsa,16);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC)
+ {
+ BIO_printf(bp, "%12sEC Public Key:\n","");
+ EC_KEY_print(bp, pkey->pkey.ec, 16);
+ }
+ else
+#endif
+ BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+ EVP_PKEY_free(pkey);
+ }
+
+ if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+ X509V3_extensions_print(bp, "X509v3 extensions",
+ ci->extensions, cflag, 8);
+
+ if(!(cflag & X509_FLAG_NO_SIGDUMP))
+ {
+ if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_AUX))
+ {
+ if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
+ }
+ ret=1;
+err:
+ if (str != NULL) ASN1_STRING_free(str);
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+
+int X509_ocspid_print (BIO *bp, X509 *x)
+ {
+ unsigned char *der=NULL ;
+ unsigned char *dertmp;
+ int derlen;
+ int i;
+ unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+ /* display the hash of the subject as it would appear
+ in OCSP requests */
+ if (BIO_printf(bp," Subject OCSP hash: ") <= 0)
+ goto err;
+ derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+ goto err;
+ i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+ EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+ for (i=0; i < SHA_DIGEST_LENGTH; i++)
+ {
+ if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+ }
+ OPENSSL_free (der);
+ der=NULL;
+
+ /* display the hash of the public key as it would appear
+ in OCSP requests */
+ if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
+ goto err;
+
+ EVP_Digest(x->cert_info->key->public_key->data,
+ x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+ for (i=0; i < SHA_DIGEST_LENGTH; i++)
+ {
+ if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+ goto err;
+ }
+ BIO_printf(bp,"\n");
+
+ return (1);
+err:
+ if (der != NULL) OPENSSL_free(der);
+ return(0);
+ }
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+ unsigned char *s;
+ int i, n;
+ if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0;
+ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+ n=sig->length;
+ s=sig->data;
+ for (i=0; i<n; i++)
+ {
+ if ((i%18) == 0)
+ if (BIO_write(bp,"\n ",9) <= 0) return 0;
+ if (BIO_printf(bp,"%02x%s",s[i],
+ ((i+1) == n)?"":":") <= 0) return 0;
+ }
+ if (BIO_write(bp,"\n",1) != 1) return 0;
+ return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+ {
+ int i,n;
+ char buf[80],*p;
+
+ if (v == NULL) return(0);
+ n=0;
+ p=(char *)v->data;
+ for (i=0; i<v->length; i++)
+ {
+ if ((p[i] > '~') || ((p[i] < ' ') &&
+ (p[i] != '\n') && (p[i] != '\r')))
+ buf[n]='.';
+ else
+ buf[n]=p[i];
+ n++;
+ if (n >= 80)
+ {
+ if (BIO_write(bp,buf,n) <= 0)
+ return(0);
+ n=0;
+ }
+ }
+ if (n > 0)
+ if (BIO_write(bp,buf,n) <= 0)
+ return(0);
+ return(1);
+ }
+
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+ if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+ if(tm->type == V_ASN1_GENERALIZEDTIME)
+ return ASN1_GENERALIZEDTIME_print(bp, tm);
+ BIO_write(bp,"Bad time value",14);
+ return(0);
+}
+
+static const char *mon[12]=
+ {
+ "Jan","Feb","Mar","Apr","May","Jun",
+ "Jul","Aug","Sep","Oct","Nov","Dec"
+ };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+ {
+ char *v;
+ int gmt=0;
+ int i;
+ int y=0,M=0,d=0,h=0,m=0,s=0;
+ char *f = NULL;
+ int f_len = 0;
+
+ i=tm->length;
+ v=(char *)tm->data;
+
+ if (i < 12) goto err;
+ if (v[i-1] == 'Z') gmt=1;
+ for (i=0; i<12; i++)
+ if ((v[i] > '9') || (v[i] < '0')) goto err;
+ y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+ M= (v[4]-'0')*10+(v[5]-'0');
+ if ((M > 12) || (M < 1)) goto err;
+ d= (v[6]-'0')*10+(v[7]-'0');
+ h= (v[8]-'0')*10+(v[9]-'0');
+ m= (v[10]-'0')*10+(v[11]-'0');
+ if (tm->length >= 14 &&
+ (v[12] >= '0') && (v[12] <= '9') &&
+ (v[13] >= '0') && (v[13] <= '9'))
+ {
+ s= (v[12]-'0')*10+(v[13]-'0');
+ /* Check for fractions of seconds. */
+ if (tm->length >= 15 && v[14] == '.')
+ {
+ int l = tm->length;
+ f = &v[14]; /* The decimal point. */
+ f_len = 1;
+ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+ ++f_len;
+ }
+ }
+
+ if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
+ mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
+ return(0);
+ else
+ return(1);
+err:
+ BIO_write(bp,"Bad time value",14);
+ return(0);
+ }
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+ {
+ char *v;
+ int gmt=0;
+ int i;
+ int y=0,M=0,d=0,h=0,m=0,s=0;
+
+ i=tm->length;
+ v=(char *)tm->data;
+
+ if (i < 10) goto err;
+ if (v[i-1] == 'Z') gmt=1;
+ for (i=0; i<10; i++)
+ if ((v[i] > '9') || (v[i] < '0')) goto err;
+ y= (v[0]-'0')*10+(v[1]-'0');
+ if (y < 50) y+=100;
+ M= (v[2]-'0')*10+(v[3]-'0');
+ if ((M > 12) || (M < 1)) goto err;
+ d= (v[4]-'0')*10+(v[5]-'0');
+ h= (v[6]-'0')*10+(v[7]-'0');
+ m= (v[8]-'0')*10+(v[9]-'0');
+ if (tm->length >=12 &&
+ (v[10] >= '0') && (v[10] <= '9') &&
+ (v[11] >= '0') && (v[11] <= '9'))
+ s= (v[10]-'0')*10+(v[11]-'0');
+
+ if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+ mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+ return(0);
+ else
+ return(1);
+err:
+ BIO_write(bp,"Bad time value",14);
+ return(0);
+ }
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+ {
+ char *s,*c,*b;
+ int ret=0,l,i;
+
+ l=80-2-obase;
+
+ b=X509_NAME_oneline(name,NULL,0);
+ if (!b)
+ return 0;
+ if (!*b)
+ {
+ OPENSSL_free(b);
+ return 1;
+ }
+ s=b+1; /* skip the first slash */
+
+ c=s;
+ for (;;)
+ {
+#ifndef CHARSET_EBCDIC
+ if ( ((*s == '/') &&
+ ((s[1] >= 'A') && (s[1] <= 'Z') && (
+ (s[2] == '=') ||
+ ((s[2] >= 'A') && (s[2] <= 'Z') &&
+ (s[3] == '='))
+ ))) ||
+ (*s == '\0'))
+#else
+ if ( ((*s == '/') &&
+ (isupper(s[1]) && (
+ (s[2] == '=') ||
+ (isupper(s[2]) &&
+ (s[3] == '='))
+ ))) ||
+ (*s == '\0'))
+#endif
+ {
+ i=s-c;
+ if (BIO_write(bp,c,i) != i) goto err;
+ c=s+1; /* skip following slash */
+ if (*s != '\0')
+ {
+ if (BIO_write(bp,", ",2) != 2) goto err;
+ }
+ l--;
+ }
+ if (*s == '\0') break;
+ s++;
+ l--;
+ }
+
+ ret=1;
+ if (0)
+ {
+err:
+ X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
+ }
+ OPENSSL_free(b);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,110 @@
+/* t_x509a.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+ char oidstr[80], first;
+ int i;
+ if(!aux) return 1;
+ if(aux->trust) {
+ first = 1;
+ BIO_printf(out, "%*sTrusted Uses:\n%*s",
+ indent, "", indent + 2, "");
+ for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+ if(!first) BIO_puts(out, ", ");
+ else first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(aux->trust, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+ if(aux->reject) {
+ first = 1;
+ BIO_printf(out, "%*sRejected Uses:\n%*s",
+ indent, "", indent + 2, "");
+ for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+ if(!first) BIO_puts(out, ", ");
+ else first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(aux->reject, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
+ aux->alias->data);
+ if(aux->keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for(i = 0; i < aux->keyid->length; i++)
+ BIO_printf(out, "%s%02X",
+ i ? ":" : "",
+ aux->keyid->data[i]);
+ BIO_write(out,"\n",1);
+ }
+ return 1;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1343 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+ char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+ char *inf, char *cst,
+ const unsigned char **in, long len,
+ int exptag, int expclass, char opt,
+ ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
+B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+ };
+
+unsigned long ASN1_tag2bit(int tag)
+ {
+ if ((tag < 0) || (tag > 30)) return 0;
+ return tag2bit[tag];
+ }
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c) if (c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just
+ * like a standard 'd2i' function. 'in' points to
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len, const ASN1_ITEM *it)
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+ if (!pval)
+ pval = &ptmpval;
+ c.valid = 0;
+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ return *pval;
+ return NULL;
+ }
+
+int ASN1_template_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+ {
+ ASN1_TLC c;
+ c.valid = 0;
+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+ }
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+ {
+ const ASN1_TEMPLATE *tt, *errtt = NULL;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ const unsigned char *p = NULL, *q;
+ unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
+ unsigned char imphack = 0, oclass;
+ char seq_eoc, seq_nolen, cst, isopt;
+ long tmplen;
+ int i;
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else asn1_cb = 0;
+
+ switch(it->itype)
+ {
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ {
+ /* tagging or OPTIONAL is currently illegal on an item
+ * template because the flags can't get passed down.
+ * In practice this isn't a problem: we include the
+ * relevant flags from the item template in the
+ * template itself.
+ */
+ if ((tag != -1) || opt)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+ goto err;
+ }
+ return asn1_template_ex_d2i(pval, in, len,
+ it->templates, opt, ctx);
+ }
+ return asn1_d2i_ex_primitive(pval, in, len, it,
+ tag, aclass, opt, ctx);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+ &p, len, -1, 0, 1, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ /* Must be UNIVERSAL class */
+ if (oclass != V_ASN1_UNIVERSAL)
+ {
+ /* If OPTIONAL, assume this is OK */
+ if (opt) return -1;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype))
+ {
+ /* If OPTIONAL, assume this is OK */
+ if (opt)
+ return -1;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_MSTRING_WRONG_TAG);
+ goto err;
+ }
+ return asn1_d2i_ex_primitive(pval, in, len,
+ it, otag, 0, 0, ctx);
+
+ case ASN1_ITYPE_EXTERN:
+ /* Use new style d2i */
+ ef = it->funcs;
+ return ef->asn1_ex_d2i(pval, in, len,
+ it, tag, aclass, opt, ctx);
+
+ case ASN1_ITYPE_COMPAT:
+ /* we must resort to old style evil hackery */
+ cf = it->funcs;
+
+ /* If OPTIONAL see if it is there */
+ if (opt)
+ {
+ int exptag;
+ p = *in;
+ if (tag == -1)
+ exptag = it->utype;
+ else exptag = tag;
+ /* Don't care about anything other than presence
+ * of expected tag */
+
+ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+ &p, len, exptag, aclass, 1, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if (ret == -1)
+ return -1;
+ }
+
+ /* This is the old style evil hack IMPLICIT handling:
+ * since the underlying code is expecting a tag and
+ * class other than the one present we change the
+ * buffer temporarily then change it back afterwards.
+ * This doesn't and never did work for tags > 30.
+ *
+ * Yes this is *horrible* but it is only needed for
+ * old style d2i which will hopefully not be around
+ * for much longer.
+ * FIXME: should copy the buffer then modify it so
+ * the input buffer can be const: we should *always*
+ * copy because the old style d2i might modify the
+ * buffer.
+ */
+
+ if (tag != -1)
+ {
+ wp = *(unsigned char **)in;
+ imphack = *wp;
+ if (p == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
+ | it->utype);
+ }
+
+ ptmpval = cf->asn1_d2i(pval, in, len);
+
+ if (tag != -1)
+ *wp = imphack;
+
+ if (ptmpval)
+ return 1;
+
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
+ /* Allocate structure */
+ if (!*pval && !ASN1_item_ex_new(pval, it))
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ /* CHOICE type, try each possibility in turn */
+ p = *in;
+ for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
+ {
+ pchptr = asn1_get_field_ptr(pval, tt);
+ /* We mark field as OPTIONAL so its absence
+ * can be recognised.
+ */
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+ /* If field not present, try the next one */
+ if (ret == -1)
+ continue;
+ /* If positive return, read OK, break loop */
+ if (ret > 0)
+ break;
+ /* Otherwise must be an ASN1 parsing error */
+ errtt = tt;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ /* Did we fall off the end without reading anything? */
+ if (i == it->tcount)
+ {
+ /* If OPTIONAL, this is OK */
+ if (opt)
+ {
+ /* Free and zero it */
+ ASN1_item_ex_free(pval, it);
+ return -1;
+ }
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_NO_MATCHING_CHOICE_TYPE);
+ goto err;
+ }
+
+ asn1_set_choice_selector(pval, i, it);
+ *in = p;
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+ goto auxerr;
+ return 1;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ p = *in;
+ tmplen = len;
+
+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+ if (tag == -1)
+ {
+ tag = V_ASN1_SEQUENCE;
+ aclass = V_ASN1_UNIVERSAL;
+ }
+ /* Get SEQUENCE length and update len, p */
+ ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+ &p, len, tag, aclass, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ else if (ret == -1)
+ return -1;
+ if (aux && (aux->flags & ASN1_AFLG_BROKEN))
+ {
+ len = tmplen - (p - *in);
+ seq_nolen = 1;
+ }
+ /* If indefinite we don't do a length check */
+ else seq_nolen = seq_eoc;
+ if (!cst)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+ goto err;
+ }
+
+ if (!*pval && !ASN1_item_ex_new(pval, it))
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ goto err;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* Have we ran out of data? */
+ if (!len)
+ break;
+ q = p;
+ if (asn1_check_eoc(&p, len))
+ {
+ if (!seq_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_UNEXPECTED_EOC);
+ goto err;
+ }
+ len -= p - q;
+ seq_eoc = 0;
+ q = p;
+ break;
+ }
+ /* This determines the OPTIONAL flag value. The field
+ * cannot be omitted if it is the last of a SEQUENCE
+ * and there is still data to be read. This isn't
+ * strictly necessary but it increases efficiency in
+ * some cases.
+ */
+ if (i == (it->tcount - 1))
+ isopt = 0;
+ else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+ /* attempt to read in field, allowing each to be
+ * OPTIONAL */
+
+ ret = asn1_template_ex_d2i(pseqval, &p, len,
+ seqtt, isopt, ctx);
+ if (!ret)
+ {
+ errtt = seqtt;
+ goto err;
+ }
+ else if (ret == -1)
+ {
+ /* OPTIONAL component absent.
+ * Free and zero the field.
+ */
+ ASN1_template_free(pseqval, seqtt);
+ continue;
+ }
+ /* Update length */
+ len -= p - q;
+ }
+
+ /* Check for EOC if expecting one */
+ if (seq_eoc && !asn1_check_eoc(&p, len))
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ /* Check all data read */
+ if (!seq_nolen && len)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ /* If we get here we've got no more data in the SEQUENCE,
+ * however we may not have read all fields so check all
+ * remaining are OPTIONAL and clear any that are.
+ */
+ for (; i < it->tcount; tt++, i++)
+ {
+ const ASN1_TEMPLATE *seqtt;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ goto err;
+ if (seqtt->flags & ASN1_TFLG_OPTIONAL)
+ {
+ ASN1_VALUE **pseqval;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ else
+ {
+ errtt = seqtt;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_FIELD_MISSING);
+ goto err;
+ }
+ }
+ /* Save encoding */
+ if (!asn1_enc_save(pval, *in, p - *in, it))
+ goto auxerr;
+ *in = p;
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+ goto auxerr;
+ return 1;
+
+ default:
+ return 0;
+ }
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+ ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+ ", Type=", it->sname);
+ else
+ ERR_add_error_data(2, "Type=", it->sname);
+ return 0;
+ }
+
+/* Templates are handled with two separate functions.
+ * One handles any EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long inlen,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx)
+ {
+ int flags, aclass;
+ int ret;
+ long len;
+ const unsigned char *p, *q;
+ char exp_eoc;
+ if (!val)
+ return 0;
+ flags = tt->flags;
+ aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+ p = *in;
+
+ /* Check if EXPLICIT tag expected */
+ if (flags & ASN1_TFLG_EXPTAG)
+ {
+ char cst;
+ /* Need to work out amount of data available to the inner
+ * content and where it starts: so read in EXPLICIT header to
+ * get the info.
+ */
+ ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+ &p, inlen, tt->tag, aclass, opt, ctx);
+ q = p;
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ else if (ret == -1)
+ return -1;
+ if (!cst)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+ return 0;
+ }
+ /* We've found the field so it can't be OPTIONAL now */
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ /* We read the field in OK so update length */
+ len -= p - q;
+ if (exp_eoc)
+ {
+ /* If NDEF we must have an EOC here */
+ if (!asn1_check_eoc(&p, len))
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ }
+ else
+ {
+ /* Otherwise we must hit the EXPLICIT tag end or its
+ * an error */
+ if (len)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+ goto err;
+ }
+ }
+ }
+ else
+ return asn1_template_noexp_d2i(val, in, inlen,
+ tt, opt, ctx);
+
+ *in = p;
+ return 1;
+
+ err:
+ ASN1_template_free(val, tt);
+ return 0;
+ }
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx)
+ {
+ int flags, aclass;
+ int ret;
+ const unsigned char *p, *q;
+ if (!val)
+ return 0;
+ flags = tt->flags;
+ aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+ p = *in;
+ q = p;
+
+ if (flags & ASN1_TFLG_SK_MASK)
+ {
+ /* SET OF, SEQUENCE OF */
+ int sktag, skaclass;
+ char sk_eoc;
+ /* First work out expected inner tag value */
+ if (flags & ASN1_TFLG_IMPTAG)
+ {
+ sktag = tt->tag;
+ skaclass = aclass;
+ }
+ else
+ {
+ skaclass = V_ASN1_UNIVERSAL;
+ if (flags & ASN1_TFLG_SET_OF)
+ sktag = V_ASN1_SET;
+ else
+ sktag = V_ASN1_SEQUENCE;
+ }
+ /* Get the tag */
+ ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+ &p, len, sktag, skaclass, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ else if (ret == -1)
+ return -1;
+ if (!*val)
+ *val = (ASN1_VALUE *)sk_new_null();
+ else
+ {
+ /* We've got a valid STACK: free up any items present */
+ STACK *sktmp = (STACK *)*val;
+ ASN1_VALUE *vtmp;
+ while(sk_num(sktmp) > 0)
+ {
+ vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+ ASN1_item_ex_free(&vtmp,
+ ASN1_ITEM_ptr(tt->item));
+ }
+ }
+
+ if (!*val)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Read as many items as we can */
+ while(len > 0)
+ {
+ ASN1_VALUE *skfield;
+ q = p;
+ /* See if EOC found */
+ if (asn1_check_eoc(&p, len))
+ {
+ if (!sk_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ASN1_R_UNEXPECTED_EOC);
+ goto err;
+ }
+ len -= p - q;
+ sk_eoc = 0;
+ break;
+ }
+ skfield = NULL;
+ if (!ASN1_item_ex_d2i(&skfield, &p, len,
+ ASN1_ITEM_ptr(tt->item),
+ -1, 0, 0, ctx))
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ len -= p - q;
+ if (!sk_push((STACK *)*val, (char *)skfield))
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ if (sk_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ }
+ else if (flags & ASN1_TFLG_IMPTAG)
+ {
+ /* IMPLICIT tagging */
+ ret = ASN1_item_ex_d2i(val, &p, len,
+ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ else if (ret == -1)
+ return -1;
+ }
+ else
+ {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, 0, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ else if (ret == -1)
+ return -1;
+ }
+
+ *in = p;
+ return 1;
+
+ err:
+ ASN1_template_free(val, tt);
+ return 0;
+ }
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+ const unsigned char **in, long inlen,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+ {
+ int ret = 0, utype;
+ long plen;
+ char cst, inf, free_cont = 0;
+ const unsigned char *p;
+ BUF_MEM buf;
+ const unsigned char *cont = NULL;
+ long len;
+ if (!pval)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+ return 0; /* Should never happen */
+ }
+
+ if (it->itype == ASN1_ITYPE_MSTRING)
+ {
+ utype = tag;
+ tag = -1;
+ }
+ else
+ utype = it->utype;
+
+ if (utype == V_ASN1_ANY)
+ {
+ /* If type is ANY need to figure out type from tag */
+ unsigned char oclass;
+ if (tag >= 0)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_ILLEGAL_TAGGED_ANY);
+ return 0;
+ }
+ if (opt)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_ILLEGAL_OPTIONAL_ANY);
+ return 0;
+ }
+ p = *in;
+ ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+ &p, inlen, -1, 0, 0, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (oclass != V_ASN1_UNIVERSAL)
+ utype = V_ASN1_OTHER;
+ }
+ if (tag == -1)
+ {
+ tag = utype;
+ aclass = V_ASN1_UNIVERSAL;
+ }
+ p = *in;
+ /* Check header */
+ ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+ &p, inlen, tag, aclass, opt, ctx);
+ if (!ret)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ else if (ret == -1)
+ return -1;
+ ret = 0;
+ /* SEQUENCE, SET and "OTHER" are left in encoded form */
+ if ((utype == V_ASN1_SEQUENCE)
+ || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
+ {
+ /* Clear context cache for type OTHER because the auto clear
+ * when we have a exact match wont work
+ */
+ if (utype == V_ASN1_OTHER)
+ {
+ asn1_tlc_clear(ctx);
+ }
+ /* SEQUENCE and SET must be constructed */
+ else if (!cst)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_CONSTRUCTED);
+ return 0;
+ }
+
+ cont = *in;
+ /* If indefinite length constructed find the real end */
+ if (inf)
+ {
+ if (!asn1_find_end(&p, plen, inf))
+ goto err;
+ len = p - cont;
+ }
+ else
+ {
+ len = p - cont + plen;
+ p += plen;
+ buf.data = NULL;
+ }
+ }
+ else if (cst)
+ {
+ buf.length = 0;
+ buf.max = 0;
+ buf.data = NULL;
+ /* Should really check the internal tags are correct but
+ * some things may get this wrong. The relevant specs
+ * say that constructed string types should be OCTET STRINGs
+ * internally irrespective of the type. So instead just check
+ * for UNIVERSAL class and ignore the tag.
+ */
+ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
+ {
+ free_cont = 1;
+ goto err;
+ }
+ len = buf.length;
+ /* Append a final null to string */
+ if (!BUF_MEM_grow_clean(&buf, len + 1))
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ buf.data[len] = 0;
+ cont = (const unsigned char *)buf.data;
+ free_cont = 1;
+ }
+ else
+ {
+ cont = p;
+ len = plen;
+ p += plen;
+ }
+
+ /* We now have content length and type: translate into a structure */
+ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+ goto err;
+
+ *in = p;
+ ret = 1;
+ err:
+ if (free_cont && buf.data) OPENSSL_free(buf.data);
+ return ret;
+ }
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+ {
+ ASN1_VALUE **opval = NULL;
+ ASN1_STRING *stmp;
+ ASN1_TYPE *typ = NULL;
+ int ret = 0;
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ ASN1_INTEGER **tint;
+ pf = it->funcs;
+
+ if (pf && pf->prim_c2i)
+ return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+ /* If ANY type clear type and set pointer to internal value */
+ if (it->utype == V_ASN1_ANY)
+ {
+ if (!*pval)
+ {
+ typ = ASN1_TYPE_new();
+ if (typ == NULL)
+ goto err;
+ *pval = (ASN1_VALUE *)typ;
+ }
+ else
+ typ = (ASN1_TYPE *)*pval;
+
+ if (utype != typ->type)
+ ASN1_TYPE_set(typ, utype, NULL);
+ opval = pval;
+ pval = &typ->value.asn1_value;
+ }
+ switch(utype)
+ {
+ case V_ASN1_OBJECT:
+ if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+ goto err;
+ break;
+
+ case V_ASN1_NULL:
+ if (len)
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_NULL_IS_WRONG_LENGTH);
+ goto err;
+ }
+ *pval = (ASN1_VALUE *)1;
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (len != 1)
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+ goto err;
+ }
+ else
+ {
+ ASN1_BOOLEAN *tbool;
+ tbool = (ASN1_BOOLEAN *)pval;
+ *tbool = *cont;
+ }
+ break;
+
+ case V_ASN1_BIT_STRING:
+ if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+ goto err;
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ tint = (ASN1_INTEGER **)pval;
+ if (!c2i_ASN1_INTEGER(tint, &cont, len))
+ goto err;
+ /* Fixup type to match the expected form */
+ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_OTHER:
+ case V_ASN1_SET:
+ case V_ASN1_SEQUENCE:
+ default:
+ if (utype == V_ASN1_BMPSTRING && (len & 1))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ /* All based on ASN1_STRING and handled the same */
+ if (!*pval)
+ {
+ stmp = ASN1_STRING_type_new(utype);
+ if (!stmp)
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ *pval = (ASN1_VALUE *)stmp;
+ }
+ else
+ {
+ stmp = (ASN1_STRING *)*pval;
+ stmp->type = utype;
+ }
+ /* If we've already allocated a buffer use it */
+ if (*free_cont)
+ {
+ if (stmp->data)
+ OPENSSL_free(stmp->data);
+ stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+ stmp->length = len;
+ *free_cont = 0;
+ }
+ else
+ {
+ if (!ASN1_STRING_set(stmp, cont, len))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ERR_R_MALLOC_FAILURE);
+ ASN1_STRING_free(stmp);
+ *pval = NULL;
+ goto err;
+ }
+ }
+ break;
+ }
+ /* If ASN1_ANY and NULL type fix up value */
+ if (typ && (utype == V_ASN1_NULL))
+ typ->value.ptr = NULL;
+
+ ret = 1;
+ err:
+ if (!ret)
+ {
+ ASN1_TYPE_free(typ);
+ if (opval)
+ *opval = NULL;
+ }
+ return ret;
+ }
+
+
+/* This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content.
+ * This is more efficient than calling asn1_collect because it does not
+ * recurse on each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+ {
+ int expected_eoc;
+ long plen;
+ const unsigned char *p = *in, *q;
+ /* If not indefinite length constructed just add length */
+ if (inf == 0)
+ {
+ *in += len;
+ return 1;
+ }
+ expected_eoc = 1;
+ /* Indefinite length constructed form. Find the end when enough EOCs
+ * are found. If more indefinite length constructed headers
+ * are encountered increment the expected eoc count otherwise just
+ * skip to the end of the data.
+ */
+ while (len > 0)
+ {
+ if(asn1_check_eoc(&p, len))
+ {
+ expected_eoc--;
+ if (expected_eoc == 0)
+ break;
+ len -= 2;
+ continue;
+ }
+ q = p;
+ /* Just read in a header: only care about the length */
+ if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+ -1, 0, 0, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (inf)
+ expected_eoc++;
+ else
+ p += plen;
+ len -= p - q;
+ }
+ if (expected_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+ }
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/* This determines how many levels of recursion are permitted in ASN1
+ * string types. If it is not limited stack overflows can occur. If set
+ * to zero no recursion is allowed at all. Although zero should be adequate
+ * examples exist that require a value of 1. So 5 should be more than enough.
+ */
+#define ASN1_MAX_STRING_NEST 5
+#endif
+
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+ char inf, int tag, int aclass, int depth)
+ {
+ const unsigned char *p, *q;
+ long plen;
+ char cst, ininf;
+ p = *in;
+ inf &= 1;
+ /* If no buffer and not indefinite length constructed just pass over
+ * the encoded data */
+ if (!buf && !inf)
+ {
+ *in += len;
+ return 1;
+ }
+ while(len > 0)
+ {
+ q = p;
+ /* Check for EOC */
+ if (asn1_check_eoc(&p, len))
+ {
+ /* EOC is illegal outside indefinite length
+ * constructed form */
+ if (!inf)
+ {
+ ASN1err(ASN1_F_ASN1_COLLECT,
+ ASN1_R_UNEXPECTED_EOC);
+ return 0;
+ }
+ inf = 0;
+ break;
+ }
+
+ if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+ len, tag, aclass, 0, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+
+ /* If indefinite length constructed update max length */
+ if (cst)
+ {
+ if (depth >= ASN1_MAX_STRING_NEST)
+ {
+ ASN1err(ASN1_F_ASN1_COLLECT,
+ ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+ }
+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
+ depth + 1))
+ return 0;
+ }
+ else if (plen && !collect_data(buf, &p, plen))
+ return 0;
+ len -= p - q;
+ }
+ if (inf)
+ {
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+ }
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+ {
+ int len;
+ if (buf)
+ {
+ len = buf->length;
+ if (!BUF_MEM_grow_clean(buf, len + plen))
+ {
+ ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memcpy(buf->data + len, *p, plen);
+ }
+ *p += plen;
+ return 1;
+ }
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+ {
+ const unsigned char *p;
+ if (len < 2) return 0;
+ p = *in;
+ if (!p[0] && !p[1])
+ {
+ *in += 2;
+ return 1;
+ }
+ return 0;
+ }
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+ char *inf, char *cst,
+ const unsigned char **in, long len,
+ int exptag, int expclass, char opt,
+ ASN1_TLC *ctx)
+ {
+ int i;
+ int ptag, pclass;
+ long plen;
+ const unsigned char *p, *q;
+ p = *in;
+ q = p;
+
+ if (ctx && ctx->valid)
+ {
+ i = ctx->ret;
+ plen = ctx->plen;
+ pclass = ctx->pclass;
+ ptag = ctx->ptag;
+ p += ctx->hdrlen;
+ }
+ else
+ {
+ i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+ if (ctx)
+ {
+ ctx->ret = i;
+ ctx->plen = plen;
+ ctx->pclass = pclass;
+ ctx->ptag = ptag;
+ ctx->hdrlen = p - q;
+ ctx->valid = 1;
+ /* If definite length, and no error, length +
+ * header can't exceed total amount of data available.
+ */
+ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
+ {
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN,
+ ASN1_R_TOO_LONG);
+ asn1_tlc_clear(ctx);
+ return 0;
+ }
+ }
+ }
+
+ if (i & 0x80)
+ {
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+ asn1_tlc_clear(ctx);
+ return 0;
+ }
+ if (exptag >= 0)
+ {
+ if ((exptag != ptag) || (expclass != pclass))
+ {
+ /* If type is OPTIONAL, not an error:
+ * indicate missing type.
+ */
+ if (opt) return -1;
+ asn1_tlc_clear(ctx);
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+ return 0;
+ }
+ /* We have a tag and class match:
+ * assume we are going to do something with it */
+ asn1_tlc_clear(ctx);
+ }
+
+ if (i & 1)
+ plen = len - (p - q);
+
+ if (inf)
+ *inf = i & 1;
+
+ if (cst)
+ *cst = i & V_ASN1_CONSTRUCTED;
+
+ if (olen)
+ *olen = plen;
+
+ if (oclass)
+ *oclass = pclass;
+
+ if (otag)
+ *otag = ptag;
+
+ *in = p;
+ return 1;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,695 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it,
+ int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+ int skcontlen, const ASN1_ITEM *item,
+ int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt,
+ int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it, int flags);
+
+/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
+ * to use indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it)
+ {
+ return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+ }
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+ {
+ return asn1_item_flags_i2d(val, out, it, 0);
+ }
+
+/* Encode an ASN1 item, this is use by the
+ * standard 'i2d' function. 'out' points to
+ * a buffer to output the data to.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it, int flags)
+ {
+ if (out && !*out)
+ {
+ unsigned char *p, *buf;
+ int len;
+ len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+ if (len <= 0)
+ return len;
+ buf = OPENSSL_malloc(len);
+ if (!buf)
+ return -1;
+ p = buf;
+ ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+ *out = buf;
+ return len;
+ }
+
+ return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+ }
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass)
+ {
+ const ASN1_TEMPLATE *tt = NULL;
+ unsigned char *p = NULL;
+ int i, seqcontlen, seqlen, ndef = 1;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb = 0;
+
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+ return 0;
+
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+
+ switch(it->itype)
+ {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ return asn1_template_ex_i2d(pval, out, it->templates,
+ tag, aclass);
+ return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount))
+ {
+ ASN1_VALUE **pchval;
+ const ASN1_TEMPLATE *chtt;
+ chtt = it->templates + i;
+ pchval = asn1_get_field_ptr(pval, chtt);
+ return asn1_template_ex_i2d(pchval, out, chtt,
+ -1, aclass);
+ }
+ /* Fixme: error condition if selector out of range */
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+ return 0;
+ break;
+
+ case ASN1_ITYPE_EXTERN:
+ /* If new style i2d it does all the work */
+ ef = it->funcs;
+ return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+ case ASN1_ITYPE_COMPAT:
+ /* old style hackery... */
+ cf = it->funcs;
+ if (out)
+ p = *out;
+ i = cf->asn1_i2d(*pval, out);
+ /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+ * but so did the old code. Tags > 30 are very rare anyway.
+ */
+ if (out && (tag != -1))
+ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+ return i;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ /* Use indefinite length constructed if requested */
+ if (aclass & ASN1_TFLG_NDEF) ndef = 2;
+ /* fall through */
+
+ case ASN1_ITYPE_SEQUENCE:
+ i = asn1_enc_restore(&seqcontlen, out, pval, it);
+ /* An error occurred */
+ if (i < 0)
+ return 0;
+ /* We have a valid cached encoding... */
+ if (i > 0)
+ return seqcontlen;
+ /* Otherwise carry on */
+ seqcontlen = 0;
+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+ if (tag == -1)
+ {
+ tag = V_ASN1_SEQUENCE;
+ /* Retain any other flags in aclass */
+ aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+ | V_ASN1_UNIVERSAL;
+ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+ return 0;
+ /* First work out sequence content length */
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+ {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ return 0;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* FIXME: check for errors in enhanced version */
+ seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+ -1, aclass);
+ }
+
+ seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+ if (!out)
+ return seqlen;
+ /* Output SEQUENCE header */
+ ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+ {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ return 0;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* FIXME: check for errors in enhanced version */
+ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+ }
+ if (ndef == 2)
+ ASN1_put_eoc(out);
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+ return 0;
+ return seqlen;
+
+ default:
+ return 0;
+
+ }
+ return 0;
+ }
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt)
+ {
+ return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+ }
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt, int tag, int iclass)
+ {
+ int i, ret, flags, ttag, tclass, ndef;
+ flags = tt->flags;
+ /* Work out tag and class to use: tagging may come
+ * either from the template or the arguments, not both
+ * because this would create ambiguity. Additionally
+ * the iclass argument may contain some additional flags
+ * which should be noted and passed down to other levels.
+ */
+ if (flags & ASN1_TFLG_TAG_MASK)
+ {
+ /* Error if argument and template tagging */
+ if (tag != -1)
+ /* FIXME: error code here */
+ return -1;
+ /* Get tagging from template */
+ ttag = tt->tag;
+ tclass = flags & ASN1_TFLG_TAG_CLASS;
+ }
+ else if (tag != -1)
+ {
+ /* No template tagging, get from arguments */
+ ttag = tag;
+ tclass = iclass & ASN1_TFLG_TAG_CLASS;
+ }
+ else
+ {
+ ttag = -1;
+ tclass = 0;
+ }
+ /*
+ * Remove any class mask from iflag.
+ */
+ iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+ /* At this point 'ttag' contains the outer tag to use,
+ * 'tclass' is the class and iclass is any flags passed
+ * to this function.
+ */
+
+ /* if template and arguments require ndef, use it */
+ if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+ ndef = 2;
+ else ndef = 1;
+
+ if (flags & ASN1_TFLG_SK_MASK)
+ {
+ /* SET OF, SEQUENCE OF */
+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+ int isset, sktag, skaclass;
+ int skcontlen, sklen;
+ ASN1_VALUE *skitem;
+
+ if (!*pval)
+ return 0;
+
+ if (flags & ASN1_TFLG_SET_OF)
+ {
+ isset = 1;
+ /* 2 means we reorder */
+ if (flags & ASN1_TFLG_SEQUENCE_OF)
+ isset = 2;
+ }
+ else isset = 0;
+
+ /* Work out inner tag value: if EXPLICIT
+ * or no tagging use underlying type.
+ */
+ if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
+ {
+ sktag = ttag;
+ skaclass = tclass;
+ }
+ else
+ {
+ skaclass = V_ASN1_UNIVERSAL;
+ if (isset)
+ sktag = V_ASN1_SET;
+ else sktag = V_ASN1_SEQUENCE;
+ }
+
+ /* Determine total length of items */
+ skcontlen = 0;
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+ {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+ ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+ }
+ sklen = ASN1_object_size(ndef, skcontlen, sktag);
+ /* If EXPLICIT need length of surrounding tag */
+ if (flags & ASN1_TFLG_EXPTAG)
+ ret = ASN1_object_size(ndef, sklen, ttag);
+ else ret = sklen;
+
+ if (!out)
+ return ret;
+
+ /* Now encode this lot... */
+ /* EXPLICIT tag */
+ if (flags & ASN1_TFLG_EXPTAG)
+ ASN1_put_object(out, ndef, sklen, ttag, tclass);
+ /* SET or SEQUENCE and IMPLICIT tag */
+ ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+ /* And the stuff itself */
+ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+ isset, iclass);
+ if (ndef == 2)
+ {
+ ASN1_put_eoc(out);
+ if (flags & ASN1_TFLG_EXPTAG)
+ ASN1_put_eoc(out);
+ }
+
+ return ret;
+ }
+
+ if (flags & ASN1_TFLG_EXPTAG)
+ {
+ /* EXPLICIT tagging */
+ /* Find length of tagged item */
+ i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+ if (!i)
+ return 0;
+ /* Find length of EXPLICIT tag */
+ ret = ASN1_object_size(ndef, i, ttag);
+ if (out)
+ {
+ /* Output tag and item */
+ ASN1_put_object(out, ndef, i, ttag, tclass);
+ ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+ if (ndef == 2)
+ ASN1_put_eoc(out);
+ }
+ return ret;
+ }
+
+ /* Either normal or IMPLICIT tagging: combine class and flags */
+ return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+ ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+ unsigned char *data;
+ int length;
+ ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+ {
+ const DER_ENC *d1 = a, *d2 = b;
+ int cmplen, i;
+ cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+ i = memcmp(d1->data, d2->data, cmplen);
+ if (i)
+ return i;
+ return d1->length - d2->length;
+ }
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+ int skcontlen, const ASN1_ITEM *item,
+ int do_sort, int iclass)
+ {
+ int i;
+ ASN1_VALUE *skitem;
+ unsigned char *tmpdat = NULL, *p = NULL;
+ DER_ENC *derlst = NULL, *tder;
+ if (do_sort)
+ {
+ /* Don't need to sort less than 2 items */
+ if (sk_ASN1_VALUE_num(sk) < 2)
+ do_sort = 0;
+ else
+ {
+ derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+ * sizeof(*derlst));
+ if (!derlst)
+ return 0;
+ tmpdat = OPENSSL_malloc(skcontlen);
+ if (!tmpdat)
+ {
+ OPENSSL_free(derlst);
+ return 0;
+ }
+ }
+ }
+ /* If not sorting just output each item */
+ if (!do_sort)
+ {
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+ {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+ }
+ return 1;
+ }
+ p = tmpdat;
+
+ /* Doing sort: build up a list of each member's DER encoding */
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+ {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ tder->data = p;
+ tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+ tder->field = skitem;
+ }
+
+ /* Now sort them */
+ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+ /* Output sorted DER encoding */
+ p = *out;
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+ {
+ memcpy(p, tder->data, tder->length);
+ p += tder->length;
+ }
+ *out = p;
+ /* If do_sort is 2 then reorder the STACK */
+ if (do_sort == 2)
+ {
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
+ i++, tder++)
+ (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+ }
+ OPENSSL_free(derlst);
+ OPENSSL_free(tmpdat);
+ return 1;
+ }
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass)
+ {
+ int len;
+ int utype;
+ int usetag;
+ int ndef = 0;
+
+ utype = it->utype;
+
+ /* Get length of content octets and maybe find
+ * out the underlying type.
+ */
+
+ len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+ /* If SEQUENCE, SET or OTHER then header is
+ * included in pseudo content octets so don't
+ * include tag+length. We need to check here
+ * because the call to asn1_ex_i2c() could change
+ * utype.
+ */
+ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+ (utype == V_ASN1_OTHER))
+ usetag = 0;
+ else usetag = 1;
+
+ /* -1 means omit type */
+
+ if (len == -1)
+ return 0;
+
+ /* -2 return is special meaning use ndef */
+ if (len == -2)
+ {
+ ndef = 2;
+ len = 0;
+ }
+
+ /* If not implicitly tagged get tag from underlying type */
+ if (tag == -1) tag = utype;
+
+ /* Output tag+length followed by content octets */
+ if (out)
+ {
+ if (usetag)
+ ASN1_put_object(out, ndef, len, tag, aclass);
+ asn1_ex_i2c(pval, *out, &utype, it);
+ if (ndef)
+ ASN1_put_eoc(out);
+ else
+ *out += len;
+ }
+
+ if (usetag)
+ return ASN1_object_size(ndef, len, tag);
+ return len;
+ }
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+ const ASN1_ITEM *it)
+ {
+ ASN1_BOOLEAN *tbool = NULL;
+ ASN1_STRING *strtmp;
+ ASN1_OBJECT *otmp;
+ int utype;
+ unsigned char *cont, c;
+ int len;
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ pf = it->funcs;
+ if (pf && pf->prim_i2c)
+ return pf->prim_i2c(pval, cout, putype, it);
+
+ /* Should type be omitted? */
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+ || (it->utype != V_ASN1_BOOLEAN))
+ {
+ if (!*pval) return -1;
+ }
+
+ if (it->itype == ASN1_ITYPE_MSTRING)
+ {
+ /* If MSTRING type set the underlying type */
+ strtmp = (ASN1_STRING *)*pval;
+ utype = strtmp->type;
+ *putype = utype;
+ }
+ else if (it->utype == V_ASN1_ANY)
+ {
+ /* If ANY set type and pointer to value */
+ ASN1_TYPE *typ;
+ typ = (ASN1_TYPE *)*pval;
+ utype = typ->type;
+ *putype = utype;
+ pval = &typ->value.asn1_value;
+ }
+ else utype = *putype;
+
+ switch(utype)
+ {
+ case V_ASN1_OBJECT:
+ otmp = (ASN1_OBJECT *)*pval;
+ cont = otmp->data;
+ len = otmp->length;
+ break;
+
+ case V_ASN1_NULL:
+ cont = NULL;
+ len = 0;
+ break;
+
+ case V_ASN1_BOOLEAN:
+ tbool = (ASN1_BOOLEAN *)pval;
+ if (*tbool == -1)
+ return -1;
+ if (it->utype != V_ASN1_ANY)
+ {
+ /* Default handling if value == size field then omit */
+ if (*tbool && (it->size > 0))
+ return -1;
+ if (!*tbool && !it->size)
+ return -1;
+ }
+ c = (unsigned char)*tbool;
+ cont = &c;
+ len = 1;
+ break;
+
+ case V_ASN1_BIT_STRING:
+ return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+ cout ? &cout : NULL);
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ /* These are all have the same content format
+ * as ASN1_INTEGER
+ */
+ return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
+ cout ? &cout : NULL);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_SEQUENCE:
+ case V_ASN1_SET:
+ default:
+ /* All based on ASN1_STRING and handled the same */
+ strtmp = (ASN1_STRING *)*pval;
+ /* Special handling for NDEF */
+ if ((it->size == ASN1_TFLG_NDEF)
+ && (strtmp->flags & ASN1_STRING_FLAG_NDEF))
+ {
+ if (cout)
+ {
+ strtmp->data = cout;
+ strtmp->length = 0;
+ }
+ /* Special return code */
+ return -2;
+ }
+ cont = strtmp->data;
+ len = strtmp->length;
+
+ break;
+
+ }
+ if (cout && len)
+ memcpy(cout, cont, len);
+ return len;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,266 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+ {
+ asn1_item_combine_free(&val, it, 0);
+ }
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ asn1_item_combine_free(pval, it, 0);
+ }
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+ {
+ const ASN1_TEMPLATE *tt = NULL, *seqtt;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ int i;
+ if (!pval)
+ return;
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+ return;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else
+ asn1_cb = 0;
+
+ switch(it->itype)
+ {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ ASN1_template_free(pval, it->templates);
+ else
+ ASN1_primitive_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ ASN1_primitive_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb)
+ {
+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+ if (i == 2)
+ return;
+ }
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount))
+ {
+ ASN1_VALUE **pchval;
+ tt = it->templates + i;
+ pchval = asn1_get_field_ptr(pval, tt);
+ ASN1_template_free(pchval, tt);
+ }
+ if (asn1_cb)
+ asn1_cb(ASN1_OP_FREE_POST, pval, it);
+ if (!combine)
+ {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ cf = it->funcs;
+ if (cf && cf->asn1_free)
+ cf->asn1_free(*pval);
+ break;
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_free)
+ ef->asn1_ex_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ if (asn1_do_lock(pval, -1, it) > 0)
+ return;
+ if (asn1_cb)
+ {
+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+ if (i == 2)
+ return;
+ }
+ asn1_enc_free(pval, it);
+ /* If we free up as normal we will invalidate any
+ * ANY DEFINED BY field and we wont be able to
+ * determine the type of the field it defines. So
+ * free up in reverse order.
+ */
+ tt = it->templates + it->tcount - 1;
+ for (i = 0; i < it->tcount; tt--, i++)
+ {
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 0);
+ if (!seqtt)
+ continue;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ if (asn1_cb)
+ asn1_cb(ASN1_OP_FREE_POST, pval, it);
+ if (!combine)
+ {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
+ break;
+ }
+ }
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+ {
+ int i;
+ if (tt->flags & ASN1_TFLG_SK_MASK)
+ {
+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+ {
+ ASN1_VALUE *vtmp;
+ vtmp = sk_ASN1_VALUE_value(sk, i);
+ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
+ 0);
+ }
+ sk_ASN1_VALUE_free(sk);
+ *pval = NULL;
+ }
+ else
+ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+ tt->flags & ASN1_TFLG_COMBINE);
+ }
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ int utype;
+ if (it)
+ {
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ pf = it->funcs;
+ if (pf && pf->prim_free)
+ {
+ pf->prim_free(pval, it);
+ return;
+ }
+ }
+ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+ if (!it)
+ {
+ ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+ utype = typ->type;
+ pval = &typ->value.asn1_value;
+ if (!*pval)
+ return;
+ }
+ else if (it->itype == ASN1_ITYPE_MSTRING)
+ {
+ utype = -1;
+ if (!*pval)
+ return;
+ }
+ else
+ {
+ utype = it->utype;
+ if ((utype != V_ASN1_BOOLEAN) && !*pval)
+ return;
+ }
+
+ switch(utype)
+ {
+ case V_ASN1_OBJECT:
+ ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (it)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else
+ *(ASN1_BOOLEAN *)pval = -1;
+ return;
+
+ case V_ASN1_NULL:
+ break;
+
+ case V_ASN1_ANY:
+ ASN1_primitive_free(pval, NULL);
+ OPENSSL_free(*pval);
+ break;
+
+ default:
+ ASN1_STRING_free((ASN1_STRING *)*pval);
+ *pval = NULL;
+ break;
+ }
+ *pval = NULL;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,395 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+ {
+ ASN1_VALUE *ret = NULL;
+ if (ASN1_item_ex_new(&ret, it) > 0)
+ return ret;
+ return NULL;
+ }
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ return asn1_item_ex_combine_new(pval, it, 0);
+ }
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine)
+ {
+ const ASN1_TEMPLATE *tt = NULL;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ ASN1_VALUE **pseqval;
+ int i;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else
+ asn1_cb = 0;
+
+ if (!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_push_info(it->sname);
+#endif
+
+ switch(it->itype)
+ {
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_new)
+ {
+ if (!ef->asn1_ex_new(pval, it))
+ goto memerr;
+ }
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ cf = it->funcs;
+ if (cf && cf->asn1_new) {
+ *pval = cf->asn1_new();
+ if (!*pval)
+ goto memerr;
+ }
+ break;
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ {
+ if (!ASN1_template_new(pval, it->templates))
+ goto memerr;
+ }
+ else if (!ASN1_primitive_new(pval, it))
+ goto memerr;
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ if (!ASN1_primitive_new(pval, it))
+ goto memerr;
+ break;
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb)
+ {
+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+ if (!i)
+ goto auxerr;
+ if (i==2)
+ {
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 1;
+ }
+ }
+ if (!combine)
+ {
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ }
+ asn1_set_choice_selector(pval, -1, it);
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+ goto auxerr;
+ break;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ if (asn1_cb)
+ {
+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+ if (!i)
+ goto auxerr;
+ if (i==2)
+ {
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 1;
+ }
+ }
+ if (!combine)
+ {
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ asn1_do_lock(pval, 0, it);
+ asn1_enc_init(pval, it);
+ }
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+ {
+ pseqval = asn1_get_field_ptr(pval, tt);
+ if (!ASN1_template_new(pseqval, tt))
+ goto memerr;
+ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+ goto auxerr;
+ break;
+ }
+#ifdef CRYPTO_MDEBUG
+ if (it->sname) CRYPTO_pop_info();
+#endif
+ return 1;
+
+ memerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+ if (it->sname) CRYPTO_pop_info();
+#endif
+ return 0;
+
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+ ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+ if (it->sname) CRYPTO_pop_info();
+#endif
+ return 0;
+
+ }
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ const ASN1_EXTERN_FUNCS *ef;
+
+ switch(it->itype)
+ {
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_clear)
+ ef->asn1_ex_clear(pval, it);
+ else *pval = NULL;
+ break;
+
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ asn1_template_clear(pval, it->templates);
+ else
+ asn1_primitive_clear(pval, it);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ asn1_primitive_clear(pval, it);
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ case ASN1_ITYPE_CHOICE:
+ case ASN1_ITYPE_SEQUENCE:
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ *pval = NULL;
+ break;
+ }
+ }
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+ {
+ const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+ int ret;
+ if (tt->flags & ASN1_TFLG_OPTIONAL)
+ {
+ asn1_template_clear(pval, tt);
+ return 1;
+ }
+ /* If ANY DEFINED BY nothing to do */
+
+ if (tt->flags & ASN1_TFLG_ADB_MASK)
+ {
+ *pval = NULL;
+ return 1;
+ }
+#ifdef CRYPTO_MDEBUG
+ if (tt->field_name)
+ CRYPTO_push_info(tt->field_name);
+#endif
+ /* If SET OF or SEQUENCE OF, its a STACK */
+ if (tt->flags & ASN1_TFLG_SK_MASK)
+ {
+ STACK_OF(ASN1_VALUE) *skval;
+ skval = sk_ASN1_VALUE_new_null();
+ if (!skval)
+ {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+ ret = 0;
+ goto done;
+ }
+ *pval = (ASN1_VALUE *)skval;
+ ret = 1;
+ goto done;
+ }
+ /* Otherwise pass it back to the item routine */
+ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+ done:
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return ret;
+ }
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+ {
+ /* If ADB or STACK just NULL the field */
+ if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))
+ *pval = NULL;
+ else
+ asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+ }
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ ASN1_TYPE *typ;
+ int utype;
+
+ if (it && it->funcs)
+ {
+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+ if (pf->prim_new)
+ return pf->prim_new(pval, it);
+ }
+
+ if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ utype = -1;
+ else
+ utype = it->utype;
+ switch(utype)
+ {
+ case V_ASN1_OBJECT:
+ *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+ return 1;
+
+ case V_ASN1_BOOLEAN:
+ if (it)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else
+ *(ASN1_BOOLEAN *)pval = -1;
+ return 1;
+
+ case V_ASN1_NULL:
+ *pval = (ASN1_VALUE *)1;
+ return 1;
+
+ case V_ASN1_ANY:
+ typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+ if (!typ)
+ return 0;
+ typ->value.ptr = NULL;
+ typ->type = -1;
+ *pval = (ASN1_VALUE *)typ;
+ break;
+
+ default:
+ *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+ break;
+ }
+ if (*pval)
+ return 1;
+ return 0;
+ }
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ int utype;
+ if (it && it->funcs)
+ {
+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+ if (pf->prim_clear)
+ pf->prim_clear(pval, it);
+ else
+ *pval = NULL;
+ return;
+ }
+ if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ utype = -1;
+ else
+ utype = it->utype;
+ if (utype == V_ASN1_BOOLEAN)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else *pval = NULL;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+ return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+ ASN1_STRING *str;
+ const ASN1_TEMPLATE *tt;
+ void *tmpfld;
+ int i;
+ if(!fld) {
+ BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+ return 1;
+ }
+ switch(it->itype) {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if(it->templates)
+ return ASN1_template_print(out, fld, indent, it->templates);
+ return asn1_primitive_print(out, fld, it->utype, indent, name);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ str = fld;
+ return asn1_primitive_print(out, fld, str->type, indent, name);
+
+ case ASN1_ITYPE_EXTERN:
+ BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+ return 1;
+ case ASN1_ITYPE_COMPAT:
+ BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+ return 1;
+
+
+ case ASN1_ITYPE_CHOICE:
+ /* CHOICE type, get selector */
+ i = asn1_get_choice_selector(fld, it);
+ /* This should never happen... */
+ if((i < 0) || (i >= it->tcount)) {
+ BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+ return 1;
+ }
+ tt = it->templates + i;
+ tmpfld = asn1_get_field(fld, tt);
+ return ASN1_template_print(out, tmpfld, indent, tt);
+
+ case ASN1_ITYPE_SEQUENCE:
+ BIO_printf(out, "%*s%s {\n", indent, "", name);
+ /* Get each field entry */
+ for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ tmpfld = asn1_get_field(fld, tt);
+ ASN1_template_print(out, tmpfld, indent + 2, tt);
+ }
+ BIO_printf(out, "%*s}\n", indent, "");
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+ int i, flags;
+#if 0
+ if(!fld) return 0;
+#endif
+ flags = tt->flags;
+ if(flags & ASN1_TFLG_SK_MASK) {
+ char *tname;
+ void *skitem;
+ /* SET OF, SEQUENCE OF */
+ if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+ else tname = "SEQUENCE";
+ if(fld) {
+ BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+ for(i = 0; i < sk_num(fld); i++) {
+ skitem = sk_value(fld, i);
+ asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+ }
+ BIO_printf(out, "%*s}\n", indent, "");
+ } else
+ BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+ return 1;
+ }
+ return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+ ASN1_STRING *str = fld;
+ if(fld) {
+ if(utype == V_ASN1_BOOLEAN) {
+ int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+ BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+ } else if((utype == V_ASN1_INTEGER)
+ || (utype == V_ASN1_ENUMERATED)) {
+ char *s, *nm;
+ s = i2s_ASN1_INTEGER(NULL, fld);
+ if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+ else nm = "ENUMERATED";
+ BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+ OPENSSL_free(s);
+ } else if(utype == V_ASN1_NULL) {
+ BIO_printf(out, "%*s%s", indent, "", "NULL");
+ } else if(utype == V_ASN1_UTCTIME) {
+ BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+ ASN1_UTCTIME_print(out, str);
+ } else if(utype == V_ASN1_GENERALIZEDTIME) {
+ BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+ ASN1_GENERALIZEDTIME_print(out, str);
+ } else if(utype == V_ASN1_OBJECT) {
+ char objbuf[80], *ln;
+ ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+ if(!ln) ln = "";
+ OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+ BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+ } else {
+ BIO_printf(out, "%*s%s:", indent, "", name);
+ ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+ }
+ BIO_printf(out, "\n");
+ } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+ return 1;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,137 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
Added: vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,279 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ int *sel = offset2ptr(*pval, it->utype);
+ return *sel;
+ }
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+ {
+ int *sel, ret;
+ sel = offset2ptr(*pval, it->utype);
+ ret = *sel;
+ *sel = value;
+ return ret;
+ }
+
+/* Do reference counting. The value 'op' decides what to do.
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+ {
+ const ASN1_AUX *aux;
+ int *lck, ret;
+ if ((it->itype != ASN1_ITYPE_SEQUENCE)
+ && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+ return 0;
+ aux = it->funcs;
+ if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+ return 0;
+ lck = offset2ptr(*pval, aux->ref_offset);
+ if (op == 0)
+ {
+ *lck = 1;
+ return 1;
+ }
+ ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+ if (ret < 0)
+ fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+ return ret;
+ }
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ const ASN1_AUX *aux;
+ if (!pval || !*pval)
+ return NULL;
+ aux = it->funcs;
+ if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+ return NULL;
+ return offset2ptr(*pval, aux->enc_offset);
+ }
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (enc)
+ {
+ enc->enc = NULL;
+ enc->len = 0;
+ enc->modified = 1;
+ }
+ }
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (enc)
+ {
+ if (enc->enc)
+ OPENSSL_free(enc->enc);
+ enc->enc = NULL;
+ enc->len = 0;
+ enc->modified = 1;
+ }
+ }
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+ const ASN1_ITEM *it)
+ {
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (!enc)
+ return 1;
+
+ if (enc->enc)
+ OPENSSL_free(enc->enc);
+ enc->enc = OPENSSL_malloc(inlen);
+ if (!enc->enc)
+ return 0;
+ memcpy(enc->enc, in, inlen);
+ enc->len = inlen;
+ enc->modified = 0;
+
+ return 1;
+ }
+
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+ const ASN1_ITEM *it)
+ {
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (!enc || enc->modified)
+ return 0;
+ if (out)
+ {
+ memcpy(*out, enc->enc, enc->len);
+ *out += enc->len;
+ }
+ if (len)
+ *len = enc->len;
+ return 1;
+ }
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+ {
+ ASN1_VALUE **pvaltmp;
+ if (tt->flags & ASN1_TFLG_COMBINE)
+ return pval;
+ pvaltmp = offset2ptr(*pval, tt->offset);
+ /* NOTE for BOOLEAN types the field is just a plain
+ * int so we can't return int **, so settle for
+ * (int *).
+ */
+ return pvaltmp;
+ }
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+ int nullerr)
+ {
+ const ASN1_ADB *adb;
+ const ASN1_ADB_TABLE *atbl;
+ long selector;
+ ASN1_VALUE **sfld;
+ int i;
+ if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+ return tt;
+
+ /* Else ANY DEFINED BY ... get the table */
+ adb = ASN1_ADB_ptr(tt->item);
+
+ /* Get the selector field */
+ sfld = offset2ptr(*pval, adb->offset);
+
+ /* Check if NULL */
+ if (!sfld)
+ {
+ if (!adb->null_tt)
+ goto err;
+ return adb->null_tt;
+ }
+
+ /* Convert type to a long:
+ * NB: don't check for NID_undef here because it
+ * might be a legitimate value in the table
+ */
+ if (tt->flags & ASN1_TFLG_ADB_OID)
+ selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+ else
+ selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+ /* Try to find matching entry in table
+ * Maybe should check application types first to
+ * allow application override? Might also be useful
+ * to have a flag which indicates table is sorted and
+ * we can do a binary search. For now stick to a
+ * linear search.
+ */
+
+ for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+ if (atbl->value == selector)
+ return &atbl->tt;
+
+ /* FIXME: need to search application table too */
+
+ /* No match, return default type */
+ if (!adb->default_tt)
+ goto err;
+ return adb->default_tt;
+
+ err:
+ /* FIXME: should log the value or OID of unsupported type */
+ if (nullerr)
+ ASN1err(ASN1_F_ASN1_DO_ADB,
+ ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+ return NULL;
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/x_algor.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_algor.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_algor.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,130 @@
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+ ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+ ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+ {
+ if (!alg)
+ return 0;
+ if (ptype != V_ASN1_UNDEF)
+ {
+ if (alg->parameter == NULL)
+ alg->parameter = ASN1_TYPE_new();
+ if (alg->parameter == NULL)
+ return 0;
+ }
+ if (alg)
+ {
+ if (alg->algorithm)
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = aobj;
+ }
+ if (ptype == 0)
+ return 1;
+ if (ptype == V_ASN1_UNDEF)
+ {
+ if (alg->parameter)
+ {
+ ASN1_TYPE_free(alg->parameter);
+ alg->parameter = NULL;
+ }
+ }
+ else
+ ASN1_TYPE_set(alg->parameter, ptype, pval);
+ return 1;
+ }
+
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+ X509_ALGOR *algor)
+ {
+ if (paobj)
+ *paobj = algor->algorithm;
+ if (pptype)
+ {
+ if (algor->parameter == NULL)
+ {
+ *pptype = V_ASN1_UNDEF;
+ return;
+ }
+ else
+ *pptype = algor->parameter->type;
+ if (ppval)
+ *ppval = algor->parameter->value.ptr;
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,118 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ * {
+ * ASN1_OBJECT *object;
+ * int single;
+ * union {
+ * char *ptr;
+ * STACK_OF(ASN1_TYPE) *set;
+ * ASN1_TYPE *single;
+ * } value;
+ * } X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
+
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+ /* CHOICE type merged with parent */
+ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+ {
+ X509_ATTRIBUTE *ret=NULL;
+ ASN1_TYPE *val=NULL;
+
+ if ((ret=X509_ATTRIBUTE_new()) == NULL)
+ return(NULL);
+ ret->object=OBJ_nid2obj(nid);
+ ret->single=0;
+ if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
+ if ((val=ASN1_TYPE_new()) == NULL) goto err;
+ if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+
+ ASN1_TYPE_set(val,atrtype,value);
+ return(ret);
+err:
+ if (ret != NULL) X509_ATTRIBUTE_free(ret);
+ if (val != NULL) ASN1_TYPE_free(val);
+ return(NULL);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,139 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE 1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+ NULL, 0,
+ bn_new,
+ bn_free,
+ 0,
+ bn_c2i,
+ bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *pval = (ASN1_VALUE *)BN_new();
+ if(*pval) return 1;
+ else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if(!*pval) return;
+ if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+ else BN_free((BIGNUM *)*pval);
+ *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+ BIGNUM *bn;
+ int pad;
+ if(!*pval) return -1;
+ bn = (BIGNUM *)*pval;
+ /* If MSB set in an octet we need a padding byte */
+ if(BN_num_bits(bn) & 0x7) pad = 0;
+ else pad = 1;
+ if(cont) {
+ if(pad) *cont++ = 0;
+ BN_bn2bin(bn, cont);
+ }
+ return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ BIGNUM *bn;
+ if(!*pval) bn_new(pval, it);
+ bn = (BIGNUM *)*pval;
+ if(!BN_bin2bn(cont, len, bn)) {
+ bn_free(pval, it);
+ return 0;
+ }
+ return 1;
+}
+
+
Added: vendor-crypto/openssl/dist/crypto/asn1/x_crl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_crl.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_crl.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,140 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation.
+ * Since we cache the original encoding the signature wont be affected by
+ * reordering of the revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+ if(!a || !a->revoked) return 1;
+ switch(operation) {
+ /* Just set cmp function here. We don't sort because that
+ * would affect the output of X509_CRL_print().
+ */
+ case ASN1_OP_D2I_POST:
+ (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+ break;
+ }
+ return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+ const X509_REVOKED * const *b)
+ {
+ return(ASN1_STRING_cmp(
+ (ASN1_STRING *)(*a)->serialNumber,
+ (ASN1_STRING *)(*b)->serialNumber));
+ }
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+ X509_CRL_INFO *inf;
+ inf = crl->crl;
+ if(!inf->revoked)
+ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+ if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ inf->enc.modified = 1;
+ return 1;
+}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_exten.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_exten.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_exten.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,76 @@
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_info.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_info.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_info.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,114 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+ {
+ X509_INFO *ret=NULL;
+
+ ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+ if (ret == NULL)
+ {
+ ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+
+ ret->enc_cipher.cipher=NULL;
+ ret->enc_len=0;
+ ret->enc_data=NULL;
+
+ ret->references=1;
+ ret->x509=NULL;
+ ret->crl=NULL;
+ ret->x_pkey=NULL;
+ return(ret);
+ }
+
+void X509_INFO_free(X509_INFO *x)
+ {
+ int i;
+
+ if (x == NULL) return;
+
+ i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+ REF_PRINT("X509_INFO",x);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"X509_INFO_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (x->x509 != NULL) X509_free(x->x509);
+ if (x->crl != NULL) X509_CRL_free(x->crl);
+ if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+ if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
+ OPENSSL_free(x);
+ }
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
Added: vendor-crypto/openssl/dist/crypto/asn1/x_long.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_long.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_long.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,171 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+ NULL, 0,
+ long_new,
+ long_free,
+ long_free, /* Clear should set to initial value */
+ long_c2i,
+ long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(long *)pval = it->size;
+ return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+ long ltmp;
+ unsigned long utmp;
+ int clen, pad, i;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be long aligned */
+ memcpy(<mp, cp, sizeof(long));
+
+ if(ltmp == it->size) return -1;
+ /* Convert the long to positive: we subtract one if negative so
+ * we can cleanly handle the padding if only the MSB of the leading
+ * octet is set.
+ */
+ if(ltmp < 0) utmp = -ltmp - 1;
+ else utmp = ltmp;
+ clen = BN_num_bits_word(utmp);
+ /* If MSB of leading octet set we need to pad */
+ if(!(clen & 0x7)) pad = 1;
+ else pad = 0;
+
+ /* Convert number of bits to number of octets */
+ clen = (clen + 7) >> 3;
+
+ if(cont) {
+ if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+ for(i = clen - 1; i >= 0; i--) {
+ cont[i] = (unsigned char)(utmp & 0xff);
+ if(ltmp < 0) cont[i] ^= 0xff;
+ utmp >>= 8;
+ }
+ }
+ return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ int neg, i;
+ long ltmp;
+ unsigned long utmp = 0;
+ char *cp = (char *)pval;
+ if(len > (int)sizeof(long)) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
+ /* Is it negative? */
+ if(len && (cont[0] & 0x80)) neg = 1;
+ else neg = 0;
+ utmp = 0;
+ for(i = 0; i < len; i++) {
+ utmp <<= 8;
+ if(neg) utmp |= cont[i] ^ 0xff;
+ else utmp |= cont[i];
+ }
+ ltmp = (long)utmp;
+ if(neg) {
+ ltmp++;
+ ltmp = -ltmp;
+ }
+ if(ltmp == it->size) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
+ memcpy(cp, <mp, sizeof(long));
+ return 1;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/x_name.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_name.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_name.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,277 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
+
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+ NULL,
+ x509_name_ex_new,
+ x509_name_ex_free,
+ 0, /* Default clear behaviour is OK */
+ x509_name_ex_d2i,
+ x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+ X509_NAME *ret = NULL;
+ ret = OPENSSL_malloc(sizeof(X509_NAME));
+ if(!ret) goto memerr;
+ if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+ goto memerr;
+ if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+ ret->modified=1;
+ *val = (ASN1_VALUE *)ret;
+ return 1;
+
+ memerr:
+ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+ if (ret)
+ {
+ if (ret->entries)
+ sk_X509_NAME_ENTRY_free(ret->entries);
+ OPENSSL_free(ret);
+ }
+ return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_NAME *a;
+ if(!pval || !*pval)
+ return;
+ a = (X509_NAME *)*pval;
+
+ BUF_MEM_free(a->bytes);
+ sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+ OPENSSL_free(a);
+ *pval = NULL;
+}
+
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
+
+static void sk_internal_free(void *a)
+{
+ sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ const unsigned char *p = *in, *q;
+ union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+ union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+ int i, j, ret;
+ STACK_OF(X509_NAME_ENTRY) *entries;
+ X509_NAME_ENTRY *entry;
+ q = p;
+
+ /* Get internal representation of Name */
+ ret = ASN1_item_ex_d2i(&intname.a,
+ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+ tag, aclass, opt, ctx);
+
+ if(ret <= 0) return ret;
+
+ if(*val) x509_name_ex_free(val, NULL);
+ if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+ /* We've decoded it: now cache encoding */
+ if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+ memcpy(nm.x->bytes->data, q, p - q);
+
+ /* Convert internal representation to X509_NAME structure */
+ for(i = 0; i < sk_num(intname.s); i++) {
+ entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+ for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+ entry = sk_X509_NAME_ENTRY_value(entries, j);
+ entry->set = i;
+ if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+ goto err;
+ }
+ sk_X509_NAME_ENTRY_free(entries);
+ }
+ sk_free(intname.s);
+ nm.x->modified = 0;
+ *val = nm.a;
+ *in = p;
+ return ret;
+err:
+ if (nm.x != NULL)
+ X509_NAME_free(nm.x);
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+ int ret;
+ X509_NAME *a = (X509_NAME *)*val;
+ if(a->modified) {
+ ret = x509_name_encode((X509_NAME *)a);
+ if(ret < 0) return ret;
+ }
+ ret = a->bytes->length;
+ if(out != NULL) {
+ memcpy(*out,a->bytes->data,ret);
+ *out+=ret;
+ }
+ return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+ union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+ int len;
+ unsigned char *p;
+ STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+ X509_NAME_ENTRY *entry;
+ int i, set = -1;
+ intname.s = sk_new_null();
+ if(!intname.s) goto memerr;
+ for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+ entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+ if(entry->set != set) {
+ entries = sk_X509_NAME_ENTRY_new_null();
+ if(!entries) goto memerr;
+ if(!sk_push(intname.s, (char *)entries)) goto memerr;
+ set = entry->set;
+ }
+ if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+ }
+ len = ASN1_item_ex_i2d(&intname.a, NULL,
+ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+ if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+ p=(unsigned char *)a->bytes->data;
+ ASN1_item_ex_i2d(&intname.a,
+ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+ sk_pop_free(intname.s, sk_internal_free);
+ a->modified = 0;
+ return len;
+ memerr:
+ sk_pop_free(intname.s, sk_internal_free);
+ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+ return -1;
+}
+
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+ {
+ X509_NAME *in;
+
+ if (!xn || !name) return(0);
+
+ if (*xn != name)
+ {
+ in=X509_NAME_dup(name);
+ if (in != NULL)
+ {
+ X509_NAME_free(*xn);
+ *xn=in;
+ }
+ }
+ return(*xn != NULL);
+ }
+
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,151 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* need to implement */
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+ {
+ return(0);
+ }
+
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+ {
+ int i;
+ M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+
+ ret->cipher.cipher=EVP_get_cipherbyname(
+ OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+ if (ret->cipher.cipher == NULL)
+ {
+ c.error=ASN1_R_UNSUPPORTED_CIPHER;
+ c.line=__LINE__;
+ goto err;
+ }
+ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING)
+ {
+ i=ret->enc_algor->parameter->value.octet_string->length;
+ if (i > EVP_MAX_IV_LENGTH)
+ {
+ c.error=ASN1_R_IV_TOO_LARGE;
+ c.line=__LINE__;
+ goto err;
+ }
+ memcpy(ret->cipher.iv,
+ ret->enc_algor->parameter->value.octet_string->data,i);
+ }
+ else
+ memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+ M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+ }
+
+X509_PKEY *X509_PKEY_new(void)
+ {
+ X509_PKEY *ret=NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret,X509_PKEY);
+ ret->version=0;
+ M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+ M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
+ ret->dec_pkey=NULL;
+ ret->key_length=0;
+ ret->key_data=NULL;
+ ret->key_free=0;
+ ret->cipher.cipher=NULL;
+ memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+ ret->references=1;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+ }
+
+void X509_PKEY_free(X509_PKEY *x)
+ {
+ int i;
+
+ if (x == NULL) return;
+
+ i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("X509_PKEY",x);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+ if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
+ if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+ if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
+ OPENSSL_free(x);
+ }
Added: vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,543 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ if (operation == ASN1_OP_FREE_POST)
+ {
+ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+ EVP_PKEY_free(pubkey->pkey);
+ }
+ return 1;
+ }
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+ {
+ X509_PUBKEY *pk=NULL;
+ X509_ALGOR *a;
+ ASN1_OBJECT *o;
+ unsigned char *s,*p = NULL;
+ int i;
+
+ if (x == NULL) return(0);
+
+ if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+ a=pk->algor;
+
+ /* set the algorithm id */
+ if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm=o;
+
+ /* Set the parameter list */
+ if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+ {
+ if ((a->parameter == NULL) ||
+ (a->parameter->type != V_ASN1_NULL))
+ {
+ ASN1_TYPE_free(a->parameter);
+ if (!(a->parameter=ASN1_TYPE_new()))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ a->parameter->type=V_ASN1_NULL;
+ }
+ }
+#ifndef OPENSSL_NO_DSA
+ else if (pkey->type == EVP_PKEY_DSA)
+ {
+ unsigned char *pp;
+ DSA *dsa;
+
+ dsa=pkey->pkey.dsa;
+ dsa->write_params=0;
+ ASN1_TYPE_free(a->parameter);
+ if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
+ goto err;
+ if (!(p=(unsigned char *)OPENSSL_malloc(i)))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pp=p;
+ i2d_DSAparams(dsa,&pp);
+ if (!(a->parameter=ASN1_TYPE_new()))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ a->parameter->type=V_ASN1_SEQUENCE;
+ if (!(a->parameter->value.sequence=ASN1_STRING_new()))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ OPENSSL_free(p);
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ else if (pkey->type == EVP_PKEY_EC)
+ {
+ int nid=0;
+ unsigned char *pp;
+ EC_KEY *ec_key;
+ const EC_GROUP *group;
+
+ ec_key = pkey->pkey.ec;
+ ASN1_TYPE_free(a->parameter);
+
+ if ((a->parameter = ASN1_TYPE_new()) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ group = EC_KEY_get0_group(ec_key);
+ if (EC_GROUP_get_asn1_flag(group)
+ && (nid = EC_GROUP_get_curve_name(group)))
+ {
+ /* just set the OID */
+ a->parameter->type = V_ASN1_OBJECT;
+ a->parameter->value.object = OBJ_nid2obj(nid);
+ }
+ else /* explicit parameters */
+ {
+ if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
+ {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+ goto err;
+ }
+ if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pp = p;
+ if (!i2d_ECParameters(ec_key, &pp))
+ {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+ OPENSSL_free(p);
+ goto err;
+ }
+ a->parameter->type = V_ASN1_SEQUENCE;
+ if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+ OPENSSL_free(p);
+ goto err;
+ }
+ ASN1_STRING_set(a->parameter->value.sequence, p, i);
+ OPENSSL_free(p);
+ }
+ }
+#endif
+ else if (1)
+ {
+ X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+ goto err;
+ }
+
+ if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
+ if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p=s;
+ i2d_PublicKey(pkey,&p);
+ if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ /* Set number of unused bits to zero */
+ pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
+ OPENSSL_free(s);
+
+#if 0
+ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+ pk->pkey=pkey;
+#endif
+
+ if (*x != NULL)
+ X509_PUBKEY_free(*x);
+
+ *x=pk;
+
+ return 1;
+err:
+ if (pk != NULL) X509_PUBKEY_free(pk);
+ return 0;
+ }
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ {
+ EVP_PKEY *ret=NULL;
+ long j;
+ int type;
+ const unsigned char *p;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ const unsigned char *cp;
+ X509_ALGOR *a;
+#endif
+
+ if (key == NULL) goto err;
+
+ if (key->pkey != NULL)
+ {
+ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return(key->pkey);
+ }
+
+ if (key->public_key == NULL) goto err;
+
+ type=OBJ_obj2nid(key->algor->algorithm);
+ if ((ret = EVP_PKEY_new()) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->type = EVP_PKEY_type(type);
+
+ /* the parameters must be extracted before the public key (ECDSA!) */
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ a=key->algor;
+#endif
+
+ if (0)
+ ;
+#ifndef OPENSSL_NO_DSA
+ else if (ret->type == EVP_PKEY_DSA)
+ {
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+ {
+ if ((ret->pkey.dsa = DSA_new()) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->pkey.dsa->write_params=0;
+ cp=p=a->parameter->value.sequence->data;
+ j=a->parameter->value.sequence->length;
+ if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+ goto err;
+ }
+ ret->save_parameters=1;
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ else if (ret->type == EVP_PKEY_EC)
+ {
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+ {
+ /* type == V_ASN1_SEQUENCE => we have explicit parameters
+ * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
+ */
+ if ((ret->pkey.ec= EC_KEY_new()) == NULL)
+ {
+ X509err(X509_F_X509_PUBKEY_GET,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ cp = p = a->parameter->value.sequence->data;
+ j = a->parameter->value.sequence->length;
+ if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
+ {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
+ {
+ /* type == V_ASN1_OBJECT => the parameters are given
+ * by an asn1 OID
+ */
+ EC_KEY *ec_key;
+ EC_GROUP *group;
+
+ if (ret->pkey.ec == NULL)
+ ret->pkey.ec = EC_KEY_new();
+ ec_key = ret->pkey.ec;
+ if (ec_key == NULL)
+ goto err;
+ group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
+ if (group == NULL)
+ goto err;
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+ if (EC_KEY_set_group(ec_key, group) == 0)
+ goto err;
+ EC_GROUP_free(group);
+ }
+ /* the case implicitlyCA is currently not implemented */
+ ret->save_parameters = 1;
+ }
+#endif
+
+ p=key->public_key->data;
+ j=key->public_key->length;
+ if (!d2i_PublicKey(type, &ret, &p, (long)j))
+ {
+ X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+ goto err;
+ }
+
+ /* Check to see if another thread set key->pkey first */
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ if (key->pkey)
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_free(ret);
+ ret = key->pkey;
+ }
+ else
+ {
+ key->pkey = ret;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ }
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return(ret);
+err:
+ if (ret != NULL)
+ EVP_PKEY_free(ret);
+ return(NULL);
+ }
+
+/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
+ * and encode or decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+ long length)
+ {
+ X509_PUBKEY *xpk;
+ EVP_PKEY *pktmp;
+ xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ if(!xpk) return NULL;
+ pktmp = X509_PUBKEY_get(xpk);
+ X509_PUBKEY_free(xpk);
+ if(!pktmp) return NULL;
+ if(a)
+ {
+ EVP_PKEY_free(*a);
+ *a = pktmp;
+ }
+ return pktmp;
+ }
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+ {
+ X509_PUBKEY *xpk=NULL;
+ int ret;
+ if(!a) return 0;
+ if(!X509_PUBKEY_set(&xpk, a)) return 0;
+ ret = i2d_X509_PUBKEY(xpk, pp);
+ X509_PUBKEY_free(xpk);
+ return ret;
+ }
+
+/* The following are equivalents but which return RSA and DSA
+ * keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+ long length)
+ {
+ EVP_PKEY *pkey;
+ RSA *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey) return NULL;
+ key = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key) return NULL;
+ *pp = q;
+ if (a)
+ {
+ RSA_free(*a);
+ *a = key;
+ }
+ return key;
+ }
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+ {
+ EVP_PKEY *pktmp;
+ int ret;
+ if (!a) return 0;
+ pktmp = EVP_PKEY_new();
+ if (!pktmp)
+ {
+ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_set1_RSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+ }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+ long length)
+ {
+ EVP_PKEY *pkey;
+ DSA *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey) return NULL;
+ key = EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key) return NULL;
+ *pp = q;
+ if (a)
+ {
+ DSA_free(*a);
+ *a = key;
+ }
+ return key;
+ }
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+ {
+ EVP_PKEY *pktmp;
+ int ret;
+ if(!a) return 0;
+ pktmp = EVP_PKEY_new();
+ if(!pktmp)
+ {
+ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_set1_DSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+ }
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+ {
+ EVP_PKEY *pkey;
+ EC_KEY *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey) return(NULL);
+ key = EVP_PKEY_get1_EC_KEY(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key) return(NULL);
+ *pp = q;
+ if (a)
+ {
+ EC_KEY_free(*a);
+ *a = key;
+ }
+ return(key);
+ }
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+ {
+ EVP_PKEY *pktmp;
+ int ret;
+ if (!a) return(0);
+ if ((pktmp = EVP_PKEY_new()) == NULL)
+ {
+ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ EVP_PKEY_set1_EC_KEY(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return(ret);
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/asn1/x_req.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_req.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_req.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,112 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+ if(operation == ASN1_OP_NEW_POST) {
+ rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+ if(!rinf->attributes) return 0;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+ /* This isn't really OPTIONAL but it gets round invalid
+ * encodings
+ */
+ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
+ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_sig.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_sig.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_sig.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_SIG) = {
+ ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+ ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_spki.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_spki.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_spki.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,81 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /* This module was send to me my Pat Richards <patr at x509.com> who
+ * wrote it. It is under my Copyright with his permission
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+ ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+ ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+ ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+ ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_val.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_val.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_val.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+ ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+ ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
Added: vendor-crypto/openssl/dist/crypto/asn1/x_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_x509.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_x509.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,202 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+ ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+ ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509 *ret = (X509 *)*pval;
+
+ switch(operation) {
+
+ case ASN1_OP_NEW_POST:
+ ret->valid=0;
+ ret->name = NULL;
+ ret->ex_flags = 0;
+ ret->ex_pathlen = -1;
+ ret->skid = NULL;
+ ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
+ ret->rfc3779_addr = NULL;
+ ret->rfc3779_asid = NULL;
+#endif
+ ret->aux = NULL;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+ break;
+
+ case ASN1_OP_D2I_POST:
+ if (ret->name != NULL) OPENSSL_free(ret->name);
+ ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+ break;
+
+ case ASN1_OP_FREE_POST:
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+ X509_CERT_AUX_free(ret->aux);
+ ASN1_OCTET_STRING_free(ret->skid);
+ AUTHORITY_KEYID_free(ret->akid);
+ policy_cache_free(ret->policy_cache);
+#ifndef OPENSSL_NO_RFC3779
+ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+ ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+ if (ret->name != NULL) OPENSSL_free(ret->name);
+ break;
+
+ }
+
+ return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+ ASN1_SIMPLE(X509, cert_info, X509_CINF),
+ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+static ASN1_METHOD meth=
+ {
+ (I2D_OF(void)) i2d_X509,
+ (D2I_OF(void)) d2i_X509,
+ (void *(*)(void))X509_new,
+ (void (*)(void *)) X509_free
+ };
+
+ASN1_METHOD *X509_asn1_meth(void)
+ {
+ return(&meth);
+ }
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+ {
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+ new_func, dup_func, free_func);
+ }
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+ {
+ return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+ }
+
+void *X509_get_ex_data(X509 *r, int idx)
+ {
+ return(CRYPTO_get_ex_data(&r->ex_data,idx));
+ }
+
+/* X509_AUX ASN1 routines. X509_AUX is the name given to
+ * a certificate with extra info tagged on the end. Since these
+ * functions set how a certificate is trusted they should only
+ * be used when the certificate comes from a reliable source
+ * such as local storage.
+ *
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+ const unsigned char *q;
+ X509 *ret;
+ /* Save start position */
+ q = *pp;
+ ret = d2i_X509(a, pp, length);
+ /* If certificate unreadable then forget it */
+ if(!ret) return NULL;
+ /* update length */
+ length -= *pp - q;
+ if(!length) return ret;
+ if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+ return ret;
+ err:
+ X509_free(ret);
+ return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+ int length;
+ length = i2d_X509(a, pp);
+ if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+ return length;
+}
Added: vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,180 @@
+/* a_x509a.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX routines. These are used to encode additional
+ * user modifiable data about a certificate. This data is
+ * appended to the X509 encoding when the *_X509_AUX routines
+ * are used. This means that the "traditional" X509 routines
+ * will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+ if(!x) return NULL;
+ if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+ return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+ X509_CERT_AUX *aux;
+ if (!name)
+ {
+ if (!x || !x->aux || !x->aux->alias)
+ return 1;
+ ASN1_UTF8STRING_free(x->aux->alias);
+ x->aux->alias = NULL;
+ return 1;
+ }
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+ return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+ X509_CERT_AUX *aux;
+ if (!id)
+ {
+ if (!x || !x->aux || !x->aux->keyid)
+ return 1;
+ ASN1_OCTET_STRING_free(x->aux->keyid);
+ x->aux->keyid = NULL;
+ return 1;
+ }
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+ return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+ if(!x->aux || !x->aux->alias) return NULL;
+ if(len) *len = x->aux->alias->length;
+ return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+ if(!x->aux || !x->aux->keyid) return NULL;
+ if(len) *len = x->aux->keyid->length;
+ return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if(!(objtmp = OBJ_dup(obj))) return 0;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->trust
+ && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+ return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if(!(objtmp = OBJ_dup(obj))) return 0;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->reject
+ && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+ return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+ if(x->aux && x->aux->trust) {
+ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+ x->aux->trust = NULL;
+ }
+}
+
+void X509_reject_clear(X509 *x)
+{
+ if(x->aux && x->aux->reject) {
+ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+ x->aux->reject = NULL;
+ }
+}
+
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
Added: vendor-crypto/openssl/dist/crypto/bf/COPYRIGHT
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/COPYRIGHT (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/COPYRIGHT 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,46 @@
+Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+All rights reserved.
+
+This package is an Blowfish implementation written
+by Eric Young (eay at cryptsoft.com).
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to. The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by Eric Young (eay at cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed. i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
Added: vendor-crypto/openssl/dist/crypto/bf/INSTALL
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/INSTALL (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/INSTALL 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,14 @@
+This Eric Young's blowfish implementation, taken from his SSLeay library
+and made available as a separate library.
+
+The version number (0.7.2m) is the SSLeay version that this library was
+taken from.
+
+To build, just unpack and type make.
+If you are not using gcc, edit the Makefile.
+If you are compiling for an x86 box, try the assembler (it needs improving).
+There are also some compile time options that can improve performance,
+these are documented in the Makefile.
+
+eric 15-Apr-1997
+
Added: vendor-crypto/openssl/dist/crypto/bf/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,111 @@
+#
+# OpenSSL/crypto/blowfish/Makefile
+#
+
+DIR= bf
+TOP= ../..
+CC= cc
+CPP= $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+BF_ENC= bf_enc.o
+# or use
+#DES_ENC= bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+# ELF
+bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+# COFF
+bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+# a.out
+bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
Added: vendor-crypto/openssl/dist/crypto/bf/README
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/README (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/README 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,8 @@
+This is a quick packaging up of my blowfish code into a library.
+It has been lifted from SSLeay.
+The copyright notices seem a little harsh because I have not spent the
+time to rewrite the conditions from the normal SSLeay ones.
+
+Basically if you just want to play with the library, not a problem.
+
+eric 15-Apr-1997
Added: vendor-crypto/openssl/dist/crypto/bf/VERSION
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/VERSION (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/VERSION 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,6 @@
+The version numbers will follow my SSL implementation
+
+0.7.2r - Some reasonable default compiler options from
+ Peter Gutman <pgut001 at cs.auckland.ac.nz>
+
+0.7.2m - the first release
Added: vendor-crypto/openssl/dist/crypto/bf/asm/bf-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/asm/bf-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/asm/bf-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,136 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+
+sub BF_encrypt
+ {
+ local($name,$enc)=@_;
+
+ &function_begin_B($name,"");
+
+ &comment("");
+
+ &push("ebp");
+ &push("ebx");
+ &mov($tmp2,&wparam(0));
+ &mov($P,&wparam(1));
+ &push("esi");
+ &push("edi");
+
+ &comment("Load the 2 words");
+ &mov($L,&DWP(0,$tmp2,"",0));
+ &mov($R,&DWP(4,$tmp2,"",0));
+
+ &xor( $tmp1, $tmp1);
+
+ # encrypting part
+
+ if ($enc)
+ {
+ &mov($tmp2,&DWP(0,$P,"",0));
+ &xor( $tmp3, $tmp3);
+
+ &xor($L,$tmp2);
+ for ($i=0; $i<$BF_ROUNDS; $i+=2)
+ {
+ &comment("");
+ &comment("Round $i");
+ &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+
+ &comment("");
+ &comment("Round ".sprintf("%d",$i+1));
+ &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+ }
+ # &mov($tmp1,&wparam(0)); In last loop
+ &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+ }
+ else
+ {
+ &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+ &xor( $tmp3, $tmp3);
+
+ &xor($L,$tmp2);
+ for ($i=$BF_ROUNDS; $i>0; $i-=2)
+ {
+ &comment("");
+ &comment("Round $i");
+ &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+ &comment("");
+ &comment("Round ".sprintf("%d",$i-1));
+ &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+ }
+ # &mov($tmp1,&wparam(0)); In last loop
+ &mov($tmp4,&DWP(0,$P,"",0));
+ }
+
+ &xor($R,$tmp4);
+ &mov(&DWP(4,$tmp1,"",0),$L);
+
+ &mov(&DWP(0,$tmp1,"",0),$R);
+ &function_end($name);
+ }
+
+sub BF_ENCRYPT
+ {
+ local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+
+ &mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round
+
+ &mov( $tmp2, $R);
+ &xor( $L, $tmp4);
+
+ &shr( $tmp2, 16);
+ &mov( $tmp4, $R);
+
+ &movb( &LB($tmp1), &HB($tmp2)); # A
+ &and( $tmp2, 0xff); # B
+
+ &movb( &LB($tmp3), &HB($tmp4)); # C
+ &and( $tmp4, 0xff); # D
+
+ &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+ &mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+ &add( $tmp2, $tmp1);
+ &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+
+ &xor( $tmp2, $tmp1);
+ &mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+
+ &add( $tmp2, $tmp4);
+ if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+ { &xor( $tmp1, $tmp1); }
+ else
+ {
+ &comment("Load parameter 0 ($i) enc=$enc");
+ &mov($tmp1,&wparam(0));
+ } # In last loop
+
+ &xor( $L, $tmp2);
+ # delay
+ }
+
+sub n2a
+ {
+ sprintf("%d",$_[0]);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/asm/bf-686.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/asm/bf-686.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/asm/bf-686.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,127 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-686.pl");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+&file_end();
+
+sub des_encrypt
+ {
+ local($name,$enc)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ &comment("Load the 2 words");
+ &mov("eax",&wparam(0));
+ &mov($L,&DWP(0,"eax","",0));
+ &mov($R,&DWP(4,"eax","",0));
+
+ &comment("");
+ &comment("P pointer, s and enc flag");
+ &mov($P,&wparam(1));
+
+ &xor( $tmp1, $tmp1);
+ &xor( $tmp2, $tmp2);
+
+ # encrypting part
+
+ if ($enc)
+ {
+ &xor($L,&DWP(0,$P,"",0));
+ for ($i=0; $i<$BF_ROUNDS; $i+=2)
+ {
+ &comment("");
+ &comment("Round $i");
+ &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+
+ &comment("");
+ &comment("Round ".sprintf("%d",$i+1));
+ &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+ }
+ &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+
+ &mov("eax",&wparam(0));
+ &mov(&DWP(0,"eax","",0),$R);
+ &mov(&DWP(4,"eax","",0),$L);
+ &function_end_A($name);
+ }
+ else
+ {
+ &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+ for ($i=$BF_ROUNDS; $i>0; $i-=2)
+ {
+ &comment("");
+ &comment("Round $i");
+ &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+ &comment("");
+ &comment("Round ".sprintf("%d",$i-1));
+ &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+ }
+ &xor($R,&DWP(0,$P,"",0));
+
+ &mov("eax",&wparam(0));
+ &mov(&DWP(0,"eax","",0),$R);
+ &mov(&DWP(4,"eax","",0),$L);
+ &function_end_A($name);
+ }
+
+ &function_end_B($name);
+ }
+
+sub BF_ENCRYPT
+ {
+ local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+
+ &rotr( $R, 16);
+ &mov( $tot, &DWP(&n2a($i*4),$P,"",0));
+
+ &movb( &LB($tmp1), &HB($R));
+ &movb( &LB($tmp2), &LB($R));
+
+ &rotr( $R, 16);
+ &xor( $L, $tot);
+
+ &mov( $tot, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+ &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+ &movb( &LB($tmp1), &HB($R));
+ &movb( &LB($tmp2), &LB($R));
+
+ &add( $tot, $tmp3);
+ &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+
+ &xor( $tot, $tmp1);
+ &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+
+ &add( $tot, $tmp3);
+ &xor( $tmp1, $tmp1);
+
+ &xor( $L, $tot);
+ # delay
+ }
+
+sub n2a
+ {
+ sprintf("%d",$_[0]);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/asm/readme
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/asm/readme (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/asm/readme 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl. When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+
+So the default is bf-586.pl
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,143 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+ {
+ register BF_LONG tin0,tin1;
+ register BF_LONG tout0,tout1,xor0,xor1;
+ register long l=length;
+ BF_LONG tin[2];
+
+ if (encrypt)
+ {
+ n2l(ivec,tout0);
+ n2l(ivec,tout1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ if (l != -8)
+ {
+ n2ln(in,tin0,tin1,l+8);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ l2n(tout0,ivec);
+ l2n(tout1,ivec);
+ }
+ else
+ {
+ n2l(ivec,xor0);
+ n2l(ivec,xor1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2n(tout0,out);
+ l2n(tout1,out);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ if (l != -8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2nn(tout0,tout1,out,l+8);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ l2n(xor0,ivec);
+ l2n(xor1,ivec);
+ }
+ tin0=tin1=tout0=tout1=xor0=xor1=0;
+ tin[0]=tin[1]=0;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,121 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used. The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+ {
+ register BF_LONG v0,v1,t;
+ register int n= *num;
+ register long l=length;
+ BF_LONG ti[2];
+ unsigned char *iv,c,cc;
+
+ iv=(unsigned char *)ivec;
+ if (encrypt)
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ n2l(iv,v0); ti[0]=v0;
+ n2l(iv,v1); ti[1]=v1;
+ BF_encrypt((BF_LONG *)ti,schedule);
+ iv=(unsigned char *)ivec;
+ t=ti[0]; l2n(t,iv);
+ t=ti[1]; l2n(t,iv);
+ iv=(unsigned char *)ivec;
+ }
+ c= *(in++)^iv[n];
+ *(out++)=c;
+ iv[n]=c;
+ n=(n+1)&0x07;
+ }
+ }
+ else
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ n2l(iv,v0); ti[0]=v0;
+ n2l(iv,v1); ti[1]=v1;
+ BF_encrypt((BF_LONG *)ti,schedule);
+ iv=(unsigned char *)ivec;
+ t=ti[0]; l2n(t,iv);
+ t=ti[1]; l2n(t,iv);
+ iv=(unsigned char *)ivec;
+ }
+ cc= *(in++);
+ c=iv[n];
+ iv[n]=cc;
+ *(out++)=c^cc;
+ n=(n+1)&0x07;
+ }
+ }
+ v0=v1=ti[0]=ti[1]=t=c=cc=0;
+ *num=n;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,96 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include <openssl/opensslv.h>
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
+
+const char *BF_options(void)
+ {
+#ifdef BF_PTR
+ return("blowfish(ptr)");
+#elif defined(BF_PTR2)
+ return("blowfish(ptr2)");
+#else
+ return("blowfish(idx)");
+#endif
+ }
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int encrypt)
+ {
+ BF_LONG l,d[2];
+
+ n2l(in,l); d[0]=l;
+ n2l(in,l); d[1]=l;
+ if (encrypt)
+ BF_encrypt(d,key);
+ else
+ BF_decrypt(d,key);
+ l=d[0]; l2n(l,out);
+ l=d[1]; l2n(l,out);
+ l=d[0]=d[1]=0;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_enc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_enc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,306 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+ {
+#ifndef BF_PTR2
+ register BF_LONG l,r;
+ register const BF_LONG *p,*s;
+
+ p=key->P;
+ s= &(key->S[0]);
+ l=data[0];
+ r=data[1];
+
+ l^=p[0];
+ BF_ENC(r,l,s,p[ 1]);
+ BF_ENC(l,r,s,p[ 2]);
+ BF_ENC(r,l,s,p[ 3]);
+ BF_ENC(l,r,s,p[ 4]);
+ BF_ENC(r,l,s,p[ 5]);
+ BF_ENC(l,r,s,p[ 6]);
+ BF_ENC(r,l,s,p[ 7]);
+ BF_ENC(l,r,s,p[ 8]);
+ BF_ENC(r,l,s,p[ 9]);
+ BF_ENC(l,r,s,p[10]);
+ BF_ENC(r,l,s,p[11]);
+ BF_ENC(l,r,s,p[12]);
+ BF_ENC(r,l,s,p[13]);
+ BF_ENC(l,r,s,p[14]);
+ BF_ENC(r,l,s,p[15]);
+ BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,s,p[17]);
+ BF_ENC(l,r,s,p[18]);
+ BF_ENC(r,l,s,p[19]);
+ BF_ENC(l,r,s,p[20]);
+#endif
+ r^=p[BF_ROUNDS+1];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#else
+ register BF_LONG l,r,t,*k;
+
+ l=data[0];
+ r=data[1];
+ k=(BF_LONG*)key;
+
+ l^=k[0];
+ BF_ENC(r,l,k, 1);
+ BF_ENC(l,r,k, 2);
+ BF_ENC(r,l,k, 3);
+ BF_ENC(l,r,k, 4);
+ BF_ENC(r,l,k, 5);
+ BF_ENC(l,r,k, 6);
+ BF_ENC(r,l,k, 7);
+ BF_ENC(l,r,k, 8);
+ BF_ENC(r,l,k, 9);
+ BF_ENC(l,r,k,10);
+ BF_ENC(r,l,k,11);
+ BF_ENC(l,r,k,12);
+ BF_ENC(r,l,k,13);
+ BF_ENC(l,r,k,14);
+ BF_ENC(r,l,k,15);
+ BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,k,17);
+ BF_ENC(l,r,k,18);
+ BF_ENC(r,l,k,19);
+ BF_ENC(l,r,k,20);
+#endif
+ r^=k[BF_ROUNDS+1];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#endif
+ }
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+ {
+#ifndef BF_PTR2
+ register BF_LONG l,r;
+ register const BF_LONG *p,*s;
+
+ p=key->P;
+ s= &(key->S[0]);
+ l=data[0];
+ r=data[1];
+
+ l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,s,p[20]);
+ BF_ENC(l,r,s,p[19]);
+ BF_ENC(r,l,s,p[18]);
+ BF_ENC(l,r,s,p[17]);
+#endif
+ BF_ENC(r,l,s,p[16]);
+ BF_ENC(l,r,s,p[15]);
+ BF_ENC(r,l,s,p[14]);
+ BF_ENC(l,r,s,p[13]);
+ BF_ENC(r,l,s,p[12]);
+ BF_ENC(l,r,s,p[11]);
+ BF_ENC(r,l,s,p[10]);
+ BF_ENC(l,r,s,p[ 9]);
+ BF_ENC(r,l,s,p[ 8]);
+ BF_ENC(l,r,s,p[ 7]);
+ BF_ENC(r,l,s,p[ 6]);
+ BF_ENC(l,r,s,p[ 5]);
+ BF_ENC(r,l,s,p[ 4]);
+ BF_ENC(l,r,s,p[ 3]);
+ BF_ENC(r,l,s,p[ 2]);
+ BF_ENC(l,r,s,p[ 1]);
+ r^=p[0];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#else
+ register BF_LONG l,r,t,*k;
+
+ l=data[0];
+ r=data[1];
+ k=(BF_LONG *)key;
+
+ l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,k,20);
+ BF_ENC(l,r,k,19);
+ BF_ENC(r,l,k,18);
+ BF_ENC(l,r,k,17);
+#endif
+ BF_ENC(r,l,k,16);
+ BF_ENC(l,r,k,15);
+ BF_ENC(r,l,k,14);
+ BF_ENC(l,r,k,13);
+ BF_ENC(r,l,k,12);
+ BF_ENC(l,r,k,11);
+ BF_ENC(r,l,k,10);
+ BF_ENC(l,r,k, 9);
+ BF_ENC(r,l,k, 8);
+ BF_ENC(l,r,k, 7);
+ BF_ENC(r,l,k, 6);
+ BF_ENC(l,r,k, 5);
+ BF_ENC(r,l,k, 4);
+ BF_ENC(l,r,k, 3);
+ BF_ENC(r,l,k, 2);
+ BF_ENC(l,r,k, 1);
+ r^=k[0];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#endif
+ }
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+ {
+ register BF_LONG tin0,tin1;
+ register BF_LONG tout0,tout1,xor0,xor1;
+ register long l=length;
+ BF_LONG tin[2];
+
+ if (encrypt)
+ {
+ n2l(ivec,tout0);
+ n2l(ivec,tout1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ if (l != -8)
+ {
+ n2ln(in,tin0,tin1,l+8);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ l2n(tout0,ivec);
+ l2n(tout1,ivec);
+ }
+ else
+ {
+ n2l(ivec,xor0);
+ n2l(ivec,xor1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2n(tout0,out);
+ l2n(tout1,out);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ if (l != -8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2nn(tout0,tout1,out,l+8);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ l2n(xor0,ivec);
+ l2n(xor1,ivec);
+ }
+ tin0=tin1=tout0=tout1=xor0=xor1=0;
+ tin[0]=tin[1]=0;
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bf/bf_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_locl.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_locl.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,219 @@
+/* crypto/bf/bf_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
+
+#undef c2l
+#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* This is actually a big endian algorithm, the most significant byte
+ * is used to lookup array 0 */
+
+#if defined(BF_PTR2)
+
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+ LL^=KEY[Pi], \
+ t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+ t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \
+ LL^=t \
+ )
+
+#elif defined(BF_PTR)
+
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M (0xFF<<BF_LONG_LOG2)
+#define BF_0 (24-BF_LONG_LOG2)
+#define BF_1 (16-BF_LONG_LOG2)
+#define BF_2 ( 8-BF_LONG_LOG2)
+#define BF_3 BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \
+ *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+ *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+ *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+ )
+#else
+
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^=((( S[ ((int)(R>>24)&0xff)] + \
+ S[0x0100+((int)(R>>16)&0xff)])^ \
+ S[0x0200+((int)(R>> 8)&0xff)])+ \
+ S[0x0300+((int)(R )&0xff)])&0xffffffffL \
+ )
+#endif
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,110 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used. The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num)
+ {
+ register BF_LONG v0,v1,t;
+ register int n= *num;
+ register long l=length;
+ unsigned char d[8];
+ register char *dp;
+ BF_LONG ti[2];
+ unsigned char *iv;
+ int save=0;
+
+ iv=(unsigned char *)ivec;
+ n2l(iv,v0);
+ n2l(iv,v1);
+ ti[0]=v0;
+ ti[1]=v1;
+ dp=(char *)d;
+ l2n(v0,dp);
+ l2n(v1,dp);
+ while (l--)
+ {
+ if (n == 0)
+ {
+ BF_encrypt((BF_LONG *)ti,schedule);
+ dp=(char *)d;
+ t=ti[0]; l2n(t,dp);
+ t=ti[1]; l2n(t,dp);
+ save++;
+ }
+ *(out++)= *(in++)^d[n];
+ n=(n+1)&0x07;
+ }
+ if (save)
+ {
+ v0=ti[0];
+ v1=ti[1];
+ iv=(unsigned char *)ivec;
+ l2n(v0,iv);
+ l2n(v1,iv);
+ }
+ t=v0=v1=ti[0]=ti[1]=0;
+ *num=n;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_opts.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_opts.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_opts.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,331 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/blowfish.h>
+
+#define BF_DEFAULT_OPTIONS
+
+#undef BF_ENC
+#define BF_encrypt BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+ {
+ signal(SIGALRM,sig_done);
+ run=0;
+#ifdef LINT
+ sig=sig;
+#endif
+ }
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+ {
+ double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#endif
+ }
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+
+#define time_it(func,name,index) \
+ print_name(name); \
+ Time_F(START); \
+ for (count=0,run=1; COND(cb); count+=4) \
+ { \
+ unsigned long d[2]; \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ } \
+ tm[index]=Time_F(STOP); \
+ fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+ tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+ fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+ tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+ {
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static char key[16]={ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+ BF_KEY sch;
+ double d,tm[16],max=0;
+ int rank[16];
+ char *str[16];
+ int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+ long ca,cb,cc,cd,ce;
+#endif
+
+ for (i=0; i<12; i++)
+ {
+ tm[i]=0.0;
+ rank[i]=0;
+ }
+
+#ifndef TIMES
+ fprintf(stderr,"To get the most accurate results, try to run this\n");
+ fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+ BF_set_key(&sch,16,key);
+
+#ifndef SIGALRM
+ fprintf(stderr,"First we calculate the approximate speed ...\n");
+ count=10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count*=2;
+ Time_F(START);
+ for (i=count; i; i--)
+ BF_encrypt(data,&sch);
+ d=Time_F(STOP);
+ } while (d < 3.0);
+ ca=count;
+ cb=count*3;
+ cc=count*3*8/BUFSIZE+1;
+ cd=count*8/BUFSIZE+1;
+
+ ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+ signal(SIGALRM,sig_done);
+ alarm(10);
+#endif
+
+ time_it(BF_encrypt_normal, "BF_encrypt_normal ", 0);
+ time_it(BF_encrypt_ptr, "BF_encrypt_ptr ", 1);
+ time_it(BF_encrypt_ptr2, "BF_encrypt_ptr2 ", 2);
+ num+=3;
+
+ str[0]="<nothing>";
+ print_it("BF_encrypt_normal ",0);
+ max=tm[0];
+ max_idx=0;
+ str[1]="ptr ";
+ print_it("BF_encrypt_ptr ",1);
+ if (max < tm[1]) { max=tm[1]; max_idx=1; }
+ str[2]="ptr2 ";
+ print_it("BF_encrypt_ptr2 ",2);
+ if (max < tm[2]) { max=tm[2]; max_idx=2; }
+
+ printf("options BF ecb/s\n");
+ printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+ d=tm[max_idx];
+ tm[max_idx]= -2.0;
+ max= -1.0;
+ for (;;)
+ {
+ for (i=0; i<3; i++)
+ {
+ if (max < tm[i]) { max=tm[i]; j=i; }
+ }
+ if (max < 0.0) break;
+ printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+ tm[j]= -2.0;
+ max= -1.0;
+ }
+
+ switch (max_idx)
+ {
+ case 0:
+ printf("-DBF_DEFAULT_OPTIONS\n");
+ break;
+ case 1:
+ printf("-DBF_PTR\n");
+ break;
+ case 2:
+ printf("-DBF_PTR2\n");
+ break;
+ }
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return(0);
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/bf/bf_pi.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_pi.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_pi.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const BF_KEY bf_init= {
+ {
+ 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+ 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+ 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+ 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+ 0x9216d5d9L, 0x8979fb1b
+ },{
+ 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
+ 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
+ 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
+ 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
+ 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
+ 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
+ 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
+ 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
+ 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
+ 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
+ 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
+ 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
+ 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
+ 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
+ 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
+ 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
+ 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
+ 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
+ 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
+ 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
+ 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
+ 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
+ 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
+ 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
+ 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
+ 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
+ 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
+ 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
+ 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
+ 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
+ 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
+ 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
+ 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
+ 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
+ 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
+ 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
+ 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
+ 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
+ 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
+ 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
+ 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
+ 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
+ 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
+ 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
+ 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
+ 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
+ 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
+ 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
+ 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
+ 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
+ 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
+ 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
+ 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
+ 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
+ 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
+ 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
+ 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
+ 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
+ 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
+ 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
+ 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
+ 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
+ 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
+ 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
+ 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
+ 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
+ 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
+ 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
+ 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
+ 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
+ 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
+ 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
+ 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
+ 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
+ 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
+ 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
+ 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
+ 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
+ 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
+ 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
+ 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
+ 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
+ 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
+ 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
+ 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
+ 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
+ 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
+ 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
+ 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
+ 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
+ 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
+ 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
+ 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
+ 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
+ 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
+ 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
+ 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
+ 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
+ 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
+ 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
+ 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
+ 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
+ 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
+ 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
+ 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
+ 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
+ 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
+ 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
+ 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
+ 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
+ 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
+ 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
+ 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
+ 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
+ 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
+ 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
+ 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
+ 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
+ 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
+ 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
+ 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
+ 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
+ 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
+ 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
+ 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
+ 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
+ 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
+ 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
+ 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
+ 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
+ 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
+ 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
+ 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
+ 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
+ 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
+ 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
+ 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
+ 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
+ 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
+ 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
+ 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
+ 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
+ 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
+ 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
+ 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
+ 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
+ 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
+ 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
+ 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
+ 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
+ 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
+ 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
+ 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
+ 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
+ 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
+ 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
+ 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
+ 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
+ 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
+ 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
+ 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
+ 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
+ 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
+ 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
+ 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
+ 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
+ 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
+ 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
+ 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
+ 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
+ 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
+ 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
+ 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
+ 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
+ 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
+ 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
+ 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
+ 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
+ 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
+ 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
+ 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
+ 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
+ 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
+ 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
+ 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
+ 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
+ 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
+ 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
+ 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
+ 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
+ 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
+ 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
+ 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
+ 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
+ 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
+ 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
+ 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
+ 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
+ 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
+ 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
+ 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
+ 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
+ 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
+ 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
+ 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
+ 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
+ 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
+ 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
+ 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
+ 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
+ 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
+ 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
+ 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
+ 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
+ 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
+ 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
+ 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
+ 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
+ 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
+ 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
+ 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
+ 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
+ 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
+ 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
+ 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
+ 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
+ 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
+ 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
+ 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
+ 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
+ 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
+ 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
+ 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
+ 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
+ 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
+ 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
+ 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
+ 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
+ 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
+ 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
+ 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
+ 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
+ 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
+ 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
+ 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
+ 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
+ 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
+ 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
+ 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
+ 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
+ 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
+ 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
+ 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
+ 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
+ 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
+ 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
+ }
+ };
+
Added: vendor-crypto/openssl/dist/crypto/bf/bf_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_skey.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bf_skey.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,121 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+FIPS_NON_FIPS_VCIPHER_Init(BF)
+ {
+ int i;
+ BF_LONG *p,ri,in[2];
+ const unsigned char *d,*end;
+
+
+ memcpy(key,&bf_init,sizeof(BF_KEY));
+ p=key->P;
+
+ if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+
+ d=data;
+ end= &(data[len]);
+ for (i=0; i<(BF_ROUNDS+2); i++)
+ {
+ ri= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ p[i]^=ri;
+ }
+
+ in[0]=0L;
+ in[1]=0L;
+ for (i=0; i<(BF_ROUNDS+2); i+=2)
+ {
+ BF_encrypt(in,key);
+ p[i ]=in[0];
+ p[i+1]=in[1];
+ }
+
+ p=key->S;
+ for (i=0; i<4*256; i+=2)
+ {
+ BF_encrypt(in,key);
+ p[i ]=in[0];
+ p[i+1]=in[1];
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bfs.cpp
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bfs.cpp (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bfs.cpp 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+ asm volatile(".byte 15, 49\n\t"
+ : "=eax" (tsc)
+ :
+ : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+ unsigned long a;
+ __asm _emit 0fh
+ __asm _emit 31h
+ __asm mov a, eax;
+ tsc=a;
+}
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/blowfish.h>
+
+void main(int argc,char *argv[])
+ {
+ BF_KEY key;
+ unsigned long s1,s2,e1,e2;
+ unsigned long data[2];
+ int i,j;
+
+ for (j=0; j<6; j++)
+ {
+ for (i=0; i<1000; i++) /**/
+ {
+ BF_encrypt(&data[0],&key);
+ GetTSC(s1);
+ BF_encrypt(&data[0],&key);
+ BF_encrypt(&data[0],&key);
+ BF_encrypt(&data[0],&key);
+ GetTSC(e1);
+ GetTSC(s2);
+ BF_encrypt(&data[0],&key);
+ BF_encrypt(&data[0],&key);
+ BF_encrypt(&data[0],&key);
+ BF_encrypt(&data[0],&key);
+ GetTSC(e2);
+ BF_encrypt(&data[0],&key);
+ }
+
+ printf("blowfish %d %d (%d)\n",
+ e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bf/bfspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bfspeed.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bfspeed.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,277 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/blowfish.h>
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ 100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+ {
+ signal(SIGALRM,sig_done);
+ run=0;
+#ifdef LINT
+ sig=sig;
+#endif
+ }
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+ {
+ double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#endif
+ }
+
+int main(int argc, char **argv)
+ {
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] ={
+ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+ };
+ BF_KEY sch;
+ double a,b,c,d;
+#ifndef SIGALRM
+ long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ BF_set_key(&sch,16,key);
+ count=10;
+ do {
+ long i;
+ BF_LONG data[2];
+
+ count*=2;
+ Time_F(START);
+ for (i=count; i; i--)
+ BF_encrypt(data,&sch);
+ d=Time_F(STOP);
+ } while (d < 3.0);
+ ca=count/512;
+ cb=count;
+ cc=count*8/BUFSIZE+1;
+ printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+ signal(SIGALRM,sig_done);
+ printf("Doing BF_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count=0,run=1; COND(ca); count+=4)
+ {
+ BF_set_key(&sch,16,key);
+ BF_set_key(&sch,16,key);
+ BF_set_key(&sch,16,key);
+ BF_set_key(&sch,16,key);
+ }
+ d=Time_F(STOP);
+ printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+ a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+ printf("Doing BF_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+ Time_F(START);
+ for (count=0,run=1; COND(cb); count+=4)
+ {
+ BF_LONG data[2];
+
+ BF_encrypt(data,&sch);
+ BF_encrypt(data,&sch);
+ BF_encrypt(data,&sch);
+ BF_encrypt(data,&sch);
+ }
+ d=Time_F(STOP);
+ printf("%ld BF_encrypt's in %.2f second\n",count,d);
+ b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+ printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count=0,run=1; COND(cc); count++)
+ BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+ &(key[0]),BF_ENCRYPT);
+ d=Time_F(STOP);
+ printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count,BUFSIZE,d);
+ c=((double)COUNT(cc)*BUFSIZE)/d;
+
+ printf("Blowfish set_key per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+ printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+ printf("Blowfish cbc bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return(0);
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/bf/bftest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bftest.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/bftest.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,540 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+ printf("No BF support\n");
+ return(0);
+}
+#else
+#include <openssl/blowfish.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *bf_key[2]={
+ "abcdefghijklmnopqrstuvwxyz",
+ "Who is John Galt?"
+ };
+
+/* big endian */
+static BF_LONG bf_plain[2][2]={
+ {0x424c4f57L,0x46495348L},
+ {0xfedcba98L,0x76543210L}
+ };
+
+static BF_LONG bf_cipher[2][2]={
+ {0x324ed0feL,0xf413a203L},
+ {0xcc91732bL,0x8022f684L}
+ };
+/************/
+
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+ {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+ {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+ {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+ {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+ {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+ {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+ {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+ {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+ {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+ {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+ {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+ {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+ {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+ {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+ {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+ {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+ {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+ {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+ {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+ {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+ {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+ {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+ {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+ {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+ {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+ {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+ {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+ {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+ {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+ {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+ {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+ {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+ {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+ {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+ {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+ {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+ {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+ {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+ {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+ {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+ {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+ {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+ {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+ {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+ {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+ {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+ {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+ {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+ {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+ {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+ {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+ {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+ {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+ {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+ {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+ {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+ {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+ {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+ {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+ {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+ {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+ {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+ {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+ {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+ {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+ {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+ {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+ {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+ {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+ {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+ {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+ {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+ {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+ };
+
+static unsigned char cbc_key [16]={
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+ 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+ 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+ 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+ 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+ 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+
+static unsigned char cfb64_ok[]={
+ 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+ 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+ 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+ 0x51,0x9D,0x57,0xA6,0xC3};
+
+static unsigned char ofb64_ok[]={
+ 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+ 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+ 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+ 0x63,0xC2,0xCF,0x80,0xDA};
+
+#define KEY_TEST_NUM 25
+static unsigned char key_test[KEY_TEST_NUM]={
+ 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+ 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+ 0x88};
+
+static unsigned char key_data[8]=
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+
+static unsigned char key_out[KEY_TEST_NUM][8]={
+ {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+ {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+ {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+ {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+ {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+ {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+ {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+ {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+ {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+ {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+ {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+ {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+ {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+ {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+ {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+ {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+ {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+ {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+ {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+ {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+ {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+ {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+ {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+ {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+ };
+
+static int test(void );
+static int print_test_data(void );
+int main(int argc, char *argv[])
+ {
+ int ret;
+
+ if (argc > 1)
+ ret=print_test_data();
+ else
+ ret=test();
+
+#ifdef OPENSSL_SYS_NETWARE
+ if (ret) printf("ERROR: %d\n", ret);
+#endif
+ EXIT(ret);
+ return(0);
+ }
+
+static int print_test_data(void)
+ {
+ unsigned int i,j;
+
+ printf("ecb test data\n");
+ printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+ for (i=0; i<NUM_TESTS; i++)
+ {
+ for (j=0; j<8; j++)
+ printf("%02X",ecb_data[i][j]);
+ printf("\t");
+ for (j=0; j<8; j++)
+ printf("%02X",plain_data[i][j]);
+ printf("\t");
+ for (j=0; j<8; j++)
+ printf("%02X",cipher_data[i][j]);
+ printf("\n");
+ }
+
+ printf("set_key test data\n");
+ printf("data[8]= ");
+ for (j=0; j<8; j++)
+ printf("%02X",key_data[j]);
+ printf("\n");
+ for (i=0; i<KEY_TEST_NUM-1; i++)
+ {
+ printf("c=");
+ for (j=0; j<8; j++)
+ printf("%02X",key_out[i][j]);
+ printf(" k[%2u]=",i+1);
+ for (j=0; j<i+1; j++)
+ printf("%02X",key_test[j]);
+ printf("\n");
+ }
+
+ printf("\nchaining mode test data\n");
+ printf("key[16] = ");
+ for (j=0; j<16; j++)
+ printf("%02X",cbc_key[j]);
+ printf("\niv[8] = ");
+ for (j=0; j<8; j++)
+ printf("%02X",cbc_iv[j]);
+ printf("\ndata[%d] = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+ printf("\ndata[%d] = ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",cbc_data[j]);
+ printf("\n");
+ printf("cbc cipher text\n");
+ printf("cipher[%d]= ",32);
+ for (j=0; j<32; j++)
+ printf("%02X",cbc_ok[j]);
+ printf("\n");
+
+ printf("cfb64 cipher text\n");
+ printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",cfb64_ok[j]);
+ printf("\n");
+
+ printf("ofb64 cipher text\n");
+ printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",ofb64_ok[j]);
+ printf("\n");
+ return(0);
+ }
+
+static int test(void)
+ {
+ unsigned char cbc_in[40],cbc_out[40],iv[8];
+ int i,n,err=0;
+ BF_KEY key;
+ BF_LONG data[2];
+ unsigned char out[8];
+ BF_LONG len;
+
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+#endif
+
+ printf("testing blowfish in raw ecb mode\n");
+ for (n=0; n<2; n++)
+ {
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+#endif
+ BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+
+ data[0]=bf_plain[n][0];
+ data[1]=bf_plain[n][1];
+ BF_encrypt(data,&key);
+ if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+ {
+ printf("BF_encrypt error encrypting\n");
+ printf("got :");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)bf_cipher[n][i]);
+ err=1;
+ printf("\n");
+ }
+
+ BF_decrypt(&(data[0]),&key);
+ if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+ {
+ printf("BF_encrypt error decrypting\n");
+ printf("got :");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)bf_plain[n][i]);
+ printf("\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish in ecb mode\n");
+
+ for (n=0; n<NUM_TESTS; n++)
+ {
+ BF_set_key(&key,8,ecb_data[n]);
+
+ BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+ if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+ {
+ printf("BF_ecb_encrypt blowfish error encrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",cipher_data[n][i]);
+ err=1;
+ printf("\n");
+ }
+
+ BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+ if (memcmp(&(plain_data[n][0]),out,8) != 0)
+ {
+ printf("BF_ecb_encrypt error decrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",plain_data[n][i]);
+ printf("\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish set_key\n");
+ for (n=1; n<KEY_TEST_NUM; n++)
+ {
+ BF_set_key(&key,n,key_test);
+ BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+ /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
+ if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
+ {
+ printf("blowfish setkey error\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish in cbc mode\n");
+ len=strlen(cbc_data)+1;
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,sizeof cbc_in);
+ memset(cbc_out,0,sizeof cbc_out);
+ memcpy(iv,cbc_iv,sizeof iv);
+ BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+ &key,iv,BF_ENCRYPT);
+ if (memcmp(cbc_out,cbc_ok,32) != 0)
+ {
+ err=1;
+ printf("BF_cbc_encrypt encrypt error\n");
+ for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ memcpy(iv,cbc_iv,8);
+ BF_cbc_encrypt(cbc_out,cbc_in,len,
+ &key,iv,BF_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+ {
+ printf("BF_cbc_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("testing blowfish in cfb64 mode\n");
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,40);
+ memset(cbc_out,0,40);
+ memcpy(iv,cbc_iv,8);
+ n=0;
+ BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+ &key,iv,&n,BF_ENCRYPT);
+ BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+ &key,iv,&n,BF_ENCRYPT);
+ if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+ {
+ err=1;
+ printf("BF_cfb64_encrypt encrypt error\n");
+ for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ n=0;
+ memcpy(iv,cbc_iv,8);
+ BF_cfb64_encrypt(cbc_out,cbc_in,17,
+ &key,iv,&n,BF_DECRYPT);
+ BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+ &key,iv,&n,BF_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+ {
+ printf("BF_cfb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("testing blowfish in ofb64\n");
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,40);
+ memset(cbc_out,0,40);
+ memcpy(iv,cbc_iv,8);
+ n=0;
+ BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+ BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+ &(cbc_out[13]),len-13,&key,iv,&n);
+ if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+ {
+ err=1;
+ printf("BF_ofb64_encrypt encrypt error\n");
+ for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ n=0;
+ memcpy(iv,cbc_iv,8);
+ BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+ BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+ if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+ {
+ printf("BF_ofb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ return(err);
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bf/blowfish.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/blowfish.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bf/blowfish.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,129 @@
+/* crypto/bf/blowfish.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BLOWFISH_H
+#define HEADER_BLOWFISH_H
+
+#include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_BF
+#error BF is disabled.
+#endif
+
+#define BF_ENCRYPT 1
+#define BF_DECRYPT 0
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define BF_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro at fy.chalmers.se>
+ */
+#else
+#define BF_LONG unsigned int
+#endif
+
+#define BF_ROUNDS 16
+#define BF_BLOCK 8
+
+typedef struct bf_key_st
+ {
+ BF_LONG P[BF_ROUNDS+2];
+ BF_LONG S[4*256];
+ } BF_KEY;
+
+#ifdef OPENSSL_FIPS
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bio/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,221 @@
+#
+# OpenSSL/crypto/bio/Makefile
+#
+
+DIR= bio
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+ bss_mem.c bss_null.c bss_fd.c \
+ bss_file.c bss_sock.c bss_conn.c \
+ bf_null.c bf_buff.c b_print.c b_dump.c \
+ b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
+ bss_dgram.c
+# bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+ bss_mem.o bss_null.o bss_fd.o \
+ bss_file.o bss_sock.o bss_conn.o \
+ bf_null.o bf_buff.o b_print.o b_dump.o \
+ b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \
+ bss_dgram.o
+# bf_lbuf.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h
+HEADER= bio_lcl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_err.o: ../../include/openssl/symhacks.h bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bss_bio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_bio.o: bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c
+bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h
+bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c
Added: vendor-crypto/openssl/dist/crypto/bio/b_dump.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_dump.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/b_dump.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,187 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bio_lcl.h"
+
+#define TRUNCATE
+#define DUMP_WIDTH 16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+
+int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
+ void *u, const char *s, int len)
+ {
+ return BIO_dump_indent_cb(cb, u, s, len, 0);
+ }
+
+int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
+ void *u, const char *s, int len, int indent)
+ {
+ int ret=0;
+ char buf[288+1],tmp[20],str[128+1];
+ int i,j,rows,trc;
+ unsigned char ch;
+ int dump_width;
+
+ trc=0;
+
+#ifdef TRUNCATE
+ for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
+ trc++;
+#endif
+
+ if (indent < 0)
+ indent = 0;
+ if (indent)
+ {
+ if (indent > 128) indent=128;
+ memset(str,' ',indent);
+ }
+ str[indent]='\0';
+
+ dump_width=DUMP_WIDTH_LESS_INDENT(indent);
+ rows=(len/dump_width);
+ if ((rows*dump_width)<len)
+ rows++;
+ for(i=0;i<rows;i++)
+ {
+ buf[0]='\0'; /* start with empty string */
+ BUF_strlcpy(buf,str,sizeof buf);
+ BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+ BUF_strlcat(buf,tmp,sizeof buf);
+ for(j=0;j<dump_width;j++)
+ {
+ if (((i*dump_width)+j)>=len)
+ {
+ BUF_strlcat(buf," ",sizeof buf);
+ }
+ else
+ {
+ ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+ BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
+ j==7?'-':' ');
+ BUF_strlcat(buf,tmp,sizeof buf);
+ }
+ }
+ BUF_strlcat(buf," ",sizeof buf);
+ for(j=0;j<dump_width;j++)
+ {
+ if (((i*dump_width)+j)>=len)
+ break;
+ ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+ BIO_snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=' ')&&(ch<='~'))?ch:'.');
+#else
+ BIO_snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+ ? os_toebcdic[ch]
+ : '.');
+#endif
+ BUF_strlcat(buf,tmp,sizeof buf);
+ }
+ BUF_strlcat(buf,"\n",sizeof buf);
+ /* if this is the last call then update the ddt_dump thing so
+ * that we will move the selection point in the debug window
+ */
+ ret+=cb((void *)buf,strlen(buf),u);
+ }
+#ifdef TRUNCATE
+ if (trc > 0)
+ {
+ BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+ len+trc);
+ ret+=cb((void *)buf,strlen(buf),u);
+ }
+#endif
+ return(ret);
+ }
+
+#ifndef OPENSSL_NO_FP_API
+static int write_fp(const void *data, size_t len, void *fp)
+ {
+ return UP_fwrite(data, len, 1, fp);
+ }
+int BIO_dump_fp(FILE *fp, const char *s, int len)
+ {
+ return BIO_dump_cb(write_fp, fp, s, len);
+ }
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+ {
+ return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+ }
+#endif
+
+static int write_bio(const void *data, size_t len, void *bp)
+ {
+ return BIO_write((BIO *)bp, (const char *)data, len);
+ }
+int BIO_dump(BIO *bp, const char *s, int len)
+ {
+ return BIO_dump_cb(write_bio, bp, s, len);
+ }
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+ {
+ return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bio/b_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_print.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/b_print.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,842 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
+#include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <openssl/bn.h> /* To get BN_LLONG properly defined */
+#include <openssl/bio.h>
+
+#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
+# ifndef HAVE_LONG_LONG
+# define HAVE_LONG_LONG 1
+# endif
+#endif
+
+/***************************************************************************/
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell at astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell at astart.com> (1995)
+ * o Brandon Long <blong at fiction.net> (1996, for Mutt)
+ * o Thomas Roessler <roessler at guug.de> (1998, for Mutt)
+ * o Michael Elkins <me at cs.hmc.edu> (1998, for Mutt)
+ * o Andrew Tridgell <tridge at samba.org> (1998, for Samba)
+ * o Luke Mewburn <lukem at netbsd.org> (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
+ * o ... (for OpenSSL)
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+#define LDOUBLE long double
+#else
+#define LDOUBLE double
+#endif
+
+#if HAVE_LONG_LONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define LLONG __int64
+# else
+# define LLONG long long
+# endif
+#else
+#define LLONG long
+#endif
+
+static void fmtstr (char **, char **, size_t *, size_t *,
+ const char *, int, int, int);
+static void fmtint (char **, char **, size_t *, size_t *,
+ LLONG, int, int, int, int);
+static void fmtfp (char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static void doapr_outch (char **, char **, size_t *, size_t *, int);
+static void _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT 0
+#define DP_S_FLAGS 1
+#define DP_S_MIN 2
+#define DP_S_DOT 3
+#define DP_S_MAX 4
+#define DP_S_MOD 5
+#define DP_S_CONV 6
+#define DP_S_DONE 7
+
+/* format flags - Bits */
+#define DP_F_MINUS (1 << 0)
+#define DP_F_PLUS (1 << 1)
+#define DP_F_SPACE (1 << 2)
+#define DP_F_NUM (1 << 3)
+#define DP_F_ZERO (1 << 4)
+#define DP_F_UP (1 << 5)
+#define DP_F_UNSIGNED (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT 1
+#define DP_C_LONG 2
+#define DP_C_LDOUBLE 3
+#define DP_C_LLONG 4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static void
+_dopr(
+ char **sbuffer,
+ char **buffer,
+ size_t *maxlen,
+ size_t *retlen,
+ int *truncated,
+ const char *format,
+ va_list args)
+{
+ char ch;
+ LLONG value;
+ LDOUBLE fvalue;
+ char *strvalue;
+ int min;
+ int max;
+ int state;
+ int flags;
+ int cflags;
+ size_t currlen;
+
+ state = DP_S_DEFAULT;
+ flags = currlen = cflags = min = 0;
+ max = -1;
+ ch = *format++;
+
+ while (state != DP_S_DONE) {
+ if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+ state = DP_S_DONE;
+
+ switch (state) {
+ case DP_S_DEFAULT:
+ if (ch == '%')
+ state = DP_S_FLAGS;
+ else
+ doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
+ ch = *format++;
+ break;
+ case DP_S_FLAGS:
+ switch (ch) {
+ case '-':
+ flags |= DP_F_MINUS;
+ ch = *format++;
+ break;
+ case '+':
+ flags |= DP_F_PLUS;
+ ch = *format++;
+ break;
+ case ' ':
+ flags |= DP_F_SPACE;
+ ch = *format++;
+ break;
+ case '#':
+ flags |= DP_F_NUM;
+ ch = *format++;
+ break;
+ case '0':
+ flags |= DP_F_ZERO;
+ ch = *format++;
+ break;
+ default:
+ state = DP_S_MIN;
+ break;
+ }
+ break;
+ case DP_S_MIN:
+ if (isdigit((unsigned char)ch)) {
+ min = 10 * min + char_to_int(ch);
+ ch = *format++;
+ } else if (ch == '*') {
+ min = va_arg(args, int);
+ ch = *format++;
+ state = DP_S_DOT;
+ } else
+ state = DP_S_DOT;
+ break;
+ case DP_S_DOT:
+ if (ch == '.') {
+ state = DP_S_MAX;
+ ch = *format++;
+ } else
+ state = DP_S_MOD;
+ break;
+ case DP_S_MAX:
+ if (isdigit((unsigned char)ch)) {
+ if (max < 0)
+ max = 0;
+ max = 10 * max + char_to_int(ch);
+ ch = *format++;
+ } else if (ch == '*') {
+ max = va_arg(args, int);
+ ch = *format++;
+ state = DP_S_MOD;
+ } else
+ state = DP_S_MOD;
+ break;
+ case DP_S_MOD:
+ switch (ch) {
+ case 'h':
+ cflags = DP_C_SHORT;
+ ch = *format++;
+ break;
+ case 'l':
+ if (*format == 'l') {
+ cflags = DP_C_LLONG;
+ format++;
+ } else
+ cflags = DP_C_LONG;
+ ch = *format++;
+ break;
+ case 'q':
+ cflags = DP_C_LLONG;
+ ch = *format++;
+ break;
+ case 'L':
+ cflags = DP_C_LDOUBLE;
+ ch = *format++;
+ break;
+ default:
+ break;
+ }
+ state = DP_S_CONV;
+ break;
+ case DP_S_CONV:
+ switch (ch) {
+ case 'd':
+ case 'i':
+ switch (cflags) {
+ case DP_C_SHORT:
+ value = (short int)va_arg(args, int);
+ break;
+ case DP_C_LONG:
+ value = va_arg(args, long int);
+ break;
+ case DP_C_LLONG:
+ value = va_arg(args, LLONG);
+ break;
+ default:
+ value = va_arg(args, int);
+ break;
+ }
+ fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 10, min, max, flags);
+ break;
+ case 'X':
+ flags |= DP_F_UP;
+ /* FALLTHROUGH */
+ case 'x':
+ case 'o':
+ case 'u':
+ flags |= DP_F_UNSIGNED;
+ switch (cflags) {
+ case DP_C_SHORT:
+ value = (unsigned short int)va_arg(args, unsigned int);
+ break;
+ case DP_C_LONG:
+ value = (LLONG) va_arg(args,
+ unsigned long int);
+ break;
+ case DP_C_LLONG:
+ value = va_arg(args, unsigned LLONG);
+ break;
+ default:
+ value = (LLONG) va_arg(args,
+ unsigned int);
+ break;
+ }
+ fmtint(sbuffer, buffer, &currlen, maxlen, value,
+ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+ min, max, flags);
+ break;
+ case 'f':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ fmtfp(sbuffer, buffer, &currlen, maxlen,
+ fvalue, min, max, flags);
+ break;
+ case 'E':
+ flags |= DP_F_UP;
+ case 'e':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ break;
+ case 'G':
+ flags |= DP_F_UP;
+ case 'g':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ break;
+ case 'c':
+ doapr_outch(sbuffer, buffer, &currlen, maxlen,
+ va_arg(args, int));
+ break;
+ case 's':
+ strvalue = va_arg(args, char *);
+ if (max < 0) {
+ if (buffer)
+ max = INT_MAX;
+ else
+ max = *maxlen;
+ }
+ fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+ flags, min, max);
+ break;
+ case 'p':
+ value = (long)va_arg(args, void *);
+ fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 16, min, max, flags|DP_F_NUM);
+ break;
+ case 'n': /* XXX */
+ if (cflags == DP_C_SHORT) {
+ short int *num;
+ num = va_arg(args, short int *);
+ *num = currlen;
+ } else if (cflags == DP_C_LONG) { /* XXX */
+ long int *num;
+ num = va_arg(args, long int *);
+ *num = (long int) currlen;
+ } else if (cflags == DP_C_LLONG) { /* XXX */
+ LLONG *num;
+ num = va_arg(args, LLONG *);
+ *num = (LLONG) currlen;
+ } else {
+ int *num;
+ num = va_arg(args, int *);
+ *num = currlen;
+ }
+ break;
+ case '%':
+ doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ break;
+ case 'w':
+ /* not supported yet, treat as next char */
+ ch = *format++;
+ break;
+ default:
+ /* unknown, skip */
+ break;
+ }
+ ch = *format++;
+ state = DP_S_DEFAULT;
+ flags = cflags = min = 0;
+ max = -1;
+ break;
+ case DP_S_DONE:
+ break;
+ default:
+ break;
+ }
+ }
+ *truncated = (currlen > *maxlen - 1);
+ if (*truncated)
+ currlen = *maxlen - 1;
+ doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+ *retlen = currlen - 1;
+ return;
+}
+
+static void
+fmtstr(
+ char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen,
+ const char *value,
+ int flags,
+ int min,
+ int max)
+{
+ int padlen, strln;
+ int cnt = 0;
+
+ if (value == 0)
+ value = "<NULL>";
+ for (strln = 0; value[strln]; ++strln)
+ ;
+ padlen = min - strln;
+ if (padlen < 0)
+ padlen = 0;
+ if (flags & DP_F_MINUS)
+ padlen = -padlen;
+
+ while ((padlen > 0) && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --padlen;
+ ++cnt;
+ }
+ while (*value && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+ ++cnt;
+ }
+ while ((padlen < 0) && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++padlen;
+ ++cnt;
+ }
+}
+
+static void
+fmtint(
+ char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen,
+ LLONG value,
+ int base,
+ int min,
+ int max,
+ int flags)
+{
+ int signvalue = 0;
+ const char *prefix = "";
+ unsigned LLONG uvalue;
+ char convert[DECIMAL_SIZE(value)+3];
+ int place = 0;
+ int spadlen = 0;
+ int zpadlen = 0;
+ int caps = 0;
+
+ if (max < 0)
+ max = 0;
+ uvalue = value;
+ if (!(flags & DP_F_UNSIGNED)) {
+ if (value < 0) {
+ signvalue = '-';
+ uvalue = -value;
+ } else if (flags & DP_F_PLUS)
+ signvalue = '+';
+ else if (flags & DP_F_SPACE)
+ signvalue = ' ';
+ }
+ if (flags & DP_F_NUM) {
+ if (base == 8) prefix = "0";
+ if (base == 16) prefix = "0x";
+ }
+ if (flags & DP_F_UP)
+ caps = 1;
+ do {
+ convert[place++] =
+ (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+ [uvalue % (unsigned) base];
+ uvalue = (uvalue / (unsigned) base);
+ } while (uvalue && (place < (int)sizeof(convert)));
+ if (place == sizeof(convert))
+ place--;
+ convert[place] = 0;
+
+ zpadlen = max - place;
+ spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+ if (zpadlen < 0)
+ zpadlen = 0;
+ if (spadlen < 0)
+ spadlen = 0;
+ if (flags & DP_F_ZERO) {
+ zpadlen = OSSL_MAX(zpadlen, spadlen);
+ spadlen = 0;
+ }
+ if (flags & DP_F_MINUS)
+ spadlen = -spadlen;
+
+ /* spaces */
+ while (spadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --spadlen;
+ }
+
+ /* sign */
+ if (signvalue)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+ /* prefix */
+ while (*prefix) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+ prefix++;
+ }
+
+ /* zeros */
+ if (zpadlen > 0) {
+ while (zpadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --zpadlen;
+ }
+ }
+ /* digits */
+ while (place > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+
+ /* left justified spaces */
+ while (spadlen < 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++spadlen;
+ }
+ return;
+}
+
+static LDOUBLE
+abs_val(LDOUBLE value)
+{
+ LDOUBLE result = value;
+ if (value < 0)
+ result = -value;
+ return result;
+}
+
+static LDOUBLE
+pow_10(int in_exp)
+{
+ LDOUBLE result = 1;
+ while (in_exp) {
+ result *= 10;
+ in_exp--;
+ }
+ return result;
+}
+
+static long
+roundv(LDOUBLE value)
+{
+ long intpart;
+ intpart = (long) value;
+ value = value - intpart;
+ if (value >= 0.5)
+ intpart++;
+ return intpart;
+}
+
+static void
+fmtfp(
+ char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen,
+ LDOUBLE fvalue,
+ int min,
+ int max,
+ int flags)
+{
+ int signvalue = 0;
+ LDOUBLE ufvalue;
+ char iconvert[20];
+ char fconvert[20];
+ int iplace = 0;
+ int fplace = 0;
+ int padlen = 0;
+ int zpadlen = 0;
+ int caps = 0;
+ long intpart;
+ long fracpart;
+ long max10;
+
+ if (max < 0)
+ max = 6;
+ ufvalue = abs_val(fvalue);
+ if (fvalue < 0)
+ signvalue = '-';
+ else if (flags & DP_F_PLUS)
+ signvalue = '+';
+ else if (flags & DP_F_SPACE)
+ signvalue = ' ';
+
+ intpart = (long)ufvalue;
+
+ /* sorry, we only support 9 digits past the decimal because of our
+ conversion method */
+ if (max > 9)
+ max = 9;
+
+ /* we "cheat" by converting the fractional part to integer by
+ multiplying by a factor of 10 */
+ max10 = roundv(pow_10(max));
+ fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+ if (fracpart >= max10) {
+ intpart++;
+ fracpart -= max10;
+ }
+
+ /* convert integer part */
+ do {
+ iconvert[iplace++] =
+ (caps ? "0123456789ABCDEF"
+ : "0123456789abcdef")[intpart % 10];
+ intpart = (intpart / 10);
+ } while (intpart && (iplace < (int)sizeof(iconvert)));
+ if (iplace == sizeof iconvert)
+ iplace--;
+ iconvert[iplace] = 0;
+
+ /* convert fractional part */
+ do {
+ fconvert[fplace++] =
+ (caps ? "0123456789ABCDEF"
+ : "0123456789abcdef")[fracpart % 10];
+ fracpart = (fracpart / 10);
+ } while (fplace < max);
+ if (fplace == sizeof fconvert)
+ fplace--;
+ fconvert[fplace] = 0;
+
+ /* -1 for decimal point, another -1 if we are printing a sign */
+ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+ zpadlen = max - fplace;
+ if (zpadlen < 0)
+ zpadlen = 0;
+ if (padlen < 0)
+ padlen = 0;
+ if (flags & DP_F_MINUS)
+ padlen = -padlen;
+
+ if ((flags & DP_F_ZERO) && (padlen > 0)) {
+ if (signvalue) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ --padlen;
+ signvalue = 0;
+ }
+ while (padlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --padlen;
+ }
+ }
+ while (padlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --padlen;
+ }
+ if (signvalue)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+ while (iplace > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+
+ /*
+ * Decimal point. This should probably use locale to find the correct
+ * char to print out.
+ */
+ if (max > 0 || (flags & DP_F_NUM)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+
+ while (fplace > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+ }
+ while (zpadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --zpadlen;
+ }
+
+ while (padlen < 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++padlen;
+ }
+}
+
+static void
+doapr_outch(
+ char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen,
+ int c)
+{
+ /* If we haven't at least one buffer, someone has doe a big booboo */
+ assert(*sbuffer != NULL || buffer != NULL);
+
+ if (buffer) {
+ while (*currlen >= *maxlen) {
+ if (*buffer == NULL) {
+ if (*maxlen == 0)
+ *maxlen = 1024;
+ *buffer = OPENSSL_malloc(*maxlen);
+ if (*currlen > 0) {
+ assert(*sbuffer != NULL);
+ memcpy(*buffer, *sbuffer, *currlen);
+ }
+ *sbuffer = NULL;
+ } else {
+ *maxlen += 1024;
+ *buffer = OPENSSL_realloc(*buffer, *maxlen);
+ }
+ }
+ /* What to do if *buffer is NULL? */
+ assert(*sbuffer != NULL || *buffer != NULL);
+ }
+
+ if (*currlen < *maxlen) {
+ if (*sbuffer)
+ (*sbuffer)[(*currlen)++] = (char)c;
+ else
+ (*buffer)[(*currlen)++] = (char)c;
+ }
+
+ return;
+}
+
+/***************************************************************************/
+
+int BIO_printf (BIO *bio, const char *format, ...)
+ {
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+
+ ret = BIO_vprintf(bio, format, args);
+
+ va_end(args);
+ return(ret);
+ }
+
+int BIO_vprintf (BIO *bio, const char *format, va_list args)
+ {
+ int ret;
+ size_t retlen;
+ char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable
+ in small-stack environments, like threads
+ or DOS programs. */
+ char *hugebufp = hugebuf;
+ size_t hugebufsize = sizeof(hugebuf);
+ char *dynbuf = NULL;
+ int ignored;
+
+ dynbuf = NULL;
+ CRYPTO_push_info("doapr()");
+ _dopr(&hugebufp, &dynbuf, &hugebufsize,
+ &retlen, &ignored, format, args);
+ if (dynbuf)
+ {
+ ret=BIO_write(bio, dynbuf, (int)retlen);
+ OPENSSL_free(dynbuf);
+ }
+ else
+ {
+ ret=BIO_write(bio, hugebuf, (int)retlen);
+ }
+ CRYPTO_pop_info();
+ return(ret);
+ }
+
+/* As snprintf is not available everywhere, we provide our own implementation.
+ * This function has nothing to do with BIOs, but it's closely related
+ * to BIO_printf, and we need *some* name prefix ...
+ * (XXX the function should be renamed, but to what?) */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ {
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+
+ ret = BIO_vsnprintf(buf, n, format, args);
+
+ va_end(args);
+ return(ret);
+ }
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ {
+ size_t retlen;
+ int truncated;
+
+ _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+
+ if (truncated)
+ /* In case of truncation, return -1 like traditional snprintf.
+ * (Current drafts for ISO/IEC 9899 say snprintf should return
+ * the number of characters that would have been written,
+ * had the buffer been large enough.) */
+ return -1;
+ else
+ return (retlen <= INT_MAX) ? (int)retlen : -1;
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/b_sock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_sock.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/b_sock.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,793 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+#include <netdb.h>
+#if defined(NETWARE_CLIB)
+#include <sys/ioctl.h>
+NETDB_DEFINE_CONTEXT
+#endif
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#ifdef SO_MAXCONN
+#define MAX_LISTEN SO_MAXCONN
+#elif defined(SOMAXCONN)
+#define MAX_LISTEN SOMAXCONN
+#else
+#define MAX_LISTEN 32
+#endif
+
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+static int wsa_init_done=0;
+#endif
+
+#if 0
+static unsigned long BIO_ghbn_hits=0L;
+static unsigned long BIO_ghbn_miss=0L;
+
+#define GHBN_NUM 4
+static struct ghbn_cache_st
+ {
+ char name[129];
+ struct hostent *ent;
+ unsigned long order;
+ } ghbn_cache[GHBN_NUM];
+#endif
+
+static int get_ip(const char *str,unsigned char *ip);
+#if 0
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
+#endif
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+ {
+ int i;
+ int err = 1;
+ int locked = 0;
+ struct hostent *he;
+
+ i=get_ip(str,ip);
+ if (i < 0)
+ {
+ BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+ goto err;
+ }
+
+ /* At this point, we have something that is most probably correct
+ in some way, so let's init the socket. */
+ if (BIO_sock_init() != 1)
+ return 0; /* don't generate another error code here */
+
+ /* If the string actually contained an IP address, we need not do
+ anything more */
+ if (i > 0) return(1);
+
+ /* do a gethostbyname */
+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+ locked = 1;
+ he=BIO_gethostbyname(str);
+ if (he == NULL)
+ {
+ BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+ goto err;
+ }
+
+ /* cast to short because of win16 winsock definition */
+ if ((short)he->h_addrtype != AF_INET)
+ {
+ BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+ goto err;
+ }
+ for (i=0; i<4; i++)
+ ip[i]=he->h_addr_list[0][i];
+ err = 0;
+
+ err:
+ if (locked)
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+ if (err)
+ {
+ ERR_add_error_data(2,"host=",str);
+ return 0;
+ }
+ else
+ return 1;
+ }
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+ {
+ int i;
+ struct servent *s;
+
+ if (str == NULL)
+ {
+ BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
+ return(0);
+ }
+ i=atoi(str);
+ if (i != 0)
+ *port_ptr=(unsigned short)i;
+ else
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+ /* Note: under VMS with SOCKETSHR, it seems like the first
+ * parameter is 'char *', instead of 'const char *'
+ */
+#ifndef CONST_STRICT
+ s=getservbyname((char *)str,"tcp");
+#else
+ s=getservbyname(str,"tcp");
+#endif
+ if(s != NULL)
+ *port_ptr=ntohs((unsigned short)s->s_port);
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+ if(s == NULL)
+ {
+ if (strcmp(str,"http") == 0)
+ *port_ptr=80;
+ else if (strcmp(str,"telnet") == 0)
+ *port_ptr=23;
+ else if (strcmp(str,"socks") == 0)
+ *port_ptr=1080;
+ else if (strcmp(str,"https") == 0)
+ *port_ptr=443;
+ else if (strcmp(str,"ssl") == 0)
+ *port_ptr=443;
+ else if (strcmp(str,"ftp") == 0)
+ *port_ptr=21;
+ else if (strcmp(str,"gopher") == 0)
+ *port_ptr=70;
+#if 0
+ else if (strcmp(str,"wais") == 0)
+ *port_ptr=21;
+#endif
+ else
+ {
+ SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
+ ERR_add_error_data(3,"service='",str,"'");
+ return(0);
+ }
+ }
+ }
+ return(1);
+ }
+
+int BIO_sock_error(int sock)
+ {
+ int j,i;
+ int size;
+
+ size=sizeof(int);
+ /* Note: under Windows the third parameter is of type (char *)
+ * whereas under other systems it is (void *) if you don't have
+ * a cast it will choke the compiler: if you do have a cast then
+ * you can either go for (char *) or (void *).
+ */
+ i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
+ if (i < 0)
+ return(1);
+ else
+ return(j);
+ }
+
+#if 0
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
+ {
+ int i;
+ char **p;
+
+ switch (cmd)
+ {
+ case BIO_GHBN_CTRL_HITS:
+ return(BIO_ghbn_hits);
+ /* break; */
+ case BIO_GHBN_CTRL_MISSES:
+ return(BIO_ghbn_miss);
+ /* break; */
+ case BIO_GHBN_CTRL_CACHE_SIZE:
+ return(GHBN_NUM);
+ /* break; */
+ case BIO_GHBN_CTRL_GET_ENTRY:
+ if ((iarg >= 0) && (iarg <GHBN_NUM) &&
+ (ghbn_cache[iarg].order > 0))
+ {
+ p=(char **)parg;
+ if (p == NULL) return(0);
+ *p=ghbn_cache[iarg].name;
+ ghbn_cache[iarg].name[128]='\0';
+ return(1);
+ }
+ return(0);
+ /* break; */
+ case BIO_GHBN_CTRL_FLUSH:
+ for (i=0; i<GHBN_NUM; i++)
+ ghbn_cache[i].order=0;
+ break;
+ default:
+ return(0);
+ }
+ return(1);
+ }
+#endif
+
+#if 0
+static struct hostent *ghbn_dup(struct hostent *a)
+ {
+ struct hostent *ret;
+ int i,j;
+
+ MemCheck_off();
+ ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
+ if (ret == NULL) return(NULL);
+ memset(ret,0,sizeof(struct hostent));
+
+ for (i=0; a->h_aliases[i] != NULL; i++)
+ ;
+ i++;
+ ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
+ if (ret->h_aliases == NULL)
+ goto err;
+ memset(ret->h_aliases, 0, i*sizeof(char *));
+
+ for (i=0; a->h_addr_list[i] != NULL; i++)
+ ;
+ i++;
+ ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
+ if (ret->h_addr_list == NULL)
+ goto err;
+ memset(ret->h_addr_list, 0, i*sizeof(char *));
+
+ j=strlen(a->h_name)+1;
+ if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
+ memcpy((char *)ret->h_name,a->h_name,j);
+ for (i=0; a->h_aliases[i] != NULL; i++)
+ {
+ j=strlen(a->h_aliases[i])+1;
+ if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
+ memcpy(ret->h_aliases[i],a->h_aliases[i],j);
+ }
+ ret->h_length=a->h_length;
+ ret->h_addrtype=a->h_addrtype;
+ for (i=0; a->h_addr_list[i] != NULL; i++)
+ {
+ if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
+ goto err;
+ memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
+ }
+ if (0)
+ {
+err:
+ if (ret != NULL)
+ ghbn_free(ret);
+ ret=NULL;
+ }
+ MemCheck_on();
+ return(ret);
+ }
+
+static void ghbn_free(struct hostent *a)
+ {
+ int i;
+
+ if(a == NULL)
+ return;
+
+ if (a->h_aliases != NULL)
+ {
+ for (i=0; a->h_aliases[i] != NULL; i++)
+ OPENSSL_free(a->h_aliases[i]);
+ OPENSSL_free(a->h_aliases);
+ }
+ if (a->h_addr_list != NULL)
+ {
+ for (i=0; a->h_addr_list[i] != NULL; i++)
+ OPENSSL_free(a->h_addr_list[i]);
+ OPENSSL_free(a->h_addr_list);
+ }
+ if (a->h_name != NULL) OPENSSL_free(a->h_name);
+ OPENSSL_free(a);
+ }
+
+#endif
+
+struct hostent *BIO_gethostbyname(const char *name)
+ {
+#if 1
+ /* Caching gethostbyname() results forever is wrong,
+ * so we have to let the true gethostbyname() worry about this */
+#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+ return gethostbyname((char*)name);
+#else
+ return gethostbyname(name);
+#endif
+#else
+ struct hostent *ret;
+ int i,lowi=0,j;
+ unsigned long low= (unsigned long)-1;
+
+
+# if 0
+ /* It doesn't make sense to use locking here: The function interface
+ * is not thread-safe, because threads can never be sure when
+ * some other thread destroys the data they were given a pointer to.
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+# endif
+ j=strlen(name);
+ if (j < 128)
+ {
+ for (i=0; i<GHBN_NUM; i++)
+ {
+ if (low > ghbn_cache[i].order)
+ {
+ low=ghbn_cache[i].order;
+ lowi=i;
+ }
+ if (ghbn_cache[i].order > 0)
+ {
+ if (strncmp(name,ghbn_cache[i].name,128) == 0)
+ break;
+ }
+ }
+ }
+ else
+ i=GHBN_NUM;
+
+ if (i == GHBN_NUM) /* no hit*/
+ {
+ BIO_ghbn_miss++;
+ /* Note: under VMS with SOCKETSHR, it seems like the first
+ * parameter is 'char *', instead of 'const char *'
+ */
+# ifndef CONST_STRICT
+ ret=gethostbyname((char *)name);
+# else
+ ret=gethostbyname(name);
+# endif
+
+ if (ret == NULL)
+ goto end;
+ if (j > 128) /* too big to cache */
+ {
+# if 0
+ /* If we were trying to make this function thread-safe (which
+ * is bound to fail), we'd have to give up in this case
+ * (or allocate more memory). */
+ ret = NULL;
+# endif
+ goto end;
+ }
+
+ /* else add to cache */
+ if (ghbn_cache[lowi].ent != NULL)
+ ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+ ghbn_cache[lowi].name[0] = '\0';
+
+ if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+ {
+ BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ strncpy(ghbn_cache[lowi].name,name,128);
+ ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
+ }
+ else
+ {
+ BIO_ghbn_hits++;
+ ret= ghbn_cache[i].ent;
+ ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+ }
+end:
+# if 0
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+# endif
+ return(ret);
+#endif
+ }
+
+
+int BIO_sock_init(void)
+ {
+#ifdef OPENSSL_SYS_WINDOWS
+ static struct WSAData wsa_state;
+
+ if (!wsa_init_done)
+ {
+ int err;
+
+ wsa_init_done=1;
+ memset(&wsa_state,0,sizeof(wsa_state));
+ if (WSAStartup(0x0101,&wsa_state)!=0)
+ {
+ err=WSAGetLastError();
+ SYSerr(SYS_F_WSASTARTUP,err);
+ BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+ return(-1);
+ }
+ }
+#endif /* OPENSSL_SYS_WINDOWS */
+#ifdef WATT32
+ extern int _watt_do_exit;
+ _watt_do_exit = 0; /* don't make sock_init() call exit() */
+ if (sock_init())
+ return (-1);
+#endif
+
+#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ WORD wVerReq;
+ WSADATA wsaData;
+ int err;
+
+ if (!wsa_init_done)
+ {
+ wsa_init_done=1;
+ wVerReq = MAKEWORD( 2, 0 );
+ err = WSAStartup(wVerReq,&wsaData);
+ if (err != 0)
+ {
+ SYSerr(SYS_F_WSASTARTUP,err);
+ BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+ return(-1);
+ }
+ }
+#endif
+
+ return(1);
+ }
+
+void BIO_sock_cleanup(void)
+ {
+#ifdef OPENSSL_SYS_WINDOWS
+ if (wsa_init_done)
+ {
+ wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
+ WSACancelBlockingCall(); /* Winsock 1.1 specific */
+#endif
+ WSACleanup();
+ }
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ if (wsa_init_done)
+ {
+ wsa_init_done=0;
+ WSACleanup();
+ }
+#endif
+ }
+
+#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+ {
+ int i;
+
+#ifdef __DJGPP__
+ i=ioctlsocket(fd,type,(char *)arg);
+#else
+ i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
+ if (i < 0)
+ SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
+ return(i);
+ }
+#endif /* __VMS_VER */
+
+/* The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
+static int get_ip(const char *str, unsigned char ip[4])
+ {
+ unsigned int tmp[4];
+ int num=0,c,ok=0;
+
+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
+
+ for (;;)
+ {
+ c= *(str++);
+ if ((c >= '0') && (c <= '9'))
+ {
+ ok=1;
+ tmp[num]=tmp[num]*10+c-'0';
+ if (tmp[num] > 255) return(0);
+ }
+ else if (c == '.')
+ {
+ if (!ok) return(-1);
+ if (num == 3) return(0);
+ num++;
+ ok=0;
+ }
+ else if (c == '\0' && (num == 3) && ok)
+ break;
+ else
+ return(0);
+ }
+ ip[0]=tmp[0];
+ ip[1]=tmp[1];
+ ip[2]=tmp[2];
+ ip[3]=tmp[3];
+ return(1);
+ }
+
+int BIO_get_accept_socket(char *host, int bind_mode)
+ {
+ int ret=0;
+ struct sockaddr_in server,client;
+ int s=INVALID_SOCKET,cs;
+ unsigned char ip[4];
+ unsigned short port;
+ char *str=NULL,*e;
+ const char *h,*p;
+ unsigned long l;
+ int err_num;
+
+ if (BIO_sock_init() != 1) return(INVALID_SOCKET);
+
+ if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
+
+ h=p=NULL;
+ h=str;
+ for (e=str; *e; e++)
+ {
+ if (*e == ':')
+ {
+ p= &(e[1]);
+ *e='\0';
+ }
+ else if (*e == '/')
+ {
+ *e='\0';
+ break;
+ }
+ }
+
+ if (p == NULL)
+ {
+ p=h;
+ h="*";
+ }
+
+ if (!BIO_get_port(p,&port)) goto err;
+
+ memset((char *)&server,0,sizeof(server));
+ server.sin_family=AF_INET;
+ server.sin_port=htons(port);
+
+ if (strcmp(h,"*") == 0)
+ server.sin_addr.s_addr=INADDR_ANY;
+ else
+ {
+ if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
+ l=(unsigned long)
+ ((unsigned long)ip[0]<<24L)|
+ ((unsigned long)ip[1]<<16L)|
+ ((unsigned long)ip[2]<< 8L)|
+ ((unsigned long)ip[3]);
+ server.sin_addr.s_addr=htonl(l);
+ }
+
+again:
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ if (s == INVALID_SOCKET)
+ {
+ SYSerr(SYS_F_SOCKET,get_last_socket_error());
+ ERR_add_error_data(3,"port='",host,"'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
+ goto err;
+ }
+
+#ifdef SO_REUSEADDR
+ if (bind_mode == BIO_BIND_REUSEADDR)
+ {
+ int i=1;
+
+ ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
+ bind_mode=BIO_BIND_NORMAL;
+ }
+#endif
+ if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+ {
+#ifdef SO_REUSEADDR
+ err_num=get_last_socket_error();
+ if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+ /* Some versions of Windows define EADDRINUSE to
+ * a dummy value.
+ */
+ (err_num == WSAEADDRINUSE))
+#else
+ (err_num == EADDRINUSE))
+#endif
+ {
+ memcpy((char *)&client,(char *)&server,sizeof(server));
+ if (strcmp(h,"*") == 0)
+ client.sin_addr.s_addr=htonl(0x7F000001);
+ cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ if (cs != INVALID_SOCKET)
+ {
+ int ii;
+ ii=connect(cs,(struct sockaddr *)&client,
+ sizeof(client));
+ closesocket(cs);
+ if (ii == INVALID_SOCKET)
+ {
+ bind_mode=BIO_BIND_REUSEADDR;
+ closesocket(s);
+ goto again;
+ }
+ /* else error */
+ }
+ /* else error */
+ }
+#endif
+ SYSerr(SYS_F_BIND,err_num);
+ ERR_add_error_data(3,"port='",host,"'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+ goto err;
+ }
+ if (listen(s,MAX_LISTEN) == -1)
+ {
+ SYSerr(SYS_F_BIND,get_last_socket_error());
+ ERR_add_error_data(3,"port='",host,"'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
+ goto err;
+ }
+ ret=1;
+err:
+ if (str != NULL) OPENSSL_free(str);
+ if ((ret == 0) && (s != INVALID_SOCKET))
+ {
+ closesocket(s);
+ s= INVALID_SOCKET;
+ }
+ return(s);
+ }
+
+int BIO_accept(int sock, char **addr)
+ {
+ int ret=INVALID_SOCKET;
+ static struct sockaddr_in from;
+ unsigned long l;
+ unsigned short port;
+ int len;
+ char *p;
+
+ memset((char *)&from,0,sizeof(from));
+ len=sizeof(from);
+ /* Note: under VMS with SOCKETSHR the fourth parameter is currently
+ * of type (int *) whereas under other systems it is (void *) if
+ * you don't have a cast it will choke the compiler: if you do
+ * have a cast then you can either go for (int *) or (void *).
+ */
+ ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
+ if (ret == INVALID_SOCKET)
+ {
+ if(BIO_sock_should_retry(ret)) return -2;
+ SYSerr(SYS_F_ACCEPT,get_last_socket_error());
+ BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
+ goto end;
+ }
+
+ if (addr == NULL) goto end;
+
+ l=ntohl(from.sin_addr.s_addr);
+ port=ntohs(from.sin_port);
+ if (*addr == NULL)
+ {
+ if ((p=OPENSSL_malloc(24)) == NULL)
+ {
+ BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ *addr=p;
+ }
+ BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
+ (unsigned char)(l>>24L)&0xff,
+ (unsigned char)(l>>16L)&0xff,
+ (unsigned char)(l>> 8L)&0xff,
+ (unsigned char)(l )&0xff,
+ port);
+end:
+ return(ret);
+ }
+
+int BIO_set_tcp_ndelay(int s, int on)
+ {
+ int ret=0;
+#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+ int opt;
+
+#ifdef SOL_TCP
+ opt=SOL_TCP;
+#else
+#ifdef IPPROTO_TCP
+ opt=IPPROTO_TCP;
+#endif
+#endif
+
+ ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
+#endif
+ return(ret == 0);
+ }
+#endif
+
+int BIO_socket_nbio(int s, int mode)
+ {
+ int ret= -1;
+ int l;
+
+ l=mode;
+#ifdef FIONBIO
+ ret=BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+ return(ret == 0);
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/bf_buff.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_buff.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bf_buff.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,512 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int buffer_write(BIO *h, const char *buf,int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE 4096
+
+static BIO_METHOD methods_buffer=
+ {
+ BIO_TYPE_BUFFER,
+ "buffer",
+ buffer_write,
+ buffer_read,
+ buffer_puts,
+ buffer_gets,
+ buffer_ctrl,
+ buffer_new,
+ buffer_free,
+ buffer_callback_ctrl,
+ };
+
+BIO_METHOD *BIO_f_buffer(void)
+ {
+ return(&methods_buffer);
+ }
+
+static int buffer_new(BIO *bi)
+ {
+ BIO_F_BUFFER_CTX *ctx;
+
+ ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
+ if (ctx == NULL) return(0);
+ ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+ if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
+ ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+ if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
+ ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
+ ctx->obuf_size=DEFAULT_BUFFER_SIZE;
+ ctx->ibuf_len=0;
+ ctx->ibuf_off=0;
+ ctx->obuf_len=0;
+ ctx->obuf_off=0;
+
+ bi->init=1;
+ bi->ptr=(char *)ctx;
+ bi->flags=0;
+ return(1);
+ }
+
+static int buffer_free(BIO *a)
+ {
+ BIO_F_BUFFER_CTX *b;
+
+ if (a == NULL) return(0);
+ b=(BIO_F_BUFFER_CTX *)a->ptr;
+ if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
+ if (b->obuf != NULL) OPENSSL_free(b->obuf);
+ OPENSSL_free(a->ptr);
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ return(1);
+ }
+
+static int buffer_read(BIO *b, char *out, int outl)
+ {
+ int i,num=0;
+ BIO_F_BUFFER_CTX *ctx;
+
+ if (out == NULL) return(0);
+ ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+ num=0;
+ BIO_clear_retry_flags(b);
+
+start:
+ i=ctx->ibuf_len;
+ /* If there is stuff left over, grab it */
+ if (i != 0)
+ {
+ if (i > outl) i=outl;
+ memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
+ ctx->ibuf_off+=i;
+ ctx->ibuf_len-=i;
+ num+=i;
+ if (outl == i) return(num);
+ outl-=i;
+ out+=i;
+ }
+
+ /* We may have done a partial read. try to do more.
+ * We have nothing in the buffer.
+ * If we get an error and have read some data, just return it
+ * and let them retry to get the error again.
+ * copy direct to parent address space */
+ if (outl > ctx->ibuf_size)
+ {
+ for (;;)
+ {
+ i=BIO_read(b->next_bio,out,outl);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+ num+=i;
+ if (outl == i) return(num);
+ out+=i;
+ outl-=i;
+ }
+ }
+ /* else */
+
+ /* we are going to be doing some buffering */
+ i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+ ctx->ibuf_off=0;
+ ctx->ibuf_len=i;
+
+ /* Lets re-read using ourselves :-) */
+ goto start;
+ }
+
+static int buffer_write(BIO *b, const char *in, int inl)
+ {
+ int i,num=0;
+ BIO_F_BUFFER_CTX *ctx;
+
+ if ((in == NULL) || (inl <= 0)) return(0);
+ ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+ if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+ BIO_clear_retry_flags(b);
+start:
+ i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
+ /* add to buffer and return */
+ if (i >= inl)
+ {
+ memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
+ ctx->obuf_len+=inl;
+ return(num+inl);
+ }
+ /* else */
+ /* stuff already in buffer, so add to it first, then flush */
+ if (ctx->obuf_len != 0)
+ {
+ if (i > 0) /* lets fill it up if we can */
+ {
+ memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
+ in+=i;
+ inl-=i;
+ num+=i;
+ ctx->obuf_len+=i;
+ }
+ /* we now have a full buffer needing flushing */
+ for (;;)
+ {
+ i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
+ ctx->obuf_len);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+ ctx->obuf_off+=i;
+ ctx->obuf_len-=i;
+ if (ctx->obuf_len == 0) break;
+ }
+ }
+ /* we only get here if the buffer has been flushed and we
+ * still have stuff to write */
+ ctx->obuf_off=0;
+
+ /* we now have inl bytes to write */
+ while (inl >= ctx->obuf_size)
+ {
+ i=BIO_write(b->next_bio,in,inl);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+ num+=i;
+ in+=i;
+ inl-=i;
+ if (inl == 0) return(num);
+ }
+
+ /* copy the rest into the buffer since we have only a small
+ * amount left */
+ goto start;
+ }
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ BIO *dbio;
+ BIO_F_BUFFER_CTX *ctx;
+ long ret=1;
+ char *p1,*p2;
+ int r,i,*ip;
+ int ibs,obs;
+
+ ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ ctx->ibuf_off=0;
+ ctx->ibuf_len=0;
+ ctx->obuf_off=0;
+ ctx->obuf_len=0;
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ case BIO_CTRL_INFO:
+ ret=(long)ctx->obuf_len;
+ break;
+ case BIO_C_GET_BUFF_NUM_LINES:
+ ret=0;
+ p1=ctx->ibuf;
+ for (i=0; i<ctx->ibuf_len; i++)
+ {
+ if (p1[ctx->ibuf_off + i] == '\n') ret++;
+ }
+ break;
+ case BIO_CTRL_WPENDING:
+ ret=(long)ctx->obuf_len;
+ if (ret == 0)
+ {
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ }
+ break;
+ case BIO_CTRL_PENDING:
+ ret=(long)ctx->ibuf_len;
+ if (ret == 0)
+ {
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ }
+ break;
+ case BIO_C_SET_BUFF_READ_DATA:
+ if (num > ctx->ibuf_size)
+ {
+ p1=OPENSSL_malloc((int)num);
+ if (p1 == NULL) goto malloc_error;
+ if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
+ ctx->ibuf=p1;
+ }
+ ctx->ibuf_off=0;
+ ctx->ibuf_len=(int)num;
+ memcpy(ctx->ibuf,ptr,(int)num);
+ ret=1;
+ break;
+ case BIO_C_SET_BUFF_SIZE:
+ if (ptr != NULL)
+ {
+ ip=(int *)ptr;
+ if (*ip == 0)
+ {
+ ibs=(int)num;
+ obs=ctx->obuf_size;
+ }
+ else /* if (*ip == 1) */
+ {
+ ibs=ctx->ibuf_size;
+ obs=(int)num;
+ }
+ }
+ else
+ {
+ ibs=(int)num;
+ obs=(int)num;
+ }
+ p1=ctx->ibuf;
+ p2=ctx->obuf;
+ if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
+ {
+ p1=(char *)OPENSSL_malloc((int)num);
+ if (p1 == NULL) goto malloc_error;
+ }
+ if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
+ {
+ p2=(char *)OPENSSL_malloc((int)num);
+ if (p2 == NULL)
+ {
+ if (p1 != ctx->ibuf) OPENSSL_free(p1);
+ goto malloc_error;
+ }
+ }
+ if (ctx->ibuf != p1)
+ {
+ OPENSSL_free(ctx->ibuf);
+ ctx->ibuf=p1;
+ ctx->ibuf_off=0;
+ ctx->ibuf_len=0;
+ ctx->ibuf_size=ibs;
+ }
+ if (ctx->obuf != p2)
+ {
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf=p2;
+ ctx->obuf_off=0;
+ ctx->obuf_len=0;
+ ctx->obuf_size=obs;
+ }
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ if (b->next_bio == NULL) return(0);
+ BIO_clear_retry_flags(b);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_CTRL_FLUSH:
+ if (b->next_bio == NULL) return(0);
+ if (ctx->obuf_len <= 0)
+ {
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+
+ for (;;)
+ {
+ BIO_clear_retry_flags(b);
+ if (ctx->obuf_len > 0)
+ {
+ r=BIO_write(b->next_bio,
+ &(ctx->obuf[ctx->obuf_off]),
+ ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
+#endif
+ BIO_copy_next_retry(b);
+ if (r <= 0) return((long)r);
+ ctx->obuf_off+=r;
+ ctx->obuf_len-=r;
+ }
+ else
+ {
+ ctx->obuf_len=0;
+ ctx->obuf_off=0;
+ ret=1;
+ break;
+ }
+ }
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ case BIO_CTRL_DUP:
+ dbio=(BIO *)ptr;
+ if ( !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
+ !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+ ret=0;
+ break;
+ default:
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+ return(ret);
+malloc_error:
+ BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ long ret=1;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ default:
+ ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+ break;
+ }
+ return(ret);
+ }
+
+static int buffer_gets(BIO *b, char *buf, int size)
+ {
+ BIO_F_BUFFER_CTX *ctx;
+ int num=0,i,flag;
+ char *p;
+
+ ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+ size--; /* reserve space for a '\0' */
+ BIO_clear_retry_flags(b);
+
+ for (;;)
+ {
+ if (ctx->ibuf_len > 0)
+ {
+ p= &(ctx->ibuf[ctx->ibuf_off]);
+ flag=0;
+ for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
+ {
+ *(buf++)=p[i];
+ if (p[i] == '\n')
+ {
+ flag=1;
+ i++;
+ break;
+ }
+ }
+ num+=i;
+ size-=i;
+ ctx->ibuf_len-=i;
+ ctx->ibuf_off+=i;
+ if (flag || size == 0)
+ {
+ *buf='\0';
+ return(num);
+ }
+ }
+ else /* read another chunk */
+ {
+ i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+ *buf='\0';
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+ ctx->ibuf_len=i;
+ ctx->ibuf_off=0;
+ }
+ }
+ }
+
+static int buffer_puts(BIO *b, const char *str)
+ {
+ return(buffer_write(b,str,strlen(str)));
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,397 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf,int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer=
+ {
+ BIO_TYPE_LINEBUFFER,
+ "linebuffer",
+ linebuffer_write,
+ linebuffer_read,
+ linebuffer_puts,
+ linebuffer_gets,
+ linebuffer_ctrl,
+ linebuffer_new,
+ linebuffer_free,
+ linebuffer_callback_ctrl,
+ };
+
+BIO_METHOD *BIO_f_linebuffer(void)
+ {
+ return(&methods_linebuffer);
+ }
+
+typedef struct bio_linebuffer_ctx_struct
+ {
+ char *obuf; /* the output char array */
+ int obuf_size; /* how big is the output buffer */
+ int obuf_len; /* how many bytes are in it */
+ } BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+ {
+ BIO_LINEBUFFER_CTX *ctx;
+
+ ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+ if (ctx == NULL) return(0);
+ ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+ if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
+ ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
+ ctx->obuf_len=0;
+
+ bi->init=1;
+ bi->ptr=(char *)ctx;
+ bi->flags=0;
+ return(1);
+ }
+
+static int linebuffer_free(BIO *a)
+ {
+ BIO_LINEBUFFER_CTX *b;
+
+ if (a == NULL) return(0);
+ b=(BIO_LINEBUFFER_CTX *)a->ptr;
+ if (b->obuf != NULL) OPENSSL_free(b->obuf);
+ OPENSSL_free(a->ptr);
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ return(1);
+ }
+
+static int linebuffer_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+
+ if (out == NULL) return(0);
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_read(b->next_bio,out,outl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return(ret);
+ }
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+ {
+ int i,num=0,foundnl;
+ BIO_LINEBUFFER_CTX *ctx;
+
+ if ((in == NULL) || (inl <= 0)) return(0);
+ ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+ if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+ BIO_clear_retry_flags(b);
+
+ do
+ {
+ const char *p;
+
+ for(p = in; p < in + inl && *p != '\n'; p++)
+ ;
+ if (*p == '\n')
+ {
+ p++;
+ foundnl = 1;
+ }
+ else
+ foundnl = 0;
+
+ /* If a NL was found and we already have text in the save
+ buffer, concatenate them and write */
+ while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+ && ctx->obuf_len > 0)
+ {
+ int orig_olen = ctx->obuf_len;
+
+ i = ctx->obuf_size - ctx->obuf_len;
+ if (p - in > 0)
+ {
+ if (i >= p - in)
+ {
+ memcpy(&(ctx->obuf[ctx->obuf_len]),
+ in,p - in);
+ ctx->obuf_len += p - in;
+ inl -= p - in;
+ num += p - in;
+ in = p;
+ }
+ else
+ {
+ memcpy(&(ctx->obuf[ctx->obuf_len]),
+ in,i);
+ ctx->obuf_len += i;
+ inl -= i;
+ in += i;
+ num += i;
+ }
+ }
+
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+ i=BIO_write(b->next_bio,
+ ctx->obuf, ctx->obuf_len);
+ if (i <= 0)
+ {
+ ctx->obuf_len = orig_olen;
+ BIO_copy_next_retry(b);
+
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + i,
+ ctx->obuf_len - i);
+ ctx->obuf_len-=i;
+ }
+
+ /* Now that the save buffer is emptied, let's write the input
+ buffer if a NL was found and there is anything to write. */
+ if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+ {
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+ i=BIO_write(b->next_bio,in,p - in);
+ if (i <= 0)
+ {
+ BIO_copy_next_retry(b);
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < 0) return((num > 0)?num:i);
+ if (i == 0) return(num);
+ }
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+ num+=i;
+ in+=i;
+ inl-=i;
+ }
+ }
+ while(foundnl && inl > 0);
+ /* We've written as much as we can. The rest of the input buffer, if
+ any, is text that doesn't and with a NL and therefore needs to be
+ saved for the next trip. */
+ if (inl > 0)
+ {
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+ ctx->obuf_len += inl;
+ num += inl;
+ }
+ return num;
+ }
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ BIO *dbio;
+ BIO_LINEBUFFER_CTX *ctx;
+ long ret=1;
+ char *p;
+ int r;
+ int obs;
+
+ ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ ctx->obuf_len=0;
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ case BIO_CTRL_INFO:
+ ret=(long)ctx->obuf_len;
+ break;
+ case BIO_CTRL_WPENDING:
+ ret=(long)ctx->obuf_len;
+ if (ret == 0)
+ {
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ }
+ break;
+ case BIO_C_SET_BUFF_SIZE:
+ obs=(int)num;
+ p=ctx->obuf;
+ if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
+ {
+ p=(char *)OPENSSL_malloc((int)num);
+ if (p == NULL)
+ goto malloc_error;
+ }
+ if (ctx->obuf != p)
+ {
+ if (ctx->obuf_len > obs)
+ {
+ ctx->obuf_len = obs;
+ }
+ memcpy(p, ctx->obuf, ctx->obuf_len);
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf=p;
+ ctx->obuf_size=obs;
+ }
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ if (b->next_bio == NULL) return(0);
+ BIO_clear_retry_flags(b);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_CTRL_FLUSH:
+ if (b->next_bio == NULL) return(0);
+ if (ctx->obuf_len <= 0)
+ {
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+
+ for (;;)
+ {
+ BIO_clear_retry_flags(b);
+ if (ctx->obuf_len > 0)
+ {
+ r=BIO_write(b->next_bio,
+ ctx->obuf, ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
+#endif
+ BIO_copy_next_retry(b);
+ if (r <= 0) return((long)r);
+ if (r < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + r,
+ ctx->obuf_len - r);
+ ctx->obuf_len-=r;
+ }
+ else
+ {
+ ctx->obuf_len=0;
+ ret=1;
+ break;
+ }
+ }
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ case BIO_CTRL_DUP:
+ dbio=(BIO *)ptr;
+ if ( !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+ ret=0;
+ break;
+ default:
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+ return(ret);
+malloc_error:
+ BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ long ret=1;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ default:
+ ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+ break;
+ }
+ return(ret);
+ }
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+ {
+ if (b->next_bio == NULL) return(0);
+ return(BIO_gets(b->next_bio,buf,size));
+ }
+
+static int linebuffer_puts(BIO *b, const char *str)
+ {
+ return(linebuffer_write(b,str,strlen(str)));
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,253 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nbiof_write(BIO *h,const char *buf,int num);
+static int nbiof_read(BIO *h,char *buf,int size);
+static int nbiof_puts(BIO *h,const char *str);
+static int nbiof_gets(BIO *h,char *str,int size);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
+typedef struct nbio_test_st
+ {
+ /* only set if we sent a 'should retry' error */
+ int lrn;
+ int lwn;
+ } NBIO_TEST;
+
+static BIO_METHOD methods_nbiof=
+ {
+ BIO_TYPE_NBIO_TEST,
+ "non-blocking IO test filter",
+ nbiof_write,
+ nbiof_read,
+ nbiof_puts,
+ nbiof_gets,
+ nbiof_ctrl,
+ nbiof_new,
+ nbiof_free,
+ nbiof_callback_ctrl,
+ };
+
+BIO_METHOD *BIO_f_nbio_test(void)
+ {
+ return(&methods_nbiof);
+ }
+
+static int nbiof_new(BIO *bi)
+ {
+ NBIO_TEST *nt;
+
+ if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+ nt->lrn= -1;
+ nt->lwn= -1;
+ bi->ptr=(char *)nt;
+ bi->init=1;
+ bi->flags=0;
+ return(1);
+ }
+
+static int nbiof_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->ptr != NULL)
+ OPENSSL_free(a->ptr);
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ return(1);
+ }
+
+static int nbiof_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+#if 1
+ int num;
+ unsigned char n;
+#endif
+
+ if (out == NULL) return(0);
+ if (b->next_bio == NULL) return(0);
+
+ BIO_clear_retry_flags(b);
+#if 1
+ RAND_pseudo_bytes(&n,1);
+ num=(n&0x07);
+
+ if (outl > num) outl=num;
+
+ if (num == 0)
+ {
+ ret= -1;
+ BIO_set_retry_read(b);
+ }
+ else
+#endif
+ {
+ ret=BIO_read(b->next_bio,out,outl);
+ if (ret < 0)
+ BIO_copy_next_retry(b);
+ }
+ return(ret);
+ }
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+ {
+ NBIO_TEST *nt;
+ int ret=0;
+ int num;
+ unsigned char n;
+
+ if ((in == NULL) || (inl <= 0)) return(0);
+ if (b->next_bio == NULL) return(0);
+ nt=(NBIO_TEST *)b->ptr;
+
+ BIO_clear_retry_flags(b);
+
+#if 1
+ if (nt->lwn > 0)
+ {
+ num=nt->lwn;
+ nt->lwn=0;
+ }
+ else
+ {
+ RAND_pseudo_bytes(&n,1);
+ num=(n&7);
+ }
+
+ if (inl > num) inl=num;
+
+ if (num == 0)
+ {
+ ret= -1;
+ BIO_set_retry_write(b);
+ }
+ else
+#endif
+ {
+ ret=BIO_write(b->next_bio,in,inl);
+ if (ret < 0)
+ {
+ BIO_copy_next_retry(b);
+ nt->lwn=inl;
+ }
+ }
+ return(ret);
+ }
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_DUP:
+ ret=0L;
+ break;
+ default:
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ break;
+ }
+ return(ret);
+ }
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ long ret=1;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ default:
+ ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+ break;
+ }
+ return(ret);
+ }
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+ {
+ if (bp->next_bio == NULL) return(0);
+ return(BIO_gets(bp->next_bio,buf,size));
+ }
+
+
+static int nbiof_puts(BIO *bp, const char *str)
+ {
+ if (bp->next_bio == NULL) return(0);
+ return(BIO_puts(bp->next_bio,str));
+ }
+
+
Added: vendor-crypto/openssl/dist/crypto/bio/bf_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_null.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bf_null.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,183 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static BIO_METHOD methods_nullf=
+ {
+ BIO_TYPE_NULL_FILTER,
+ "NULL filter",
+ nullf_write,
+ nullf_read,
+ nullf_puts,
+ nullf_gets,
+ nullf_ctrl,
+ nullf_new,
+ nullf_free,
+ nullf_callback_ctrl,
+ };
+
+BIO_METHOD *BIO_f_null(void)
+ {
+ return(&methods_nullf);
+ }
+
+static int nullf_new(BIO *bi)
+ {
+ bi->init=1;
+ bi->ptr=NULL;
+ bi->flags=0;
+ return(1);
+ }
+
+static int nullf_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+/* a->ptr=NULL;
+ a->init=0;
+ a->flags=0;*/
+ return(1);
+ }
+
+static int nullf_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+
+ if (out == NULL) return(0);
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_read(b->next_bio,out,outl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return(ret);
+ }
+
+static int nullf_write(BIO *b, const char *in, int inl)
+ {
+ int ret=0;
+
+ if ((in == NULL) || (inl <= 0)) return(0);
+ if (b->next_bio == NULL) return(0);
+ ret=BIO_write(b->next_bio,in,inl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return(ret);
+ }
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret;
+
+ if (b->next_bio == NULL) return(0);
+ switch(cmd)
+ {
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_DUP:
+ ret=0L;
+ break;
+ default:
+ ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+ }
+ return(ret);
+ }
+
+static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ long ret=1;
+
+ if (b->next_bio == NULL) return(0);
+ switch (cmd)
+ {
+ default:
+ ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+ break;
+ }
+ return(ret);
+ }
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+ {
+ if (bp->next_bio == NULL) return(0);
+ return(BIO_gets(bp->next_bio,buf,size));
+ }
+
+
+static int nullf_puts(BIO *bp, const char *str)
+ {
+ if (bp->next_bio == NULL) return(0);
+ return(BIO_puts(bp->next_bio,str));
+ }
+
+
Added: vendor-crypto/openssl/dist/crypto/bio/bio.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bio.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,791 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+#define HEADER_BIO_H
+
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+#endif
+#include <stdarg.h>
+
+#include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These are the 'types' of BIOs */
+#define BIO_TYPE_NONE 0
+#define BIO_TYPE_MEM (1|0x0400)
+#define BIO_TYPE_FILE (2|0x0400)
+
+#define BIO_TYPE_FD (4|0x0400|0x0100)
+#define BIO_TYPE_SOCKET (5|0x0400|0x0100)
+#define BIO_TYPE_NULL (6|0x0400)
+#define BIO_TYPE_SSL (7|0x0200)
+#define BIO_TYPE_MD (8|0x0200) /* passive filter */
+#define BIO_TYPE_BUFFER (9|0x0200) /* filter */
+#define BIO_TYPE_CIPHER (10|0x0200) /* filter */
+#define BIO_TYPE_BASE64 (11|0x0200) /* filter */
+#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */
+#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */
+#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */
+#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */
+#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */
+#define BIO_TYPE_NULL_FILTER (17|0x0200)
+#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */
+#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */
+#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */
+#define BIO_TYPE_DGRAM (21|0x0400|0x0100)
+#define BIO_TYPE_COMP (23|0x0200) /* filter */
+
+#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
+#define BIO_TYPE_FILTER 0x0200
+#define BIO_TYPE_SOURCE_SINK 0x0400
+
+/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+#define BIO_NOCLOSE 0x00
+#define BIO_CLOSE 0x01
+
+/* These are used in the following macros and are passed to
+ * BIO_ctrl() */
+#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */
+#define BIO_CTRL_EOF 2 /* opt - are we at the eof */
+#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */
+#define BIO_CTRL_SET 4 /* man - set the 'IO' type */
+#define BIO_CTRL_GET 5 /* man - get the 'IO' type */
+#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */
+#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */
+#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */
+#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */
+#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */
+#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */
+#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */
+#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */
+#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */
+
+#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
+
+/* dgram BIO stuff */
+#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */
+#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally
+ * connected socket to be
+ * passed in */
+#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
+#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
+#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
+#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
+
+#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
+#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */
+/* #endif */
+
+#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
+#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
+#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
+ * MTU. want to use this
+ * if asking the kernel
+ * fails */
+
+#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU
+ * was exceed in the
+ * previous write
+ * operation */
+
+#define BIO_CTRL_DGRAM_GET_PEER 46
+#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
+
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
+ * adjust socket timeouts */
+
+/* modifiers */
+#define BIO_FP_READ 0x02
+#define BIO_FP_WRITE 0x04
+#define BIO_FP_APPEND 0x08
+#define BIO_FP_TEXT 0x10
+
+#define BIO_FLAGS_READ 0x01
+#define BIO_FLAGS_WRITE 0x02
+#define BIO_FLAGS_IO_SPECIAL 0x04
+#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+#define BIO_FLAGS_SHOULD_RETRY 0x08
+#ifndef BIO_FLAGS_UPLINK
+/* "UPLINK" flag denotes file descriptors provided by application.
+ It defaults to 0, as most platforms don't require UPLINK interface. */
+#define BIO_FLAGS_UPLINK 0
+#endif
+
+/* Used in BIO_gethostbyname() */
+#define BIO_GHBN_CTRL_HITS 1
+#define BIO_GHBN_CTRL_MISSES 2
+#define BIO_GHBN_CTRL_CACHE_SIZE 3
+#define BIO_GHBN_CTRL_GET_ENTRY 4
+#define BIO_GHBN_CTRL_FLUSH 5
+
+/* Mostly used in the SSL BIO */
+/* Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40
+ */
+
+#define BIO_FLAGS_BASE64_NO_NL 0x100
+
+/* This is used with memory BIOs: it means we shouldn't free up or change the
+ * data in any way.
+ */
+#define BIO_FLAGS_MEM_RDONLY 0x200
+
+typedef struct bio_st BIO;
+
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+#define BIO_set_retry_special(b) \
+ BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_read(b) \
+ BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_write(b) \
+ BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+#define BIO_clear_retry_flags(b) \
+ BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_get_retry_flags(b) \
+ BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
+#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
+#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS)
+#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/* The next three are used in conjunction with the
+ * BIO_should_io_special() condition. After this returns true,
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO
+ * stack and return the 'reason' for the special and the offending BIO.
+ * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+/* Returned from the SSL bio when the certificate retrieval code had an error */
+#define BIO_RR_SSL_X509_LOOKUP 0x01
+/* Returned from the connect BIO when a connect would have blocked */
+#define BIO_RR_CONNECT 0x02
+/* Returned from the accept BIO when an accept would have blocked */
+#define BIO_RR_ACCEPT 0x03
+
+/* These are passed by the BIO callback */
+#define BIO_CB_FREE 0x01
+#define BIO_CB_READ 0x02
+#define BIO_CB_WRITE 0x03
+#define BIO_CB_PUTS 0x04
+#define BIO_CB_GETS 0x05
+#define BIO_CB_CTRL 0x06
+
+/* The callback is called before and after the underling operation,
+ * The BIO_CB_RETURN flag indicates if it is after the call */
+#define BIO_CB_RETURN 0x80
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
+#define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
+void BIO_set_callback(BIO *b,
+ long (*callback)(struct bio_st *,int,const char *,int, long,long));
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+const char * BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+
+#ifndef OPENSSL_SYS_WIN16
+typedef struct bio_method_st
+ {
+ int type;
+ const char *name;
+ int (*bwrite)(BIO *, const char *, int);
+ int (*bread)(BIO *, char *, int);
+ int (*bputs)(BIO *, const char *);
+ int (*bgets)(BIO *, char *, int);
+ long (*ctrl)(BIO *, int, long, void *);
+ int (*create)(BIO *);
+ int (*destroy)(BIO *);
+ long (*callback_ctrl)(BIO *, int, bio_info_cb *);
+ } BIO_METHOD;
+#else
+typedef struct bio_method_st
+ {
+ int type;
+ const char *name;
+ int (_far *bwrite)();
+ int (_far *bread)();
+ int (_far *bputs)();
+ int (_far *bgets)();
+ long (_far *ctrl)();
+ int (_far *create)();
+ int (_far *destroy)();
+ long (_far *callback_ctrl)();
+ } BIO_METHOD;
+#endif
+
+struct bio_st
+ {
+ BIO_METHOD *method;
+ /* bio, mode, argp, argi, argl, ret */
+ long (*callback)(struct bio_st *,int,const char *,int, long,long);
+ char *cb_arg; /* first argument for the callback */
+
+ int init;
+ int shutdown;
+ int flags; /* extra storage */
+ int retry_reason;
+ int num;
+ void *ptr;
+ struct bio_st *next_bio; /* used by filter BIOs */
+ struct bio_st *prev_bio; /* used by filter BIOs */
+ int references;
+ unsigned long num_read;
+ unsigned long num_write;
+
+ CRYPTO_EX_DATA ex_data;
+ };
+
+DECLARE_STACK_OF(BIO)
+
+typedef struct bio_f_buffer_ctx_struct
+ {
+ /* Buffers are setup like this:
+ *
+ * <---------------------- size ----------------------->
+ * +---------------------------------------------------+
+ * | consumed | remaining | free space |
+ * +---------------------------------------------------+
+ * <-- off --><------- len ------->
+ */
+
+ /* BIO *bio; */ /* this is now in the BIO struct */
+ int ibuf_size; /* how big is the input buffer */
+ int obuf_size; /* how big is the output buffer */
+
+ char *ibuf; /* the char array */
+ int ibuf_len; /* how many bytes are in it */
+ int ibuf_off; /* write/read offset */
+
+ char *obuf; /* the char array */
+ int obuf_len; /* how many bytes are in it */
+ int obuf_off; /* write/read offset */
+ } BIO_F_BUFFER_CTX;
+
+/* connect BIO stuff */
+#define BIO_CONN_S_BEFORE 1
+#define BIO_CONN_S_GET_IP 2
+#define BIO_CONN_S_GET_PORT 3
+#define BIO_CONN_S_CREATE_SOCKET 4
+#define BIO_CONN_S_CONNECT 5
+#define BIO_CONN_S_OK 6
+#define BIO_CONN_S_BLOCKED_CONNECT 7
+#define BIO_CONN_S_NBIO 8
+/*#define BIO_CONN_get_param_hostname BIO_ctrl */
+
+#define BIO_C_SET_CONNECT 100
+#define BIO_C_DO_STATE_MACHINE 101
+#define BIO_C_SET_NBIO 102
+#define BIO_C_SET_PROXY_PARAM 103
+#define BIO_C_SET_FD 104
+#define BIO_C_GET_FD 105
+#define BIO_C_SET_FILE_PTR 106
+#define BIO_C_GET_FILE_PTR 107
+#define BIO_C_SET_FILENAME 108
+#define BIO_C_SET_SSL 109
+#define BIO_C_GET_SSL 110
+#define BIO_C_SET_MD 111
+#define BIO_C_GET_MD 112
+#define BIO_C_GET_CIPHER_STATUS 113
+#define BIO_C_SET_BUF_MEM 114
+#define BIO_C_GET_BUF_MEM_PTR 115
+#define BIO_C_GET_BUFF_NUM_LINES 116
+#define BIO_C_SET_BUFF_SIZE 117
+#define BIO_C_SET_ACCEPT 118
+#define BIO_C_SSL_MODE 119
+#define BIO_C_GET_MD_CTX 120
+#define BIO_C_GET_PROXY_PARAM 121
+#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */
+#define BIO_C_GET_CONNECT 123
+#define BIO_C_GET_ACCEPT 124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
+#define BIO_C_FILE_SEEK 128
+#define BIO_C_GET_CIPHER_CTX 129
+#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/
+#define BIO_C_SET_BIND_MODE 131
+#define BIO_C_GET_BIND_MODE 132
+#define BIO_C_FILE_TELL 133
+#define BIO_C_GET_SOCKS 134
+#define BIO_C_SET_SOCKS 135
+
+#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */
+#define BIO_C_GET_WRITE_BUF_SIZE 137
+#define BIO_C_MAKE_BIO_PAIR 138
+#define BIO_C_DESTROY_BIO_PAIR 139
+#define BIO_C_GET_WRITE_GUARANTEE 140
+#define BIO_C_GET_READ_REQUEST 141
+#define BIO_C_SHUTDOWN_WR 142
+#define BIO_C_NREAD0 143
+#define BIO_C_NREAD 144
+#define BIO_C_NWRITE0 145
+#define BIO_C_NWRITE 146
+#define BIO_C_RESET_READ_REQUEST 147
+#define BIO_C_SET_MD_CTX 148
+
+
+#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
+#define BIO_get_app_data(s) BIO_get_ex_data(s,0)
+
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
+#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+
+
+#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept_socket() */
+#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
+#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+#define BIO_BIND_NORMAL 0
+#define BIO_BIND_REUSEADDR_IF_UNUSED 1
+#define BIO_BIND_REUSEADDR 2
+#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+#define BIO_do_connect(b) BIO_do_handshake(b)
+#define BIO_do_accept(b) BIO_do_handshake(b)
+#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
+#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+
+#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+
+#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/* name is cast to lose const, but might be better to route through a function
+ so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
+#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
+#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_WRITE,name)
+#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_APPEND,name)
+#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/* WARNING WARNING, this ups the reference count on the read bio of the
+ * SSL structure. This is because the ssl read BIO is now pointed to by
+ * the next_bio field in the bio. So when you free the BIO, make sure
+ * you are doing a BIO_free_all() to catch the underlying BIO. */
+#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+#define BIO_set_ssl_renegotiate_bytes(b,num) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+#define BIO_get_num_renegotiates(b) \
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+#define BIO_set_mem_eof_return(b,v) \
+ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+ cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+#define BIO_ctrl_dgram_connect(b,peer) \
+ (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
+#define BIO_ctrl_set_connected(b, state, peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
+#define BIO_dgram_recv_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+#define BIO_dgram_send_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+#define BIO_dgram_get_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
+#define BIO_dgram_set_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio,int idx,void *data);
+void *BIO_get_ex_data(BIO *bio,int idx);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+unsigned long BIO_number_read(BIO *bio);
+unsigned long BIO_number_written(BIO *bio);
+
+# ifndef OPENSSL_NO_FP_API
+# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+# define BIO_s_file BIO_s_file_internal
+# define BIO_new_file BIO_new_file_internal
+# define BIO_new_fp BIO_new_fp_internal
+# else /* FP_API */
+BIO_METHOD *BIO_s_file(void );
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# define BIO_s_file_internal BIO_s_file
+# define BIO_new_file_internal BIO_new_file
+# define BIO_new_fp_internal BIO_s_file
+# endif /* FP_API */
+# endif
+BIO * BIO_new(BIO_METHOD *type);
+int BIO_set(BIO *a,BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_read(BIO *b, void *data, int len);
+int BIO_gets(BIO *bp,char *buf, int size);
+int BIO_write(BIO *b, const void *data, int len);
+int BIO_puts(BIO *bp,const char *buf);
+int BIO_indent(BIO *b,int indent,int max);
+long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+BIO * BIO_push(BIO *b,BIO *append);
+BIO * BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO * BIO_find_type(BIO *b,int bio_type);
+BIO * BIO_next(BIO *b);
+BIO * BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+BIO * BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+#ifndef OPENSSL_SYS_WIN16
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+ long argl,long ret);
+#else
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+ long argl,long ret);
+#endif
+
+BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(void *buf, int len);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+#ifndef OPENSSL_SYS_OS2
+BIO_METHOD *BIO_s_log(void);
+#endif
+BIO_METHOD *BIO_s_bio(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+#ifdef OPENSSL_SYS_VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+#endif
+BIO_METHOD *BIO_f_nbio_test(void);
+#ifndef OPENSSL_NO_DGRAM
+BIO_METHOD *BIO_s_datagram(void);
+#endif
+
+/* BIO_METHOD *BIO_f_ber(void); */
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_dgram_non_fatal_error(int error);
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
+ void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
+ void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b,const char *bytes,int len);
+int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
+#ifndef OPENSSL_NO_FP_API
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+#endif
+struct hostent *BIO_gethostbyname(const char *name);
+/* We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ * struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd,int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port,int mode);
+int BIO_accept(int sock,char **ip_port);
+int BIO_sock_init(void );
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock,int turn_on);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_dgram(int fd, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+ BIO **bio2, size_t writebuf2);
+/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * Size 0 uses default value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+
+#ifdef __GNUC__
+# define __bio_h__attr__ __attribute__
+#else
+# define __bio_h__attr__(x)
+#endif
+int BIO_printf(BIO *bio, const char *format, ...)
+ __bio_h__attr__((__format__(__printf__,2,3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+ __bio_h__attr__((__format__(__printf__,2,0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ __bio_h__attr__((__format__(__printf__,3,4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ __bio_h__attr__((__format__(__printf__,3,0)));
+#undef __bio_h__attr__
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BIO_strings(void);
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+#define BIO_F_ACPT_STATE 100
+#define BIO_F_BIO_ACCEPT 101
+#define BIO_F_BIO_BER_GET_HEADER 102
+#define BIO_F_BIO_CALLBACK_CTRL 131
+#define BIO_F_BIO_CTRL 103
+#define BIO_F_BIO_GETHOSTBYNAME 120
+#define BIO_F_BIO_GETS 104
+#define BIO_F_BIO_GET_ACCEPT_SOCKET 105
+#define BIO_F_BIO_GET_HOST_IP 106
+#define BIO_F_BIO_GET_PORT 107
+#define BIO_F_BIO_MAKE_PAIR 121
+#define BIO_F_BIO_NEW 108
+#define BIO_F_BIO_NEW_FILE 109
+#define BIO_F_BIO_NEW_MEM_BUF 126
+#define BIO_F_BIO_NREAD 123
+#define BIO_F_BIO_NREAD0 124
+#define BIO_F_BIO_NWRITE 125
+#define BIO_F_BIO_NWRITE0 122
+#define BIO_F_BIO_PUTS 110
+#define BIO_F_BIO_READ 111
+#define BIO_F_BIO_SOCK_INIT 112
+#define BIO_F_BIO_WRITE 113
+#define BIO_F_BUFFER_CTRL 114
+#define BIO_F_CONN_CTRL 127
+#define BIO_F_CONN_STATE 115
+#define BIO_F_FILE_CTRL 116
+#define BIO_F_FILE_READ 130
+#define BIO_F_LINEBUFFER_CTRL 129
+#define BIO_F_MEM_READ 128
+#define BIO_F_MEM_WRITE 117
+#define BIO_F_SSL_NEW 118
+#define BIO_F_WSASTARTUP 119
+
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR 100
+#define BIO_R_BAD_FOPEN_MODE 101
+#define BIO_R_BAD_HOSTNAME_LOOKUP 102
+#define BIO_R_BROKEN_PIPE 124
+#define BIO_R_CONNECT_ERROR 103
+#define BIO_R_EOF_ON_MEMORY_BIO 127
+#define BIO_R_ERROR_SETTING_NBIO 104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107
+#define BIO_R_INVALID_ARGUMENT 125
+#define BIO_R_INVALID_IP_ADDRESS 108
+#define BIO_R_IN_USE 123
+#define BIO_R_KEEPALIVE 109
+#define BIO_R_NBIO_CONNECT_ERROR 110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111
+#define BIO_R_NO_HOSTNAME_SPECIFIED 112
+#define BIO_R_NO_PORT_DEFINED 113
+#define BIO_R_NO_PORT_SPECIFIED 114
+#define BIO_R_NO_SUCH_FILE 128
+#define BIO_R_NULL_PARAMETER 115
+#define BIO_R_TAG_MISMATCH 116
+#define BIO_R_UNABLE_TO_BIND_SOCKET 117
+#define BIO_R_UNABLE_TO_CREATE_SOCKET 118
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
+#define BIO_R_UNINITIALIZED 120
+#define BIO_R_UNSUPPORTED_METHOD 121
+#define BIO_R_WRITE_TO_READ_ONLY_BIO 126
+#define BIO_R_WSASTARTUP 122
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Added: vendor-crypto/openssl/dist/crypto/bio/bio_cb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_cb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bio_cb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,139 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret)
+ {
+ BIO *b;
+ MS_STATIC char buf[256];
+ char *p;
+ long r=1;
+ size_t p_maxlen;
+
+ if (BIO_CB_RETURN & cmd)
+ r=ret;
+
+ BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
+ p= &(buf[14]);
+ p_maxlen = sizeof buf - 14;
+ switch (cmd)
+ {
+ case BIO_CB_FREE:
+ BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
+ break;
+ case BIO_CB_READ:
+ if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+ bio->num,argi,bio->method->name,bio->num);
+ else
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+ bio->num,argi,bio->method->name);
+ break;
+ case BIO_CB_WRITE:
+ if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+ bio->num,argi,bio->method->name,bio->num);
+ else
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+ bio->num,argi,bio->method->name);
+ break;
+ case BIO_CB_PUTS:
+ BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
+ break;
+ case BIO_CB_GETS:
+ BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+ break;
+ case BIO_CB_CTRL:
+ BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+ break;
+ case BIO_CB_RETURN|BIO_CB_READ:
+ BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
+ break;
+ case BIO_CB_RETURN|BIO_CB_WRITE:
+ BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
+ break;
+ case BIO_CB_RETURN|BIO_CB_GETS:
+ BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
+ break;
+ case BIO_CB_RETURN|BIO_CB_PUTS:
+ BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
+ break;
+ case BIO_CB_RETURN|BIO_CB_CTRL:
+ BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
+ break;
+ default:
+ BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
+ break;
+ }
+
+ b=(BIO *)bio->cb_arg;
+ if (b != NULL)
+ BIO_write(b,buf,strlen(buf));
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ else
+ fputs(buf,stderr);
+#endif
+ return(r);
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/bio_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_err.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bio_err.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,154 @@
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+
+static ERR_STRING_DATA BIO_str_functs[]=
+ {
+{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
+{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
+{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
+{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
+{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
+{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
+{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
+{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
+{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
+{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
+{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
+{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
+{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
+{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
+{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA BIO_str_reasons[]=
+ {
+{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
+{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
+{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
+{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
+{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
+{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
+{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
+{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
+{ERR_REASON(BIO_R_IN_USE) ,"in use"},
+{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
+{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
+{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
+{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
+{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
+{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
+{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
+{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
+{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
+{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
+{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
+{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
+{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
+{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_BIO_strings(void)
+ {
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
+ {
+ ERR_load_strings(0,BIO_str_functs);
+ ERR_load_strings(0,BIO_str_reasons);
+ }
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,28 @@
+#include <openssl/bio.h>
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+#define UP_stdin stdin
+#define UP_stdout stdout
+#define UP_stderr stderr
+#define UP_fprintf fprintf
+#define UP_fgets fgets
+#define UP_fread fread
+#define UP_fwrite fwrite
+#undef UP_fsetmod
+#define UP_feof feof
+#define UP_fclose fclose
+
+#define UP_fopen fopen
+#define UP_fseek fseek
+#define UP_ftell ftell
+#define UP_fflush fflush
+#define UP_ferror ferror
+#define UP_fileno fileno
+
+#define UP_open open
+#define UP_read read
+#define UP_write write
+#define UP_lseek lseek
+#define UP_close close
+#endif
Added: vendor-crypto/openssl/dist/crypto/bio/bio_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_lib.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bio_lib.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,602 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+
+BIO *BIO_new(BIO_METHOD *method)
+ {
+ BIO *ret=NULL;
+
+ ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
+ if (ret == NULL)
+ {
+ BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ if (!BIO_set(ret,method))
+ {
+ OPENSSL_free(ret);
+ ret=NULL;
+ }
+ return(ret);
+ }
+
+int BIO_set(BIO *bio, BIO_METHOD *method)
+ {
+ bio->method=method;
+ bio->callback=NULL;
+ bio->cb_arg=NULL;
+ bio->init=0;
+ bio->shutdown=1;
+ bio->flags=0;
+ bio->retry_reason=0;
+ bio->num=0;
+ bio->ptr=NULL;
+ bio->prev_bio=NULL;
+ bio->next_bio=NULL;
+ bio->references=1;
+ bio->num_read=0L;
+ bio->num_write=0L;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+ if (method->create != NULL)
+ if (!method->create(bio))
+ {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+ &bio->ex_data);
+ return(0);
+ }
+ return(1);
+ }
+
+int BIO_free(BIO *a)
+ {
+ int i;
+
+ if (a == NULL) return(0);
+
+ i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+#ifdef REF_PRINT
+ REF_PRINT("BIO",a);
+#endif
+ if (i > 0) return(1);
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"BIO_free, bad reference count\n");
+ abort();
+ }
+#endif
+ if ((a->callback != NULL) &&
+ ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
+ return(i);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+ if ((a->method != NULL) && (a->method->destroy != NULL))
+ a->method->destroy(a);
+ OPENSSL_free(a);
+ return(1);
+ }
+
+void BIO_vfree(BIO *a)
+ { BIO_free(a); }
+
+void BIO_clear_flags(BIO *b, int flags)
+ {
+ b->flags &= ~flags;
+ }
+
+int BIO_test_flags(const BIO *b, int flags)
+ {
+ return (b->flags & flags);
+ }
+
+void BIO_set_flags(BIO *b, int flags)
+ {
+ b->flags |= flags;
+ }
+
+long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
+ {
+ return b->callback;
+ }
+
+void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
+ {
+ b->callback = cb;
+ }
+
+void BIO_set_callback_arg(BIO *b, char *arg)
+ {
+ b->cb_arg = arg;
+ }
+
+char * BIO_get_callback_arg(const BIO *b)
+ {
+ return b->cb_arg;
+ }
+
+const char * BIO_method_name(const BIO *b)
+ {
+ return b->method->name;
+ }
+
+int BIO_method_type(const BIO *b)
+ {
+ return b->method->type;
+ }
+
+
+int BIO_read(BIO *b, void *out, int outl)
+ {
+ int i;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
+ {
+ BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ cb=b->callback;
+ if ((cb != NULL) &&
+ ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+ return(i);
+
+ if (!b->init)
+ {
+ BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
+ return(-2);
+ }
+
+ i=b->method->bread(b,out,outl);
+
+ if (i > 0) b->num_read+=(unsigned long)i;
+
+ if (cb != NULL)
+ i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+ 0L,(long)i);
+ return(i);
+ }
+
+int BIO_write(BIO *b, const void *in, int inl)
+ {
+ int i;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if (b == NULL)
+ return(0);
+
+ cb=b->callback;
+ if ((b->method == NULL) || (b->method->bwrite == NULL))
+ {
+ BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ if ((cb != NULL) &&
+ ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+ return(i);
+
+ if (!b->init)
+ {
+ BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
+ return(-2);
+ }
+
+ i=b->method->bwrite(b,in,inl);
+
+ if (i > 0) b->num_write+=(unsigned long)i;
+
+ if (cb != NULL)
+ i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+ 0L,(long)i);
+ return(i);
+ }
+
+int BIO_puts(BIO *b, const char *in)
+ {
+ int i;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
+ {
+ BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ cb=b->callback;
+
+ if ((cb != NULL) &&
+ ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+ return(i);
+
+ if (!b->init)
+ {
+ BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
+ return(-2);
+ }
+
+ i=b->method->bputs(b,in);
+
+ if (i > 0) b->num_write+=(unsigned long)i;
+
+ if (cb != NULL)
+ i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+ 0L,(long)i);
+ return(i);
+ }
+
+int BIO_gets(BIO *b, char *in, int inl)
+ {
+ int i;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
+ {
+ BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ cb=b->callback;
+
+ if ((cb != NULL) &&
+ ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+ return(i);
+
+ if (!b->init)
+ {
+ BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
+ return(-2);
+ }
+
+ i=b->method->bgets(b,in,inl);
+
+ if (cb != NULL)
+ i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+ 0L,(long)i);
+ return(i);
+ }
+
+int BIO_indent(BIO *b,int indent,int max)
+ {
+ if(indent < 0)
+ indent=0;
+ if(indent > max)
+ indent=max;
+ while(indent--)
+ if(BIO_puts(b," ") != 1)
+ return 0;
+ return 1;
+ }
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+ {
+ int i;
+
+ i=iarg;
+ return(BIO_ctrl(b,cmd,larg,(char *)&i));
+ }
+
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+ {
+ char *p=NULL;
+
+ if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
+ return(NULL);
+ else
+ return(p);
+ }
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+ {
+ long ret;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if (b == NULL) return(0);
+
+ if ((b->method == NULL) || (b->method->ctrl == NULL))
+ {
+ BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ cb=b->callback;
+
+ if ((cb != NULL) &&
+ ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+ return(ret);
+
+ ret=b->method->ctrl(b,cmd,larg,parg);
+
+ if (cb != NULL)
+ ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+ larg,ret);
+ return(ret);
+ }
+
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
+ {
+ long ret;
+ long (*cb)(BIO *,int,const char *,int,long,long);
+
+ if (b == NULL) return(0);
+
+ if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
+ {
+ BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);
+ return(-2);
+ }
+
+ cb=b->callback;
+
+ if ((cb != NULL) &&
+ ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
+ return(ret);
+
+ ret=b->method->callback_ctrl(b,cmd,fp);
+
+ if (cb != NULL)
+ ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
+ 0,ret);
+ return(ret);
+ }
+
+/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway. */
+size_t BIO_ctrl_pending(BIO *bio)
+ {
+ return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+ }
+
+size_t BIO_ctrl_wpending(BIO *bio)
+ {
+ return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+ }
+
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+ {
+ BIO *lb;
+
+ if (b == NULL) return(bio);
+ lb=b;
+ while (lb->next_bio != NULL)
+ lb=lb->next_bio;
+ lb->next_bio=bio;
+ if (bio != NULL)
+ bio->prev_bio=lb;
+ /* called to do internal processing */
+ BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+ return(b);
+ }
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+ {
+ BIO *ret;
+
+ if (b == NULL) return(NULL);
+ ret=b->next_bio;
+
+ BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+
+ if (b->prev_bio != NULL)
+ b->prev_bio->next_bio=b->next_bio;
+ if (b->next_bio != NULL)
+ b->next_bio->prev_bio=b->prev_bio;
+
+ b->next_bio=NULL;
+ b->prev_bio=NULL;
+ return(ret);
+ }
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+ {
+ BIO *b,*last;
+
+ b=last=bio;
+ for (;;)
+ {
+ if (!BIO_should_retry(b)) break;
+ last=b;
+ b=b->next_bio;
+ if (b == NULL) break;
+ }
+ if (reason != NULL) *reason=last->retry_reason;
+ return(last);
+ }
+
+int BIO_get_retry_reason(BIO *bio)
+ {
+ return(bio->retry_reason);
+ }
+
+BIO *BIO_find_type(BIO *bio, int type)
+ {
+ int mt,mask;
+
+ if(!bio) return NULL;
+ mask=type&0xff;
+ do {
+ if (bio->method != NULL)
+ {
+ mt=bio->method->type;
+
+ if (!mask)
+ {
+ if (mt & type) return(bio);
+ }
+ else if (mt == type)
+ return(bio);
+ }
+ bio=bio->next_bio;
+ } while (bio != NULL);
+ return(NULL);
+ }
+
+BIO *BIO_next(BIO *b)
+ {
+ if(!b) return NULL;
+ return b->next_bio;
+ }
+
+void BIO_free_all(BIO *bio)
+ {
+ BIO *b;
+ int ref;
+
+ while (bio != NULL)
+ {
+ b=bio;
+ ref=b->references;
+ bio=bio->next_bio;
+ BIO_free(b);
+ /* Since ref count > 1, don't free anyone else. */
+ if (ref > 1) break;
+ }
+ }
+
+BIO *BIO_dup_chain(BIO *in)
+ {
+ BIO *ret=NULL,*eoc=NULL,*bio,*new;
+
+ for (bio=in; bio != NULL; bio=bio->next_bio)
+ {
+ if ((new=BIO_new(bio->method)) == NULL) goto err;
+ new->callback=bio->callback;
+ new->cb_arg=bio->cb_arg;
+ new->init=bio->init;
+ new->shutdown=bio->shutdown;
+ new->flags=bio->flags;
+
+ /* This will let SSL_s_sock() work with stdin/stdout */
+ new->num=bio->num;
+
+ if (!BIO_dup_state(bio,(char *)new))
+ {
+ BIO_free(new);
+ goto err;
+ }
+
+ /* copy app data */
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+ &bio->ex_data))
+ goto err;
+
+ if (ret == NULL)
+ {
+ eoc=new;
+ ret=eoc;
+ }
+ else
+ {
+ BIO_push(eoc,new);
+ eoc=new;
+ }
+ }
+ return(ret);
+err:
+ if (ret != NULL)
+ BIO_free(ret);
+ return(NULL);
+ }
+
+void BIO_copy_next_retry(BIO *b)
+ {
+ BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
+ b->retry_reason=b->next_bio->retry_reason;
+ }
+
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+ {
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+ new_func, dup_func, free_func);
+ }
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+ {
+ return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
+ }
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+ {
+ return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
+ }
+
+unsigned long BIO_number_read(BIO *bio)
+{
+ if(bio) return bio->num_read;
+ return 0;
+}
+
+unsigned long BIO_number_written(BIO *bio)
+{
+ if(bio) return bio->num_write;
+ return 0;
+}
+
+IMPLEMENT_STACK_OF(BIO)
Added: vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,478 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+typedef struct bio_accept_st
+ {
+ int state;
+ char *param_addr;
+
+ int accept_sock;
+ int accept_nbio;
+
+ char *addr;
+ int nbio;
+ /* If 0, it means normal, if 1, do a connect on bind failure,
+ * and if there is no-one listening, bind with SO_REUSEADDR.
+ * If 2, always use SO_REUSEADDR. */
+ int bind_mode;
+ BIO *bio_chain;
+ } BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void );
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+#define ACPT_S_BEFORE 1
+#define ACPT_S_GET_ACCEPT_SOCKET 2
+#define ACPT_S_OK 3
+
+static BIO_METHOD methods_acceptp=
+ {
+ BIO_TYPE_ACCEPT,
+ "socket accept",
+ acpt_write,
+ acpt_read,
+ acpt_puts,
+ NULL, /* connect_gets, */
+ acpt_ctrl,
+ acpt_new,
+ acpt_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_accept(void)
+ {
+ return(&methods_acceptp);
+ }
+
+static int acpt_new(BIO *bi)
+ {
+ BIO_ACCEPT *ba;
+
+ bi->init=0;
+ bi->num=INVALID_SOCKET;
+ bi->flags=0;
+ if ((ba=BIO_ACCEPT_new()) == NULL)
+ return(0);
+ bi->ptr=(char *)ba;
+ ba->state=ACPT_S_BEFORE;
+ bi->shutdown=1;
+ return(1);
+ }
+
+BIO_ACCEPT *BIO_ACCEPT_new(void)
+ {
+ BIO_ACCEPT *ret;
+
+ if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
+ return(NULL);
+
+ memset(ret,0,sizeof(BIO_ACCEPT));
+ ret->accept_sock=INVALID_SOCKET;
+ ret->bind_mode=BIO_BIND_NORMAL;
+ return(ret);
+ }
+
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
+ {
+ if(a == NULL)
+ return;
+
+ if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
+ if (a->addr != NULL) OPENSSL_free(a->addr);
+ if (a->bio_chain != NULL) BIO_free(a->bio_chain);
+ OPENSSL_free(a);
+ }
+
+static void acpt_close_socket(BIO *bio)
+ {
+ BIO_ACCEPT *c;
+
+ c=(BIO_ACCEPT *)bio->ptr;
+ if (c->accept_sock != INVALID_SOCKET)
+ {
+ shutdown(c->accept_sock,2);
+ closesocket(c->accept_sock);
+ c->accept_sock=INVALID_SOCKET;
+ bio->num=INVALID_SOCKET;
+ }
+ }
+
+static int acpt_free(BIO *a)
+ {
+ BIO_ACCEPT *data;
+
+ if (a == NULL) return(0);
+ data=(BIO_ACCEPT *)a->ptr;
+
+ if (a->shutdown)
+ {
+ acpt_close_socket(a);
+ BIO_ACCEPT_free(data);
+ a->ptr=NULL;
+ a->flags=0;
+ a->init=0;
+ }
+ return(1);
+ }
+
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+ {
+ BIO *bio=NULL,*dbio;
+ int s= -1;
+ int i;
+
+again:
+ switch (c->state)
+ {
+ case ACPT_S_BEFORE:
+ if (c->param_addr == NULL)
+ {
+ BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+ return(-1);
+ }
+ s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
+ if (s == INVALID_SOCKET)
+ return(-1);
+
+ if (c->accept_nbio)
+ {
+ if (!BIO_socket_nbio(s,1))
+ {
+ closesocket(s);
+ BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+ return(-1);
+ }
+ }
+ c->accept_sock=s;
+ b->num=s;
+ c->state=ACPT_S_GET_ACCEPT_SOCKET;
+ return(1);
+ /* break; */
+ case ACPT_S_GET_ACCEPT_SOCKET:
+ if (b->next_bio != NULL)
+ {
+ c->state=ACPT_S_OK;
+ goto again;
+ }
+ BIO_clear_retry_flags(b);
+ b->retry_reason=0;
+ i=BIO_accept(c->accept_sock,&(c->addr));
+
+ /* -2 return means we should retry */
+ if(i == -2)
+ {
+ BIO_set_retry_special(b);
+ b->retry_reason=BIO_RR_ACCEPT;
+ return -1;
+ }
+
+ if (i < 0) return(i);
+
+ bio=BIO_new_socket(i,BIO_CLOSE);
+ if (bio == NULL) goto err;
+
+ BIO_set_callback(bio,BIO_get_callback(b));
+ BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
+
+ if (c->nbio)
+ {
+ if (!BIO_socket_nbio(i,1))
+ {
+ BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+ goto err;
+ }
+ }
+
+ /* If the accept BIO has an bio_chain, we dup it and
+ * put the new socket at the end. */
+ if (c->bio_chain != NULL)
+ {
+ if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
+ goto err;
+ if (!BIO_push(dbio,bio)) goto err;
+ bio=dbio;
+ }
+ if (BIO_push(b,bio) == NULL) goto err;
+
+ c->state=ACPT_S_OK;
+ return(1);
+err:
+ if (bio != NULL)
+ BIO_free(bio);
+ else if (s >= 0)
+ closesocket(s);
+ return(0);
+ /* break; */
+ case ACPT_S_OK:
+ if (b->next_bio == NULL)
+ {
+ c->state=ACPT_S_GET_ACCEPT_SOCKET;
+ goto again;
+ }
+ return(1);
+ /* break; */
+ default:
+ return(0);
+ /* break; */
+ }
+
+ }
+
+static int acpt_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+ BIO_ACCEPT *data;
+
+ BIO_clear_retry_flags(b);
+ data=(BIO_ACCEPT *)b->ptr;
+
+ while (b->next_bio == NULL)
+ {
+ ret=acpt_state(b,data);
+ if (ret <= 0) return(ret);
+ }
+
+ ret=BIO_read(b->next_bio,out,outl);
+ BIO_copy_next_retry(b);
+ return(ret);
+ }
+
+static int acpt_write(BIO *b, const char *in, int inl)
+ {
+ int ret;
+ BIO_ACCEPT *data;
+
+ BIO_clear_retry_flags(b);
+ data=(BIO_ACCEPT *)b->ptr;
+
+ while (b->next_bio == NULL)
+ {
+ ret=acpt_state(b,data);
+ if (ret <= 0) return(ret);
+ }
+
+ ret=BIO_write(b->next_bio,in,inl);
+ BIO_copy_next_retry(b);
+ return(ret);
+ }
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ int *ip;
+ long ret=1;
+ BIO_ACCEPT *data;
+ char **pp;
+
+ data=(BIO_ACCEPT *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ ret=0;
+ data->state=ACPT_S_BEFORE;
+ acpt_close_socket(b);
+ b->flags=0;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ /* use this one to start the connection */
+ ret=(long)acpt_state(b,data);
+ break;
+ case BIO_C_SET_ACCEPT:
+ if (ptr != NULL)
+ {
+ if (num == 0)
+ {
+ b->init=1;
+ if (data->param_addr != NULL)
+ OPENSSL_free(data->param_addr);
+ data->param_addr=BUF_strdup(ptr);
+ }
+ else if (num == 1)
+ {
+ data->accept_nbio=(ptr != NULL);
+ }
+ else if (num == 2)
+ {
+ if (data->bio_chain != NULL)
+ BIO_free(data->bio_chain);
+ data->bio_chain=(BIO *)ptr;
+ }
+ }
+ break;
+ case BIO_C_SET_NBIO:
+ data->nbio=(int)num;
+ break;
+ case BIO_C_SET_FD:
+ b->init=1;
+ b->num= *((int *)ptr);
+ data->accept_sock=b->num;
+ data->state=ACPT_S_GET_ACCEPT_SOCKET;
+ b->shutdown=(int)num;
+ b->init=1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init)
+ {
+ ip=(int *)ptr;
+ if (ip != NULL)
+ *ip=data->accept_sock;
+ ret=data->accept_sock;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_C_GET_ACCEPT:
+ if (b->init)
+ {
+ if (ptr != NULL)
+ {
+ pp=(char **)ptr;
+ *pp=data->param_addr;
+ }
+ else
+ ret= -1;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret=0;
+ break;
+ case BIO_CTRL_FLUSH:
+ break;
+ case BIO_C_SET_BIND_MODE:
+ data->bind_mode=(int)num;
+ break;
+ case BIO_C_GET_BIND_MODE:
+ ret=(long)data->bind_mode;
+ break;
+ case BIO_CTRL_DUP:
+/* dbio=(BIO *)ptr;
+ if (data->param_port) EAY EAY
+ BIO_set_port(dbio,data->param_port);
+ if (data->param_hostname)
+ BIO_set_hostname(dbio,data->param_hostname);
+ BIO_set_nbio(dbio,data->nbio); */
+ break;
+
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int acpt_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=acpt_write(bp,str,n);
+ return(ret);
+ }
+
+BIO *BIO_new_accept(char *str)
+ {
+ BIO *ret;
+
+ ret=BIO_new(BIO_s_accept());
+ if (ret == NULL) return(NULL);
+ if (BIO_set_accept_port(ret,str))
+ return(ret);
+ else
+ {
+ BIO_free(ret);
+ return(NULL);
+ }
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_bio.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_bio.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,924 @@
+/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* Special method for a BIO where the other endpoint is also a BIO
+ * of this kind, handled by the same thread (i.e. the "peer" is actually
+ * ourselves, wearing a different hat).
+ * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
+ * for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used. */
+
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+# define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef SSIZE_MAX
+#endif
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop =
+{
+ BIO_TYPE_BIO,
+ "BIO pair",
+ bio_write,
+ bio_read,
+ bio_puts,
+ NULL /* no bio_gets */,
+ bio_ctrl,
+ bio_new,
+ bio_free,
+ NULL /* no bio_callback_ctrl */
+};
+
+BIO_METHOD *BIO_s_bio(void)
+ {
+ return &methods_biop;
+ }
+
+struct bio_bio_st
+{
+ BIO *peer; /* NULL if buf == NULL.
+ * If peer != NULL, then peer->ptr is also a bio_bio_st,
+ * and its "peer" member points back to us.
+ * peer != NULL iff init != 0 in the BIO. */
+
+ /* This is for what we write (i.e. reading uses peer's struct): */
+ int closed; /* valid iff peer != NULL */
+ size_t len; /* valid iff buf != NULL; 0 if peer == NULL */
+ size_t offset; /* valid iff buf != NULL; 0 if len == 0 */
+ size_t size;
+ char *buf; /* "size" elements (if != NULL) */
+
+ size_t request; /* valid iff peer != NULL; 0 if len != 0,
+ * otherwise set by peer to number of bytes
+ * it (unsuccessfully) tried to read,
+ * never more than buffer space (size-len) warrants. */
+};
+
+static int bio_new(BIO *bio)
+ {
+ struct bio_bio_st *b;
+
+ b = OPENSSL_malloc(sizeof *b);
+ if (b == NULL)
+ return 0;
+
+ b->peer = NULL;
+ b->size = 17*1024; /* enough for one TLS record (just a default) */
+ b->buf = NULL;
+
+ bio->ptr = b;
+ return 1;
+ }
+
+
+static int bio_free(BIO *bio)
+ {
+ struct bio_bio_st *b;
+
+ if (bio == NULL)
+ return 0;
+ b = bio->ptr;
+
+ assert(b != NULL);
+
+ if (b->peer)
+ bio_destroy_pair(bio);
+
+ if (b->buf != NULL)
+ {
+ OPENSSL_free(b->buf);
+ }
+
+ OPENSSL_free(b);
+
+ return 1;
+ }
+
+
+
+static int bio_read(BIO *bio, char *buf, int size_)
+ {
+ size_t size = size_;
+ size_t rest;
+ struct bio_bio_st *b, *peer_b;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ peer_b = b->peer->ptr;
+ assert(peer_b != NULL);
+ assert(peer_b->buf != NULL);
+
+ peer_b->request = 0; /* will be set in "retry_read" situation */
+
+ if (buf == NULL || size == 0)
+ return 0;
+
+ if (peer_b->len == 0)
+ {
+ if (peer_b->closed)
+ return 0; /* writer has closed, and no data is left */
+ else
+ {
+ BIO_set_retry_read(bio); /* buffer is empty */
+ if (size <= peer_b->size)
+ peer_b->request = size;
+ else
+ /* don't ask for more than the peer can
+ * deliver in one write */
+ peer_b->request = peer_b->size;
+ return -1;
+ }
+ }
+
+ /* we can read */
+ if (peer_b->len < size)
+ size = peer_b->len;
+
+ /* now read "size" bytes */
+
+ rest = size;
+
+ assert(rest > 0);
+ do /* one or two iterations */
+ {
+ size_t chunk;
+
+ assert(rest <= peer_b->len);
+ if (peer_b->offset + rest <= peer_b->size)
+ chunk = rest;
+ else
+ /* wrap around ring buffer */
+ chunk = peer_b->size - peer_b->offset;
+ assert(peer_b->offset + chunk <= peer_b->size);
+
+ memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+ peer_b->len -= chunk;
+ if (peer_b->len)
+ {
+ peer_b->offset += chunk;
+ assert(peer_b->offset <= peer_b->size);
+ if (peer_b->offset == peer_b->size)
+ peer_b->offset = 0;
+ buf += chunk;
+ }
+ else
+ {
+ /* buffer now empty, no need to advance "buf" */
+ assert(chunk == rest);
+ peer_b->offset = 0;
+ }
+ rest -= chunk;
+ }
+ while (rest);
+
+ return size;
+ }
+
+/* non-copying interface: provide pointer to available data in buffer
+ * bio_nread0: return number of available bytes
+ * bio_nread: also advance index
+ * (example usage: bio_nread0(), read from buffer, bio_nread()
+ * or just bio_nread(), read from buffer)
+ */
+/* WARNING: The non-copying interface is largely untested as of yet
+ * and may contain bugs. */
+static ssize_t bio_nread0(BIO *bio, char **buf)
+ {
+ struct bio_bio_st *b, *peer_b;
+ ssize_t num;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ peer_b = b->peer->ptr;
+ assert(peer_b != NULL);
+ assert(peer_b->buf != NULL);
+
+ peer_b->request = 0;
+
+ if (peer_b->len == 0)
+ {
+ char dummy;
+
+ /* avoid code duplication -- nothing available for reading */
+ return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+ }
+
+ num = peer_b->len;
+ if (peer_b->size < peer_b->offset + num)
+ /* no ring buffer wrap-around for non-copying interface */
+ num = peer_b->size - peer_b->offset;
+ assert(num > 0);
+
+ if (buf != NULL)
+ *buf = peer_b->buf + peer_b->offset;
+ return num;
+ }
+
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+ {
+ struct bio_bio_st *b, *peer_b;
+ ssize_t num, available;
+
+ if (num_ > SSIZE_MAX)
+ num = SSIZE_MAX;
+ else
+ num = (ssize_t)num_;
+
+ available = bio_nread0(bio, buf);
+ if (num > available)
+ num = available;
+ if (num <= 0)
+ return num;
+
+ b = bio->ptr;
+ peer_b = b->peer->ptr;
+
+ peer_b->len -= num;
+ if (peer_b->len)
+ {
+ peer_b->offset += num;
+ assert(peer_b->offset <= peer_b->size);
+ if (peer_b->offset == peer_b->size)
+ peer_b->offset = 0;
+ }
+ else
+ peer_b->offset = 0;
+
+ return num;
+ }
+
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+ {
+ size_t num = num_;
+ size_t rest;
+ struct bio_bio_st *b;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init || buf == NULL || num == 0)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ assert(b->buf != NULL);
+
+ b->request = 0;
+ if (b->closed)
+ {
+ /* we already closed */
+ BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+ return -1;
+ }
+
+ assert(b->len <= b->size);
+
+ if (b->len == b->size)
+ {
+ BIO_set_retry_write(bio); /* buffer is full */
+ return -1;
+ }
+
+ /* we can write */
+ if (num > b->size - b->len)
+ num = b->size - b->len;
+
+ /* now write "num" bytes */
+
+ rest = num;
+
+ assert(rest > 0);
+ do /* one or two iterations */
+ {
+ size_t write_offset;
+ size_t chunk;
+
+ assert(b->len + rest <= b->size);
+
+ write_offset = b->offset + b->len;
+ if (write_offset >= b->size)
+ write_offset -= b->size;
+ /* b->buf[write_offset] is the first byte we can write to. */
+
+ if (write_offset + rest <= b->size)
+ chunk = rest;
+ else
+ /* wrap around ring buffer */
+ chunk = b->size - write_offset;
+
+ memcpy(b->buf + write_offset, buf, chunk);
+
+ b->len += chunk;
+
+ assert(b->len <= b->size);
+
+ rest -= chunk;
+ buf += chunk;
+ }
+ while (rest);
+
+ return num;
+ }
+
+/* non-copying interface: provide pointer to region to write to
+ * bio_nwrite0: check how much space is available
+ * bio_nwrite: also increase length
+ * (example usage: bio_nwrite0(), write to buffer, bio_nwrite()
+ * or just bio_nwrite(), write to buffer)
+ */
+static ssize_t bio_nwrite0(BIO *bio, char **buf)
+ {
+ struct bio_bio_st *b;
+ size_t num;
+ size_t write_offset;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ assert(b->buf != NULL);
+
+ b->request = 0;
+ if (b->closed)
+ {
+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+ return -1;
+ }
+
+ assert(b->len <= b->size);
+
+ if (b->len == b->size)
+ {
+ BIO_set_retry_write(bio);
+ return -1;
+ }
+
+ num = b->size - b->len;
+ write_offset = b->offset + b->len;
+ if (write_offset >= b->size)
+ write_offset -= b->size;
+ if (write_offset + num > b->size)
+ /* no ring buffer wrap-around for non-copying interface
+ * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
+ * BIO_nwrite may have to be called twice) */
+ num = b->size - write_offset;
+
+ if (buf != NULL)
+ *buf = b->buf + write_offset;
+ assert(write_offset + num <= b->size);
+
+ return num;
+ }
+
+static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+ {
+ struct bio_bio_st *b;
+ ssize_t num, space;
+
+ if (num_ > SSIZE_MAX)
+ num = SSIZE_MAX;
+ else
+ num = (ssize_t)num_;
+
+ space = bio_nwrite0(bio, buf);
+ if (num > space)
+ num = space;
+ if (num <= 0)
+ return num;
+ b = bio->ptr;
+ assert(b != NULL);
+ b->len += num;
+ assert(b->len <= b->size);
+
+ return num;
+ }
+
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+ {
+ long ret;
+ struct bio_bio_st *b = bio->ptr;
+
+ assert(b != NULL);
+
+ switch (cmd)
+ {
+ /* specific CTRL codes */
+
+ case BIO_C_SET_WRITE_BUF_SIZE:
+ if (b->peer)
+ {
+ BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+ ret = 0;
+ }
+ else if (num == 0)
+ {
+ BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+ ret = 0;
+ }
+ else
+ {
+ size_t new_size = num;
+
+ if (b->size != new_size)
+ {
+ if (b->buf)
+ {
+ OPENSSL_free(b->buf);
+ b->buf = NULL;
+ }
+ b->size = new_size;
+ }
+ ret = 1;
+ }
+ break;
+
+ case BIO_C_GET_WRITE_BUF_SIZE:
+ ret = (long) b->size;
+ break;
+
+ case BIO_C_MAKE_BIO_PAIR:
+ {
+ BIO *other_bio = ptr;
+
+ if (bio_make_pair(bio, other_bio))
+ ret = 1;
+ else
+ ret = 0;
+ }
+ break;
+
+ case BIO_C_DESTROY_BIO_PAIR:
+ /* Affects both BIOs in the pair -- call just once!
+ * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
+ bio_destroy_pair(bio);
+ ret = 1;
+ break;
+
+ case BIO_C_GET_WRITE_GUARANTEE:
+ /* How many bytes can the caller feed to the next write
+ * without having to keep any? */
+ if (b->peer == NULL || b->closed)
+ ret = 0;
+ else
+ ret = (long) b->size - b->len;
+ break;
+
+ case BIO_C_GET_READ_REQUEST:
+ /* If the peer unsuccessfully tried to read, how many bytes
+ * were requested? (As with BIO_CTRL_PENDING, that number
+ * can usually be treated as boolean.) */
+ ret = (long) b->request;
+ break;
+
+ case BIO_C_RESET_READ_REQUEST:
+ /* Reset request. (Can be useful after read attempts
+ * at the other side that are meant to be non-blocking,
+ * e.g. when probing SSL_read to see if any data is
+ * available.) */
+ b->request = 0;
+ ret = 1;
+ break;
+
+ case BIO_C_SHUTDOWN_WR:
+ /* similar to shutdown(..., SHUT_WR) */
+ b->closed = 1;
+ ret = 1;
+ break;
+
+ case BIO_C_NREAD0:
+ /* prepare for non-copying read */
+ ret = (long) bio_nread0(bio, ptr);
+ break;
+
+ case BIO_C_NREAD:
+ /* non-copying read */
+ ret = (long) bio_nread(bio, ptr, (size_t) num);
+ break;
+
+ case BIO_C_NWRITE0:
+ /* prepare for non-copying write */
+ ret = (long) bio_nwrite0(bio, ptr);
+ break;
+
+ case BIO_C_NWRITE:
+ /* non-copying write */
+ ret = (long) bio_nwrite(bio, ptr, (size_t) num);
+ break;
+
+
+ /* standard CTRL codes follow */
+
+ case BIO_CTRL_RESET:
+ if (b->buf != NULL)
+ {
+ b->len = 0;
+ b->offset = 0;
+ }
+ ret = 0;
+ break;
+
+ case BIO_CTRL_GET_CLOSE:
+ ret = bio->shutdown;
+ break;
+
+ case BIO_CTRL_SET_CLOSE:
+ bio->shutdown = (int) num;
+ ret = 1;
+ break;
+
+ case BIO_CTRL_PENDING:
+ if (b->peer != NULL)
+ {
+ struct bio_bio_st *peer_b = b->peer->ptr;
+
+ ret = (long) peer_b->len;
+ }
+ else
+ ret = 0;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ if (b->buf != NULL)
+ ret = (long) b->len;
+ else
+ ret = 0;
+ break;
+
+ case BIO_CTRL_DUP:
+ /* See BIO_dup_chain for circumstances we have to expect. */
+ {
+ BIO *other_bio = ptr;
+ struct bio_bio_st *other_b;
+
+ assert(other_bio != NULL);
+ other_b = other_bio->ptr;
+ assert(other_b != NULL);
+
+ assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+ other_b->size = b->size;
+ }
+
+ ret = 1;
+ break;
+
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+
+ case BIO_CTRL_EOF:
+ {
+ BIO *other_bio = ptr;
+
+ if (other_bio)
+ {
+ struct bio_bio_st *other_b = other_bio->ptr;
+
+ assert(other_b != NULL);
+ ret = other_b->len == 0 && other_b->closed;
+ }
+ else
+ ret = 1;
+ }
+ break;
+
+ default:
+ ret = 0;
+ }
+ return ret;
+ }
+
+static int bio_puts(BIO *bio, const char *str)
+ {
+ return bio_write(bio, str, strlen(str));
+ }
+
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+ {
+ struct bio_bio_st *b1, *b2;
+
+ assert(bio1 != NULL);
+ assert(bio2 != NULL);
+
+ b1 = bio1->ptr;
+ b2 = bio2->ptr;
+
+ if (b1->peer != NULL || b2->peer != NULL)
+ {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+ return 0;
+ }
+
+ if (b1->buf == NULL)
+ {
+ b1->buf = OPENSSL_malloc(b1->size);
+ if (b1->buf == NULL)
+ {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ b1->len = 0;
+ b1->offset = 0;
+ }
+
+ if (b2->buf == NULL)
+ {
+ b2->buf = OPENSSL_malloc(b2->size);
+ if (b2->buf == NULL)
+ {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ b2->len = 0;
+ b2->offset = 0;
+ }
+
+ b1->peer = bio2;
+ b1->closed = 0;
+ b1->request = 0;
+ b2->peer = bio1;
+ b2->closed = 0;
+ b2->request = 0;
+
+ bio1->init = 1;
+ bio2->init = 1;
+
+ return 1;
+ }
+
+static void bio_destroy_pair(BIO *bio)
+ {
+ struct bio_bio_st *b = bio->ptr;
+
+ if (b != NULL)
+ {
+ BIO *peer_bio = b->peer;
+
+ if (peer_bio != NULL)
+ {
+ struct bio_bio_st *peer_b = peer_bio->ptr;
+
+ assert(peer_b != NULL);
+ assert(peer_b->peer == bio);
+
+ peer_b->peer = NULL;
+ peer_bio->init = 0;
+ assert(peer_b->buf != NULL);
+ peer_b->len = 0;
+ peer_b->offset = 0;
+
+ b->peer = NULL;
+ bio->init = 0;
+ assert(b->buf != NULL);
+ b->len = 0;
+ b->offset = 0;
+ }
+ }
+ }
+
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+ BIO **bio2_p, size_t writebuf2)
+ {
+ BIO *bio1 = NULL, *bio2 = NULL;
+ long r;
+ int ret = 0;
+
+ bio1 = BIO_new(BIO_s_bio());
+ if (bio1 == NULL)
+ goto err;
+ bio2 = BIO_new(BIO_s_bio());
+ if (bio2 == NULL)
+ goto err;
+
+ if (writebuf1)
+ {
+ r = BIO_set_write_buf_size(bio1, writebuf1);
+ if (!r)
+ goto err;
+ }
+ if (writebuf2)
+ {
+ r = BIO_set_write_buf_size(bio2, writebuf2);
+ if (!r)
+ goto err;
+ }
+
+ r = BIO_make_bio_pair(bio1, bio2);
+ if (!r)
+ goto err;
+ ret = 1;
+
+ err:
+ if (ret == 0)
+ {
+ if (bio1)
+ {
+ BIO_free(bio1);
+ bio1 = NULL;
+ }
+ if (bio2)
+ {
+ BIO_free(bio2);
+ bio2 = NULL;
+ }
+ }
+
+ *bio1_p = bio1;
+ *bio2_p = bio2;
+ return ret;
+ }
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+ {
+ return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+ }
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+ {
+ return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+ }
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+ {
+ return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+ }
+
+
+/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+ {
+ long ret;
+
+ if (!bio->init)
+ {
+ BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+ if (ret > INT_MAX)
+ return INT_MAX;
+ else
+ return (int) ret;
+ }
+
+int BIO_nread(BIO *bio, char **buf, int num)
+ {
+ int ret;
+
+ if (!bio->init)
+ {
+ BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+ if (ret > 0)
+ bio->num_read += ret;
+ return ret;
+ }
+
+int BIO_nwrite0(BIO *bio, char **buf)
+ {
+ long ret;
+
+ if (!bio->init)
+ {
+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+ if (ret > INT_MAX)
+ return INT_MAX;
+ else
+ return (int) ret;
+ }
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+ {
+ int ret;
+
+ if (!bio->init)
+ {
+ BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+ if (ret > 0)
+ bio->num_write += ret;
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_conn.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_conn.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,652 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+
+typedef struct bio_connect_st
+ {
+ int state;
+
+ char *param_hostname;
+ char *param_port;
+ int nbio;
+
+ unsigned char ip[4];
+ unsigned short port;
+
+ struct sockaddr_in them;
+
+ /* int socket; this will be kept in bio->num so that it is
+ * compatible with the bss_sock bio */
+
+ /* called when the connection is initially made
+ * callback(BIO,state,ret); The callback should return
+ * 'ret'. state is for compatibility with the ssl info_callback */
+ int (*info_callback)(const BIO *bio,int state,int ret);
+ } BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void );
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+static BIO_METHOD methods_connectp=
+ {
+ BIO_TYPE_CONNECT,
+ "socket connect",
+ conn_write,
+ conn_read,
+ conn_puts,
+ NULL, /* connect_gets, */
+ conn_ctrl,
+ conn_new,
+ conn_free,
+ conn_callback_ctrl,
+ };
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+ {
+ int ret= -1,i;
+ unsigned long l;
+ char *p,*q;
+ int (*cb)(const BIO *,int,int)=NULL;
+
+ if (c->info_callback != NULL)
+ cb=c->info_callback;
+
+ for (;;)
+ {
+ switch (c->state)
+ {
+ case BIO_CONN_S_BEFORE:
+ p=c->param_hostname;
+ if (p == NULL)
+ {
+ BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
+ goto exit_loop;
+ }
+ for ( ; *p != '\0'; p++)
+ {
+ if ((*p == ':') || (*p == '/')) break;
+ }
+
+ i= *p;
+ if ((i == ':') || (i == '/'))
+ {
+
+ *(p++)='\0';
+ if (i == ':')
+ {
+ for (q=p; *q; q++)
+ if (*q == '/')
+ {
+ *q='\0';
+ break;
+ }
+ if (c->param_port != NULL)
+ OPENSSL_free(c->param_port);
+ c->param_port=BUF_strdup(p);
+ }
+ }
+
+ if (c->param_port == NULL)
+ {
+ BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+ ERR_add_error_data(2,"host=",c->param_hostname);
+ goto exit_loop;
+ }
+ c->state=BIO_CONN_S_GET_IP;
+ break;
+
+ case BIO_CONN_S_GET_IP:
+ if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+ goto exit_loop;
+ c->state=BIO_CONN_S_GET_PORT;
+ break;
+
+ case BIO_CONN_S_GET_PORT:
+ if (c->param_port == NULL)
+ {
+ /* abort(); */
+ goto exit_loop;
+ }
+ else if (BIO_get_port(c->param_port,&c->port) <= 0)
+ goto exit_loop;
+ c->state=BIO_CONN_S_CREATE_SOCKET;
+ break;
+
+ case BIO_CONN_S_CREATE_SOCKET:
+ /* now setup address */
+ memset((char *)&c->them,0,sizeof(c->them));
+ c->them.sin_family=AF_INET;
+ c->them.sin_port=htons((unsigned short)c->port);
+ l=(unsigned long)
+ ((unsigned long)c->ip[0]<<24L)|
+ ((unsigned long)c->ip[1]<<16L)|
+ ((unsigned long)c->ip[2]<< 8L)|
+ ((unsigned long)c->ip[3]);
+ c->them.sin_addr.s_addr=htonl(l);
+ c->state=BIO_CONN_S_CREATE_SOCKET;
+
+ ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ if (ret == INVALID_SOCKET)
+ {
+ SYSerr(SYS_F_SOCKET,get_last_socket_error());
+ ERR_add_error_data(4,"host=",c->param_hostname,
+ ":",c->param_port);
+ BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+ goto exit_loop;
+ }
+ b->num=ret;
+ c->state=BIO_CONN_S_NBIO;
+ break;
+
+ case BIO_CONN_S_NBIO:
+ if (c->nbio)
+ {
+ if (!BIO_socket_nbio(b->num,1))
+ {
+ BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+ ERR_add_error_data(4,"host=",
+ c->param_hostname,
+ ":",c->param_port);
+ goto exit_loop;
+ }
+ }
+ c->state=BIO_CONN_S_CONNECT;
+
+#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+ i=1;
+ i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0)
+ {
+ SYSerr(SYS_F_SOCKET,get_last_socket_error());
+ ERR_add_error_data(4,"host=",c->param_hostname,
+ ":",c->param_port);
+ BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
+ goto exit_loop;
+ }
+#endif
+ break;
+
+ case BIO_CONN_S_CONNECT:
+ BIO_clear_retry_flags(b);
+ ret=connect(b->num,
+ (struct sockaddr *)&c->them,
+ sizeof(c->them));
+ b->retry_reason=0;
+ if (ret < 0)
+ {
+ if (BIO_sock_should_retry(ret))
+ {
+ BIO_set_retry_special(b);
+ c->state=BIO_CONN_S_BLOCKED_CONNECT;
+ b->retry_reason=BIO_RR_CONNECT;
+ }
+ else
+ {
+ SYSerr(SYS_F_CONNECT,get_last_socket_error());
+ ERR_add_error_data(4,"host=",
+ c->param_hostname,
+ ":",c->param_port);
+ BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+ }
+ goto exit_loop;
+ }
+ else
+ c->state=BIO_CONN_S_OK;
+ break;
+
+ case BIO_CONN_S_BLOCKED_CONNECT:
+ i=BIO_sock_error(b->num);
+ if (i)
+ {
+ BIO_clear_retry_flags(b);
+ SYSerr(SYS_F_CONNECT,i);
+ ERR_add_error_data(4,"host=",
+ c->param_hostname,
+ ":",c->param_port);
+ BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+ ret=0;
+ goto exit_loop;
+ }
+ else
+ c->state=BIO_CONN_S_OK;
+ break;
+
+ case BIO_CONN_S_OK:
+ ret=1;
+ goto exit_loop;
+ default:
+ /* abort(); */
+ goto exit_loop;
+ }
+
+ if (cb != NULL)
+ {
+ if (!(ret=cb((BIO *)b,c->state,ret)))
+ goto end;
+ }
+ }
+
+ /* Loop does not exit */
+exit_loop:
+ if (cb != NULL)
+ ret=cb((BIO *)b,c->state,ret);
+end:
+ return(ret);
+ }
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+ {
+ BIO_CONNECT *ret;
+
+ if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
+ return(NULL);
+ ret->state=BIO_CONN_S_BEFORE;
+ ret->param_hostname=NULL;
+ ret->param_port=NULL;
+ ret->info_callback=NULL;
+ ret->nbio=0;
+ ret->ip[0]=0;
+ ret->ip[1]=0;
+ ret->ip[2]=0;
+ ret->ip[3]=0;
+ ret->port=0;
+ memset((char *)&ret->them,0,sizeof(ret->them));
+ return(ret);
+ }
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+ {
+ if(a == NULL)
+ return;
+
+ if (a->param_hostname != NULL)
+ OPENSSL_free(a->param_hostname);
+ if (a->param_port != NULL)
+ OPENSSL_free(a->param_port);
+ OPENSSL_free(a);
+ }
+
+BIO_METHOD *BIO_s_connect(void)
+ {
+ return(&methods_connectp);
+ }
+
+static int conn_new(BIO *bi)
+ {
+ bi->init=0;
+ bi->num=INVALID_SOCKET;
+ bi->flags=0;
+ if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
+ return(0);
+ else
+ return(1);
+ }
+
+static void conn_close_socket(BIO *bio)
+ {
+ BIO_CONNECT *c;
+
+ c=(BIO_CONNECT *)bio->ptr;
+ if (bio->num != INVALID_SOCKET)
+ {
+ /* Only do a shutdown if things were established */
+ if (c->state == BIO_CONN_S_OK)
+ shutdown(bio->num,2);
+ closesocket(bio->num);
+ bio->num=INVALID_SOCKET;
+ }
+ }
+
+static int conn_free(BIO *a)
+ {
+ BIO_CONNECT *data;
+
+ if (a == NULL) return(0);
+ data=(BIO_CONNECT *)a->ptr;
+
+ if (a->shutdown)
+ {
+ conn_close_socket(a);
+ BIO_CONNECT_free(data);
+ a->ptr=NULL;
+ a->flags=0;
+ a->init=0;
+ }
+ return(1);
+ }
+
+static int conn_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+ BIO_CONNECT *data;
+
+ data=(BIO_CONNECT *)b->ptr;
+ if (data->state != BIO_CONN_S_OK)
+ {
+ ret=conn_state(b,data);
+ if (ret <= 0)
+ return(ret);
+ }
+
+ if (out != NULL)
+ {
+ clear_socket_error();
+ ret=readsocket(b->num,out,outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return(ret);
+ }
+
+static int conn_write(BIO *b, const char *in, int inl)
+ {
+ int ret;
+ BIO_CONNECT *data;
+
+ data=(BIO_CONNECT *)b->ptr;
+ if (data->state != BIO_CONN_S_OK)
+ {
+ ret=conn_state(b,data);
+ if (ret <= 0) return(ret);
+ }
+
+ clear_socket_error();
+ ret=writesocket(b->num,in,inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return(ret);
+ }
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ BIO *dbio;
+ int *ip;
+ const char **pptr;
+ long ret=1;
+ BIO_CONNECT *data;
+
+ data=(BIO_CONNECT *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ ret=0;
+ data->state=BIO_CONN_S_BEFORE;
+ conn_close_socket(b);
+ b->flags=0;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ /* use this one to start the connection */
+ if (data->state != BIO_CONN_S_OK)
+ ret=(long)conn_state(b,data);
+ else
+ ret=1;
+ break;
+ case BIO_C_GET_CONNECT:
+ if (ptr != NULL)
+ {
+ pptr=(const char **)ptr;
+ if (num == 0)
+ {
+ *pptr=data->param_hostname;
+
+ }
+ else if (num == 1)
+ {
+ *pptr=data->param_port;
+ }
+ else if (num == 2)
+ {
+ *pptr= (char *)&(data->ip[0]);
+ }
+ else if (num == 3)
+ {
+ *((int *)ptr)=data->port;
+ }
+ if ((!b->init) || (ptr == NULL))
+ *pptr="not initialized";
+ ret=1;
+ }
+ break;
+ case BIO_C_SET_CONNECT:
+ if (ptr != NULL)
+ {
+ b->init=1;
+ if (num == 0)
+ {
+ if (data->param_hostname != NULL)
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname=BUF_strdup(ptr);
+ }
+ else if (num == 1)
+ {
+ if (data->param_port != NULL)
+ OPENSSL_free(data->param_port);
+ data->param_port=BUF_strdup(ptr);
+ }
+ else if (num == 2)
+ {
+ char buf[16];
+ unsigned char *p = ptr;
+
+ BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
+ p[0],p[1],p[2],p[3]);
+ if (data->param_hostname != NULL)
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname=BUF_strdup(buf);
+ memcpy(&(data->ip[0]),ptr,4);
+ }
+ else if (num == 3)
+ {
+ char buf[DECIMAL_SIZE(int)+1];
+
+ BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
+ if (data->param_port != NULL)
+ OPENSSL_free(data->param_port);
+ data->param_port=BUF_strdup(buf);
+ data->port= *(int *)ptr;
+ }
+ }
+ break;
+ case BIO_C_SET_NBIO:
+ data->nbio=(int)num;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init)
+ {
+ ip=(int *)ptr;
+ if (ip != NULL)
+ *ip=b->num;
+ ret=b->num;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret=0;
+ break;
+ case BIO_CTRL_FLUSH:
+ break;
+ case BIO_CTRL_DUP:
+ {
+ dbio=(BIO *)ptr;
+ if (data->param_port)
+ BIO_set_conn_port(dbio,data->param_port);
+ if (data->param_hostname)
+ BIO_set_conn_hostname(dbio,data->param_hostname);
+ BIO_set_nbio(dbio,data->nbio);
+ /* FIXME: the cast of the function seems unlikely to be a good idea */
+ (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
+ }
+ break;
+ case BIO_CTRL_SET_CALLBACK:
+ {
+#if 0 /* FIXME: Should this be used? -- Richard Levitte */
+ BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ret = -1;
+#else
+ ret=0;
+#endif
+ }
+ break;
+ case BIO_CTRL_GET_CALLBACK:
+ {
+ int (**fptr)(const BIO *bio,int state,int xret);
+
+ fptr=(int (**)(const BIO *bio,int state,int xret))ptr;
+ *fptr=data->info_callback;
+ }
+ break;
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ long ret=1;
+ BIO_CONNECT *data;
+
+ data=(BIO_CONNECT *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_SET_CALLBACK:
+ {
+ data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
+ }
+ break;
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int conn_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=conn_write(bp,str,n);
+ return(ret);
+ }
+
+BIO *BIO_new_connect(char *str)
+ {
+ BIO *ret;
+
+ ret=BIO_new(BIO_s_connect());
+ if (ret == NULL) return(NULL);
+ if (BIO_set_conn_hostname(ret,str))
+ return(ret);
+ else
+ {
+ BIO_free(ret);
+ return(NULL);
+ }
+ }
+
+#endif
+
Added: vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,748 @@
+/* crypto/bio/bio_dgram.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+#include <sys/timeb.h>
+#endif
+
+#ifdef OPENSSL_SYS_LINUX
+#define IP_MTU 14 /* linux is lame */
+#endif
+
+#ifdef WATT32
+#define sock_write SockWrite /* Watt-32 uses same names */
+#define sock_read SockRead
+#define sock_puts SockPuts
+#endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static BIO_METHOD methods_dgramp=
+ {
+ BIO_TYPE_DGRAM,
+ "datagram socket",
+ dgram_write,
+ dgram_read,
+ dgram_puts,
+ NULL, /* dgram_gets, */
+ dgram_ctrl,
+ dgram_new,
+ dgram_free,
+ NULL,
+ };
+
+typedef struct bio_dgram_data_st
+ {
+ struct sockaddr peer;
+ unsigned int connected;
+ unsigned int _errno;
+ unsigned int mtu;
+ struct timeval next_timeout;
+ struct timeval socket_timeout;
+ } bio_dgram_data;
+
+BIO_METHOD *BIO_s_datagram(void)
+ {
+ return(&methods_dgramp);
+ }
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+ {
+ BIO *ret;
+
+ ret=BIO_new(BIO_s_datagram());
+ if (ret == NULL) return(NULL);
+ BIO_set_fd(ret,fd,close_flag);
+ return(ret);
+ }
+
+static int dgram_new(BIO *bi)
+ {
+ bio_dgram_data *data = NULL;
+
+ bi->init=0;
+ bi->num=0;
+ data = OPENSSL_malloc(sizeof(bio_dgram_data));
+ if (data == NULL)
+ return 0;
+ memset(data, 0x00, sizeof(bio_dgram_data));
+ bi->ptr = data;
+
+ bi->flags=0;
+ return(1);
+ }
+
+static int dgram_free(BIO *a)
+ {
+ bio_dgram_data *data;
+
+ if (a == NULL) return(0);
+ if ( ! dgram_clear(a))
+ return 0;
+
+ data = (bio_dgram_data *)a->ptr;
+ if(data != NULL) OPENSSL_free(data);
+
+ return(1);
+ }
+
+static int dgram_clear(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if (a->init)
+ {
+ SHUTDOWN2(a->num);
+ }
+ a->init=0;
+ a->flags=0;
+ }
+ return(1);
+ }
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+ {
+#if defined(SO_RCVTIMEO)
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ int sz = sizeof(int);
+
+ /* Is a timer active? */
+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+ {
+ struct timeval timenow, timeleft;
+
+ /* Read current socket timeout */
+#ifdef OPENSSL_SYS_WINDOWS
+ int timeout;
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void*)&timeout, &sz) < 0)
+ { perror("getsockopt"); }
+ else
+ {
+ data->socket_timeout.tv_sec = timeout / 1000;
+ data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+ }
+#else
+ if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ &(data->socket_timeout), (void *)&sz) < 0)
+ { perror("getsockopt"); }
+#endif
+
+ /* Get current time */
+ get_current_time(&timenow);
+
+ /* Calculate time left until timer expires */
+ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+ timeleft.tv_sec -= timenow.tv_sec;
+ timeleft.tv_usec -= timenow.tv_usec;
+ if (timeleft.tv_usec < 0)
+ {
+ timeleft.tv_sec--;
+ timeleft.tv_usec += 1000000;
+ }
+
+ if (timeleft.tv_sec < 0)
+ {
+ timeleft.tv_sec = 0;
+ timeleft.tv_usec = 1;
+ }
+
+ /* Adjust socket timeout if next handhake message timer
+ * will expire earlier.
+ */
+ if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
+ (data->socket_timeout.tv_sec > timeleft.tv_sec) ||
+ (data->socket_timeout.tv_sec == timeleft.tv_sec &&
+ data->socket_timeout.tv_usec >= timeleft.tv_usec))
+ {
+#ifdef OPENSSL_SYS_WINDOWS
+ timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void*)&timeout, sizeof(timeout)) < 0)
+ { perror("setsockopt"); }
+#else
+ if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+ sizeof(struct timeval)) < 0)
+ { perror("setsockopt"); }
+#endif
+ }
+ }
+#endif
+ }
+
+static void dgram_reset_rcv_timeout(BIO *b)
+ {
+#if defined(SO_RCVTIMEO)
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+ /* Is a timer active? */
+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+ {
+#ifdef OPENSSL_SYS_WINDOWS
+ int timeout = data->socket_timeout.tv_sec * 1000 +
+ data->socket_timeout.tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void*)&timeout, sizeof(timeout)) < 0)
+ { perror("setsockopt"); }
+#else
+ if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+ sizeof(struct timeval)) < 0)
+ { perror("setsockopt"); }
+#endif
+ }
+#endif
+ }
+
+static int dgram_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+ struct sockaddr peer;
+ int peerlen = sizeof(peer);
+
+ if (out != NULL)
+ {
+ clear_socket_error();
+ memset(&peer, 0x00, peerlen);
+ /* Last arg in recvfrom is signed on some platforms and
+ * unsigned on others. It is of type socklen_t on some
+ * but this is not universal. Cast to (void *) to avoid
+ * compiler warnings.
+ */
+ dgram_adjust_rcv_timeout(b);
+ ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+
+ if ( ! data->connected && ret >= 0)
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+ BIO_clear_retry_flags(b);
+ if (ret < 0)
+ {
+ if (BIO_dgram_should_retry(ret))
+ {
+ BIO_set_retry_read(b);
+ data->_errno = get_last_socket_error();
+ }
+ }
+
+ dgram_reset_rcv_timeout(b);
+ }
+ return(ret);
+ }
+
+static int dgram_write(BIO *b, const char *in, int inl)
+ {
+ int ret;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ clear_socket_error();
+
+ if ( data->connected )
+ ret=writesocket(b->num,in,inl);
+ else
+#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
+#else
+ ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+#endif
+
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_dgram_should_retry(ret))
+ {
+ BIO_set_retry_write(b);
+ data->_errno = get_last_socket_error();
+
+#if 0 /* higher layers are responsible for querying MTU, if necessary */
+ if ( data->_errno == EMSGSIZE)
+ /* retrieve the new MTU */
+ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+#endif
+ }
+ }
+ return(ret);
+ }
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+ int *ip;
+ struct sockaddr *to = NULL;
+ bio_dgram_data *data = NULL;
+#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
+ long sockopt_val = 0;
+ unsigned int sockopt_len = 0;
+#endif
+#ifdef OPENSSL_SYS_LINUX
+ socklen_t addr_len;
+ struct sockaddr_storage addr;
+#endif
+
+ data = (bio_dgram_data *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ num=0;
+ case BIO_C_FILE_SEEK:
+ ret=0;
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ ret=0;
+ break;
+ case BIO_C_SET_FD:
+ dgram_clear(b);
+ b->num= *((int *)ptr);
+ b->shutdown=(int)num;
+ b->init=1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init)
+ {
+ ip=(int *)ptr;
+ if (ip != NULL) *ip=b->num;
+ ret=b->num;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret=0;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret=1;
+ break;
+ case BIO_CTRL_DGRAM_CONNECT:
+ to = (struct sockaddr *)ptr;
+#if 0
+ if (connect(b->num, to, sizeof(struct sockaddr)) < 0)
+ { perror("connect"); ret = 0; }
+ else
+ {
+#endif
+ memcpy(&(data->peer),to, sizeof(struct sockaddr));
+#if 0
+ }
+#endif
+ break;
+ /* (Linux)kernel sets DF bit on outgoing IP packets */
+ case BIO_CTRL_DGRAM_MTU_DISCOVER:
+#ifdef OPENSSL_SYS_LINUX
+ addr_len = (socklen_t)sizeof(struct sockaddr_storage);
+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
+ {
+ ret = 0;
+ break;
+ }
+ sockopt_len = sizeof(sockopt_val);
+ switch (addr.ss_family)
+ {
+ case AF_INET:
+ sockopt_val = IP_PMTUDISC_DO;
+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ perror("setsockopt");
+ break;
+ case AF_INET6:
+ sockopt_val = IPV6_PMTUDISC_DO;
+ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ perror("setsockopt");
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+ ret = -1;
+#else
+ break;
+#endif
+ case BIO_CTRL_DGRAM_QUERY_MTU:
+#ifdef OPENSSL_SYS_LINUX
+ addr_len = (socklen_t)sizeof(struct sockaddr_storage);
+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
+ {
+ ret = 0;
+ break;
+ }
+ sockopt_len = sizeof(sockopt_val);
+ switch (addr.ss_family)
+ {
+ case AF_INET:
+ if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+ &sockopt_len)) < 0 || sockopt_val < 0)
+ {
+ ret = 0;
+ }
+ else
+ {
+ /* we assume that the transport protocol is UDP and no
+ * IP options are used.
+ */
+ data->mtu = sockopt_val - 8 - 20;
+ ret = data->mtu;
+ }
+ break;
+ case AF_INET6:
+ if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
+ &sockopt_len)) < 0 || sockopt_val < 0)
+ {
+ ret = 0;
+ }
+ else
+ {
+ /* we assume that the transport protocol is UDP and no
+ * IPV6 options are used.
+ */
+ data->mtu = sockopt_val - 8 - 40;
+ ret = data->mtu;
+ }
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+#else
+ ret = 0;
+#endif
+ break;
+ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = 576 - 20 - 8;
+ break;
+ case BIO_CTRL_DGRAM_GET_MTU:
+ return data->mtu;
+ break;
+ case BIO_CTRL_DGRAM_SET_MTU:
+ data->mtu = num;
+ ret = num;
+ break;
+ case BIO_CTRL_DGRAM_SET_CONNECTED:
+ to = (struct sockaddr *)ptr;
+
+ if ( to != NULL)
+ {
+ data->connected = 1;
+ memcpy(&(data->peer),to, sizeof(struct sockaddr));
+ }
+ else
+ {
+ data->connected = 0;
+ memset(&(data->peer), 0x00, sizeof(struct sockaddr));
+ }
+ break;
+ case BIO_CTRL_DGRAM_GET_PEER:
+ to = (struct sockaddr *) ptr;
+
+ memcpy(to, &(data->peer), sizeof(struct sockaddr));
+ ret = sizeof(struct sockaddr);
+ break;
+ case BIO_CTRL_DGRAM_SET_PEER:
+ to = (struct sockaddr *) ptr;
+
+ memcpy(&(data->peer), to, sizeof(struct sockaddr));
+ break;
+ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+ memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+ break;
+#if defined(SO_RCVTIMEO)
+ case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void*)&timeout, sizeof(timeout)) < 0)
+ { perror("setsockopt"); ret = -1; }
+ }
+#else
+ if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+ sizeof(struct timeval)) < 0)
+ { perror("setsockopt"); ret = -1; }
+#endif
+ break;
+ case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+ {
+ int timeout, sz = sizeof(timeout);
+ struct timeval *tv = (struct timeval *)ptr;
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void*)&timeout, &sz) < 0)
+ { perror("getsockopt"); ret = -1; }
+ else
+ {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+ }
+#else
+ if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ ptr, (void *)&ret) < 0)
+ { perror("getsockopt"); ret = -1; }
+#endif
+ break;
+#endif
+#if defined(SO_SNDTIMEO)
+ case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void*)&timeout, sizeof(timeout)) < 0)
+ { perror("setsockopt"); ret = -1; }
+ }
+#else
+ if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+ sizeof(struct timeval)) < 0)
+ { perror("setsockopt"); ret = -1; }
+#endif
+ break;
+ case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+ {
+ int timeout, sz = sizeof(timeout);
+ struct timeval *tv = (struct timeval *)ptr;
+ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void*)&timeout, &sz) < 0)
+ { perror("getsockopt"); ret = -1; }
+ else
+ {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+ }
+#else
+ if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ ptr, (void *)&ret) < 0)
+ { perror("getsockopt"); ret = -1; }
+#endif
+ break;
+#endif
+ case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+ /* fall-through */
+ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+#ifdef OPENSSL_SYS_WINDOWS
+ if ( data->_errno == WSAETIMEDOUT)
+#else
+ if ( data->_errno == EAGAIN)
+#endif
+ {
+ ret = 1;
+ data->_errno = 0;
+ }
+ else
+ ret = 0;
+ break;
+#ifdef EMSGSIZE
+ case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+ if ( data->_errno == EMSGSIZE)
+ {
+ ret = 1;
+ data->_errno = 0;
+ }
+ else
+ ret = 0;
+ break;
+#endif
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int dgram_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=dgram_write(bp,str,n);
+ return(ret);
+ }
+
+static int BIO_dgram_should_retry(int i)
+ {
+ int err;
+
+ if ((i == 0) || (i == -1))
+ {
+ err=get_last_socket_error();
+
+#if defined(OPENSSL_SYS_WINDOWS)
+ /* If the socket return value (i) is -1
+ * and err is unexpectedly 0 at this point,
+ * the error code was overwritten by
+ * another system call before this error
+ * handling is called.
+ */
+#endif
+
+ return(BIO_dgram_non_fatal_error(err));
+ }
+ return(0);
+ }
+
+int BIO_dgram_non_fatal_error(int err)
+ {
+ switch (err)
+ {
+#if defined(OPENSSL_SYS_WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+ case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+# if defined(WSAENOTCONN)
+ case WSAENOTCONN:
+# endif
+# endif
+#endif
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+#endif
+
+#ifdef EINTR
+ case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+ case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+ case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+ case EALREADY:
+#endif
+
+ return(1);
+ /* break; */
+ default:
+ break;
+ }
+ return(0);
+ }
+
+static void get_current_time(struct timeval *t)
+ {
+#ifdef OPENSSL_SYS_WIN32
+ struct _timeb tb;
+ _ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+ struct timeb tb;
+ ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+#else
+ gettimeofday(t, NULL);
+#endif
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bio/bss_fd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_fd.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_fd.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,294 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+/*
+ * As for unconditional usage of "UPLINK" interface in this module.
+ * Trouble is that unlike Unix file descriptors [which are indexes
+ * in kernel-side per-process table], corresponding descriptors on
+ * platforms which require "UPLINK" interface seem to be indexes
+ * in a user-land, non-global table. Well, in fact they are indexes
+ * in stdio _iob[], and recall that _iob[] was the very reason why
+ * "UPLINK" interface was introduced in first place. But one way on
+ * another. Neither libcrypto or libssl use this BIO meaning that
+ * file descriptors can only be provided by application. Therefore
+ * "UPLINK" calls are due...
+ */
+#include "bio_lcl.h"
+
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static BIO_METHOD methods_fdp=
+ {
+ BIO_TYPE_FD,"file descriptor",
+ fd_write,
+ fd_read,
+ fd_puts,
+ NULL, /* fd_gets, */
+ fd_ctrl,
+ fd_new,
+ fd_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_fd(void)
+ {
+ return(&methods_fdp);
+ }
+
+BIO *BIO_new_fd(int fd,int close_flag)
+ {
+ BIO *ret;
+ ret=BIO_new(BIO_s_fd());
+ if (ret == NULL) return(NULL);
+ BIO_set_fd(ret,fd,close_flag);
+ return(ret);
+ }
+
+static int fd_new(BIO *bi)
+ {
+ bi->init=0;
+ bi->num=-1;
+ bi->ptr=NULL;
+ bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */
+ return(1);
+ }
+
+static int fd_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if (a->init)
+ {
+ UP_close(a->num);
+ }
+ a->init=0;
+ a->flags=BIO_FLAGS_UPLINK;
+ }
+ return(1);
+ }
+
+static int fd_read(BIO *b, char *out,int outl)
+ {
+ int ret=0;
+
+ if (out != NULL)
+ {
+ clear_sys_error();
+ ret=UP_read(b->num,out,outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_fd_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return(ret);
+ }
+
+static int fd_write(BIO *b, const char *in, int inl)
+ {
+ int ret;
+ clear_sys_error();
+ ret=UP_write(b->num,in,inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_fd_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return(ret);
+ }
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+ int *ip;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ num=0;
+ case BIO_C_FILE_SEEK:
+ ret=(long)UP_lseek(b->num,num,0);
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ ret=(long)UP_lseek(b->num,0,1);
+ break;
+ case BIO_C_SET_FD:
+ fd_free(b);
+ b->num= *((int *)ptr);
+ b->shutdown=(int)num;
+ b->init=1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init)
+ {
+ ip=(int *)ptr;
+ if (ip != NULL) *ip=b->num;
+ ret=b->num;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret=0;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret=1;
+ break;
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int fd_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=fd_write(bp,str,n);
+ return(ret);
+ }
+
+int BIO_fd_should_retry(int i)
+ {
+ int err;
+
+ if ((i == 0) || (i == -1))
+ {
+ err=get_last_sys_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+ if ((i == -1) && (err == 0))
+ return(1);
+#endif
+
+ return(BIO_fd_non_fatal_error(err));
+ }
+ return(0);
+ }
+
+int BIO_fd_non_fatal_error(int err)
+ {
+ switch (err)
+ {
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+ case ENOTCONN:
+#endif
+
+#ifdef EINTR
+ case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+ case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+ case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+ case EALREADY:
+#endif
+ return(1);
+ /* break; */
+ default:
+ break;
+ }
+ return(0);
+ }
Added: vendor-crypto/openssl/dist/crypto/bio/bss_file.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_file.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_file.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,435 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * 03-Dec-1997 rdenny at dc3.com Fix bug preventing use of stdin/stdout
+ * with binary data (e.g. asn1parse -inform DER < xxx) under
+ * Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+#define HEADER_BSS_FILE_C
+
+#if defined(__linux) || defined(__sun) || defined(__hpux)
+/* Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access
+ * files larger than 2GB from 32-bit application. It does not allow to
+ * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
+ * 32-bit platform permits that, not with fseek/ftell. Not to mention
+ * that breaking 2GB limit for seeking would require surgery to *our*
+ * API. But sequential access suffices for practical cases when you
+ * can run into large files, such as fingerprinting, so we can let API
+ * alone. For reference, the list of 32-bit platforms which allow for
+ * sequential access of large files without extra "magic" comprise *BSD,
+ * Darwin, IRIX...
+ */
+#ifndef _FILE_OFFSET_BITS
+#define _FILE_OFFSET_BITS 64
+#endif
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio_lcl.h"
+#include <openssl/err.h>
+
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#include <nwfileio.h>
+#endif
+
+#if !defined(OPENSSL_NO_STDIO)
+
+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
+static int MS_CALLBACK file_puts(BIO *h, const char *str);
+static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+static BIO_METHOD methods_filep=
+ {
+ BIO_TYPE_FILE,
+ "FILE pointer",
+ file_write,
+ file_read,
+ file_puts,
+ file_gets,
+ file_ctrl,
+ file_new,
+ file_free,
+ NULL,
+ };
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+ {
+ BIO *ret;
+ FILE *file;
+
+ if ((file=fopen(filename,mode)) == NULL)
+ {
+ SYSerr(SYS_F_FOPEN,get_last_sys_error());
+ ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+ if (errno == ENOENT)
+ BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+ else
+ BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+ return(NULL);
+ }
+ if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+ {
+ fclose(file);
+ return(NULL);
+ }
+
+ BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
+ BIO_set_fp(ret,file,BIO_CLOSE);
+ return(ret);
+ }
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+ {
+ BIO *ret;
+
+ if ((ret=BIO_new(BIO_s_file())) == NULL)
+ return(NULL);
+
+ BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */
+ BIO_set_fp(ret,stream,close_flag);
+ return(ret);
+ }
+
+BIO_METHOD *BIO_s_file(void)
+ {
+ return(&methods_filep);
+ }
+
+static int MS_CALLBACK file_new(BIO *bi)
+ {
+ bi->init=0;
+ bi->num=0;
+ bi->ptr=NULL;
+ bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */
+ return(1);
+ }
+
+static int MS_CALLBACK file_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if ((a->init) && (a->ptr != NULL))
+ {
+ if (a->flags&BIO_FLAGS_UPLINK)
+ UP_fclose (a->ptr);
+ else
+ fclose (a->ptr);
+ a->ptr=NULL;
+ a->flags=BIO_FLAGS_UPLINK;
+ }
+ a->init=0;
+ }
+ return(1);
+ }
+
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+
+ if (b->init && (out != NULL))
+ {
+ if (b->flags&BIO_FLAGS_UPLINK)
+ ret=UP_fread(out,1,(int)outl,b->ptr);
+ else
+ ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+ if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))
+ {
+ SYSerr(SYS_F_FREAD,get_last_sys_error());
+ BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
+ ret=-1;
+ }
+ }
+ return(ret);
+ }
+
+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
+ {
+ int ret=0;
+
+ if (b->init && (in != NULL))
+ {
+ if (b->flags&BIO_FLAGS_UPLINK)
+ ret=UP_fwrite(in,(int)inl,1,b->ptr);
+ else
+ ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);
+ if (ret)
+ ret=inl;
+ /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+ /* according to Tim Hudson <tjh at cryptsoft.com>, the commented
+ * out version above can cause 'inl' write calls under
+ * some stupid stdio implementations (VMS) */
+ }
+ return(ret);
+ }
+
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+ FILE *fp=(FILE *)b->ptr;
+ FILE **fpp;
+ char p[4];
+
+ switch (cmd)
+ {
+ case BIO_C_FILE_SEEK:
+ case BIO_CTRL_RESET:
+ if (b->flags&BIO_FLAGS_UPLINK)
+ ret=(long)UP_fseek(b->ptr,num,0);
+ else
+ ret=(long)fseek(fp,num,0);
+ break;
+ case BIO_CTRL_EOF:
+ if (b->flags&BIO_FLAGS_UPLINK)
+ ret=(long)UP_feof(fp);
+ else
+ ret=(long)feof(fp);
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ if (b->flags&BIO_FLAGS_UPLINK)
+ ret=UP_ftell(b->ptr);
+ else
+ ret=ftell(fp);
+ break;
+ case BIO_C_SET_FILE_PTR:
+ file_free(b);
+ b->shutdown=(int)num&BIO_CLOSE;
+ b->ptr=ptr;
+ b->init=1;
+#if BIO_FLAGS_UPLINK!=0
+#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#define _IOB_ENTRIES 20
+#endif
+#if defined(_IOB_ENTRIES)
+ /* Safety net to catch purely internal BIO_set_fp calls */
+ if ((size_t)ptr >= (size_t)stdin &&
+ (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES))
+ BIO_clear_flags(b,BIO_FLAGS_UPLINK);
+#endif
+#endif
+#ifdef UP_fsetmod
+ if (b->flags&BIO_FLAGS_UPLINK)
+ UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
+ else
+#endif
+ {
+#if defined(OPENSSL_SYS_WINDOWS)
+ int fd = _fileno((FILE*)ptr);
+ if (num & BIO_FP_TEXT)
+ _setmode(fd,_O_TEXT);
+ else
+ _setmode(fd,_O_BINARY);
+#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+ int fd = fileno((FILE*)ptr);
+ /* Under CLib there are differences in file modes
+ */
+ if (num & BIO_FP_TEXT)
+ setmode(fd,O_TEXT);
+ else
+ setmode(fd,O_BINARY);
+#elif defined(OPENSSL_SYS_MSDOS)
+ int fd = fileno((FILE*)ptr);
+ /* Set correct text/binary mode */
+ if (num & BIO_FP_TEXT)
+ _setmode(fd,_O_TEXT);
+ /* Dangerous to set stdin/stdout to raw (unless redirected) */
+ else
+ {
+ if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
+ {
+ if (isatty(fd) <= 0)
+ _setmode(fd,_O_BINARY);
+ }
+ else
+ _setmode(fd,_O_BINARY);
+ }
+#elif defined(OPENSSL_SYS_OS2)
+ int fd = fileno((FILE*)ptr);
+ if (num & BIO_FP_TEXT)
+ setmode(fd, O_TEXT);
+ else
+ setmode(fd, O_BINARY);
+#endif
+ }
+ break;
+ case BIO_C_SET_FILENAME:
+ file_free(b);
+ b->shutdown=(int)num&BIO_CLOSE;
+ if (num & BIO_FP_APPEND)
+ {
+ if (num & BIO_FP_READ)
+ BUF_strlcpy(p,"a+",sizeof p);
+ else BUF_strlcpy(p,"a",sizeof p);
+ }
+ else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+ BUF_strlcpy(p,"r+",sizeof p);
+ else if (num & BIO_FP_WRITE)
+ BUF_strlcpy(p,"w",sizeof p);
+ else if (num & BIO_FP_READ)
+ BUF_strlcpy(p,"r",sizeof p);
+ else
+ {
+ BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+ ret=0;
+ break;
+ }
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p,"b");
+ else
+ strcat(p,"t");
+#endif
+#if defined(OPENSSL_SYS_NETWARE)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p,"b");
+ else
+ strcat(p,"t");
+#endif
+ fp=fopen(ptr,p);
+ if (fp == NULL)
+ {
+ SYSerr(SYS_F_FOPEN,get_last_sys_error());
+ ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
+ BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+ ret=0;
+ break;
+ }
+ b->ptr=fp;
+ b->init=1;
+ BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
+ break;
+ case BIO_C_GET_FILE_PTR:
+ /* the ptr parameter is actually a FILE ** in this case. */
+ if (ptr != NULL)
+ {
+ fpp=(FILE **)ptr;
+ *fpp=(FILE *)b->ptr;
+ }
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=(long)b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_FLUSH:
+ if (b->flags&BIO_FLAGS_UPLINK)
+ UP_fflush(b->ptr);
+ else
+ fflush((FILE *)b->ptr);
+ break;
+ case BIO_CTRL_DUP:
+ ret=1;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
+ {
+ int ret=0;
+
+ buf[0]='\0';
+ if (bp->flags&BIO_FLAGS_UPLINK)
+ {
+ if (!UP_fgets(buf,size,bp->ptr))
+ goto err;
+ }
+ else
+ {
+ if (!fgets(buf,size,(FILE *)bp->ptr))
+ goto err;
+ }
+ if (buf[0] != '\0')
+ ret=strlen(buf);
+ err:
+ return(ret);
+ }
+
+static int MS_CALLBACK file_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=file_write(bp,str,n);
+ return(ret);
+ }
+
+#endif /* OPENSSL_NO_STDIO */
+
+#endif /* HEADER_BSS_FILE_C */
+
+
Added: vendor-crypto/openssl/dist/crypto/bio/bss_log.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_log.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_log.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,402 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ Why BIO_s_log?
+
+ BIO_s_log is useful for system daemons (or services under NT).
+ It is one-way BIO, it sends all stuff to syslogd (on system that
+ commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
+
+*/
+
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+# include <process.h>
+#elif defined(OPENSSL_SYS_VMS)
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
+#elif defined(__ultrix)
+# include <sys/syslog.h>
+#elif defined(OPENSSL_SYS_NETWARE)
+# define NO_SYSLOG
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+# include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+#if defined(OPENSSL_SYS_WIN32)
+#define LOG_EMERG 0
+#define LOG_ALERT 1
+#define LOG_CRIT 2
+#define LOG_ERR 3
+#define LOG_WARNING 4
+#define LOG_NOTICE 5
+#define LOG_INFO 6
+#define LOG_DEBUG 7
+
+#define LOG_DAEMON (3<<3)
+#elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#define LOG_EMERG 0
+#define LOG_ALERT 1
+#define LOG_CRIT 2
+#define LOG_ERR 3
+#define LOG_WARNING 4
+#define LOG_NOTICE 5
+#define LOG_INFO 6
+#define LOG_DEBUG 7
+
+#define LOG_DAEMON OPC$M_NM_NTWORK
+#endif
+
+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK slg_puts(BIO *h, const char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static void xopenlog(BIO* bp, char* name, int level);
+static void xsyslog(BIO* bp, int priority, const char* string);
+static void xcloselog(BIO* bp);
+#ifdef OPENSSL_SYS_WIN32
+LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx;
+HANDLE (WINAPI *register_event_source)() = NULL;
+BOOL (WINAPI *deregister_event_source)() = NULL;
+BOOL (WINAPI *report_event)() = NULL;
+#define DL_PROC(m,f) (GetProcAddress( m, f ))
+#ifdef UNICODE
+#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+#else
+#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+#endif
+#endif
+
+static BIO_METHOD methods_slg=
+ {
+ BIO_TYPE_MEM,"syslog",
+ slg_write,
+ NULL,
+ slg_puts,
+ NULL,
+ slg_ctrl,
+ slg_new,
+ slg_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_log(void)
+ {
+ return(&methods_slg);
+ }
+
+static int MS_CALLBACK slg_new(BIO *bi)
+ {
+ bi->init=1;
+ bi->num=0;
+ bi->ptr=NULL;
+ xopenlog(bi, "application", LOG_DAEMON);
+ return(1);
+ }
+
+static int MS_CALLBACK slg_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ xcloselog(a);
+ return(1);
+ }
+
+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+ {
+ int ret= inl;
+ char* buf;
+ char* pp;
+ int priority, i;
+ static struct
+ {
+ int strl;
+ char str[10];
+ int log_level;
+ }
+ mapping[] =
+ {
+ { 6, "PANIC ", LOG_EMERG },
+ { 6, "EMERG ", LOG_EMERG },
+ { 4, "EMR ", LOG_EMERG },
+ { 6, "ALERT ", LOG_ALERT },
+ { 4, "ALR ", LOG_ALERT },
+ { 5, "CRIT ", LOG_CRIT },
+ { 4, "CRI ", LOG_CRIT },
+ { 6, "ERROR ", LOG_ERR },
+ { 4, "ERR ", LOG_ERR },
+ { 8, "WARNING ", LOG_WARNING },
+ { 5, "WARN ", LOG_WARNING },
+ { 4, "WAR ", LOG_WARNING },
+ { 7, "NOTICE ", LOG_NOTICE },
+ { 5, "NOTE ", LOG_NOTICE },
+ { 4, "NOT ", LOG_NOTICE },
+ { 5, "INFO ", LOG_INFO },
+ { 4, "INF ", LOG_INFO },
+ { 6, "DEBUG ", LOG_DEBUG },
+ { 4, "DBG ", LOG_DEBUG },
+ { 0, "", LOG_ERR } /* The default */
+ };
+
+ if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
+ return(0);
+ }
+ strncpy(buf, in, inl);
+ buf[inl]= '\0';
+
+ i = 0;
+ while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
+ priority = mapping[i].log_level;
+ pp = buf + mapping[i].strl;
+
+ xsyslog(b, priority, pp);
+
+ OPENSSL_free(buf);
+ return(ret);
+ }
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ switch (cmd)
+ {
+ case BIO_CTRL_SET:
+ xcloselog(b);
+ xopenlog(b, ptr, num);
+ break;
+ default:
+ break;
+ }
+ return(0);
+ }
+
+static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=slg_write(bp,str,n);
+ return(ret);
+ }
+
+#if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+ if ( !register_event_source )
+ {
+ HANDLE advapi;
+ if ( !(advapi = GetModuleHandle("advapi32")) )
+ return;
+ register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
+ "RegisterEventSource" );
+ deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
+ "DeregisterEventSource");
+ report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
+ "ReportEvent" );
+ if ( !(register_event_source && deregister_event_source &&
+ report_event) )
+ {
+ register_event_source = NULL;
+ deregister_event_source = NULL;
+ report_event = NULL;
+ return;
+ }
+ }
+ bp->ptr= (char *)register_event_source(NULL, name);
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ LPCSTR lpszStrings[2];
+ WORD evtype= EVENTLOG_ERROR_TYPE;
+ int pid = _getpid();
+ char pidbuf[DECIMAL_SIZE(pid)+4];
+
+ switch (priority)
+ {
+ case LOG_EMERG:
+ case LOG_ALERT:
+ case LOG_CRIT:
+ case LOG_ERR:
+ evtype = EVENTLOG_ERROR_TYPE;
+ break;
+ case LOG_WARNING:
+ evtype = EVENTLOG_WARNING_TYPE;
+ break;
+ case LOG_NOTICE:
+ case LOG_INFO:
+ case LOG_DEBUG:
+ evtype = EVENTLOG_INFORMATION_TYPE;
+ break;
+ default: /* Should never happen, but set it
+ as error anyway. */
+ evtype = EVENTLOG_ERROR_TYPE;
+ break;
+ }
+
+ sprintf(pidbuf, "[%d] ", pid);
+ lpszStrings[0] = pidbuf;
+ lpszStrings[1] = string;
+
+ if(report_event && bp->ptr)
+ report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
+ lpszStrings, NULL);
+}
+
+static void xcloselog(BIO* bp)
+{
+ if(deregister_event_source && bp->ptr)
+ deregister_event_source((HANDLE)(bp->ptr));
+ bp->ptr= NULL;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+ VMS_OPC_target = level;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ struct dsc$descriptor_s opc_dsc;
+ struct opcdef *opcdef_p;
+ char buf[10240];
+ unsigned int len;
+ struct dsc$descriptor_s buf_dsc;
+ $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+ char *priority_tag;
+
+ switch (priority)
+ {
+ case LOG_EMERG: priority_tag = "Emergency"; break;
+ case LOG_ALERT: priority_tag = "Alert"; break;
+ case LOG_CRIT: priority_tag = "Critical"; break;
+ case LOG_ERR: priority_tag = "Error"; break;
+ case LOG_WARNING: priority_tag = "Warning"; break;
+ case LOG_NOTICE: priority_tag = "Notice"; break;
+ case LOG_INFO: priority_tag = "Info"; break;
+ case LOG_DEBUG: priority_tag = "DEBUG"; break;
+ }
+
+ buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+ buf_dsc.dsc$a_pointer = buf;
+ buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+ lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+ /* we know there's an 8 byte header. That's documented */
+ opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+ opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+ memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+ opcdef_p->opc$l_ms_rqstid = 0;
+ memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+ opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+ opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+ opc_dsc.dsc$w_length = len + 8;
+
+ sys$sndopr(opc_dsc, 0);
+
+ OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO* bp)
+{
+}
+
+#else /* Unix/Watt32 */
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+#ifdef WATT32 /* djgpp/DOS */
+ openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
+#else
+ openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO* bp)
+{
+ closelog();
+}
+
+#endif /* Unix */
+
+#endif /* NO_SYSLOG */
Added: vendor-crypto/openssl/dist/crypto/bio/bss_mem.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_mem.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_mem.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,323 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+static BIO_METHOD mem_method=
+ {
+ BIO_TYPE_MEM,
+ "memory buffer",
+ mem_write,
+ mem_read,
+ mem_puts,
+ mem_gets,
+ mem_ctrl,
+ mem_new,
+ mem_free,
+ NULL,
+ };
+
+/* bio->num is used to hold the value to return on 'empty', if it is
+ * 0, should_retry is not set */
+
+BIO_METHOD *BIO_s_mem(void)
+ {
+ return(&mem_method);
+ }
+
+BIO *BIO_new_mem_buf(void *buf, int len)
+{
+ BIO *ret;
+ BUF_MEM *b;
+ if (!buf) {
+ BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
+ return NULL;
+ }
+ if(len == -1) len = strlen(buf);
+ if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
+ b = (BUF_MEM *)ret->ptr;
+ b->data = buf;
+ b->length = len;
+ b->max = len;
+ ret->flags |= BIO_FLAGS_MEM_RDONLY;
+ /* Since this is static data retrying wont help */
+ ret->num = 0;
+ return ret;
+}
+
+static int mem_new(BIO *bi)
+ {
+ BUF_MEM *b;
+
+ if ((b=BUF_MEM_new()) == NULL)
+ return(0);
+ bi->shutdown=1;
+ bi->init=1;
+ bi->num= -1;
+ bi->ptr=(char *)b;
+ return(1);
+ }
+
+static int mem_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if ((a->init) && (a->ptr != NULL))
+ {
+ BUF_MEM *b;
+ b = (BUF_MEM *)a->ptr;
+ if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
+ BUF_MEM_free(b);
+ a->ptr=NULL;
+ }
+ }
+ return(1);
+ }
+
+static int mem_read(BIO *b, char *out, int outl)
+ {
+ int ret= -1;
+ BUF_MEM *bm;
+ int i;
+ char *from,*to;
+
+ bm=(BUF_MEM *)b->ptr;
+ BIO_clear_retry_flags(b);
+ ret=(outl > bm->length)?bm->length:outl;
+ if ((out != NULL) && (ret > 0)) {
+ memcpy(out,bm->data,ret);
+ bm->length-=ret;
+ /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+ if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
+ else {
+ from=(char *)&(bm->data[ret]);
+ to=(char *)&(bm->data[0]);
+ for (i=0; i<bm->length; i++)
+ to[i]=from[i];
+ }
+ } else if (bm->length == 0)
+ {
+ ret = b->num;
+ if (ret != 0)
+ BIO_set_retry_read(b);
+ }
+ return(ret);
+ }
+
+static int mem_write(BIO *b, const char *in, int inl)
+ {
+ int ret= -1;
+ int blen;
+ BUF_MEM *bm;
+
+ bm=(BUF_MEM *)b->ptr;
+ if (in == NULL)
+ {
+ BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
+ goto end;
+ }
+
+ if(b->flags & BIO_FLAGS_MEM_RDONLY) {
+ BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
+ goto end;
+ }
+
+ BIO_clear_retry_flags(b);
+ blen=bm->length;
+ if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
+ goto end;
+ memcpy(&(bm->data[blen]),in,inl);
+ ret=inl;
+end:
+ return(ret);
+ }
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+ char **pptr;
+
+ BUF_MEM *bm=(BUF_MEM *)b->ptr;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ if (bm->data != NULL)
+ {
+ /* For read only case reset to the start again */
+ if(b->flags & BIO_FLAGS_MEM_RDONLY)
+ {
+ bm->data -= bm->max - bm->length;
+ bm->length = bm->max;
+ }
+ else
+ {
+ memset(bm->data,0,bm->max);
+ bm->length=0;
+ }
+ }
+ break;
+ case BIO_CTRL_EOF:
+ ret=(long)(bm->length == 0);
+ break;
+ case BIO_C_SET_BUF_MEM_EOF_RETURN:
+ b->num=(int)num;
+ break;
+ case BIO_CTRL_INFO:
+ ret=(long)bm->length;
+ if (ptr != NULL)
+ {
+ pptr=(char **)ptr;
+ *pptr=(char *)&(bm->data[0]);
+ }
+ break;
+ case BIO_C_SET_BUF_MEM:
+ mem_free(b);
+ b->shutdown=(int)num;
+ b->ptr=ptr;
+ break;
+ case BIO_C_GET_BUF_MEM_PTR:
+ if (ptr != NULL)
+ {
+ pptr=(char **)ptr;
+ *pptr=(char *)bm;
+ }
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=(long)b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ ret=0L;
+ break;
+ case BIO_CTRL_PENDING:
+ ret=(long)bm->length;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret=1;
+ break;
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int mem_gets(BIO *bp, char *buf, int size)
+ {
+ int i,j;
+ int ret= -1;
+ char *p;
+ BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+
+ BIO_clear_retry_flags(bp);
+ j=bm->length;
+ if ((size-1) < j) j=size-1;
+ if (j <= 0)
+ {
+ *buf='\0';
+ return 0;
+ }
+ p=bm->data;
+ for (i=0; i<j; i++)
+ {
+ if (p[i] == '\n')
+ {
+ i++;
+ break;
+ }
+ }
+
+ /*
+ * i is now the max num of bytes to copy, either j or up to
+ * and including the first newline
+ */
+
+ i=mem_read(bp,buf,i);
+ if (i > 0) buf[i]='\0';
+ ret=i;
+ return(ret);
+ }
+
+static int mem_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=mem_write(bp,str,n);
+ /* memory semantics is that it will always work */
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bio/bss_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_null.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_null.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,150 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+static BIO_METHOD null_method=
+ {
+ BIO_TYPE_NULL,
+ "NULL",
+ null_write,
+ null_read,
+ null_puts,
+ null_gets,
+ null_ctrl,
+ null_new,
+ null_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_null(void)
+ {
+ return(&null_method);
+ }
+
+static int null_new(BIO *bi)
+ {
+ bi->init=1;
+ bi->num=0;
+ bi->ptr=(NULL);
+ return(1);
+ }
+
+static int null_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ return(1);
+ }
+
+static int null_read(BIO *b, char *out, int outl)
+ {
+ return(0);
+ }
+
+static int null_write(BIO *b, const char *in, int inl)
+ {
+ return(inl);
+ }
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ case BIO_CTRL_EOF:
+ case BIO_CTRL_SET:
+ case BIO_CTRL_SET_CLOSE:
+ case BIO_CTRL_FLUSH:
+ case BIO_CTRL_DUP:
+ ret=1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ case BIO_CTRL_INFO:
+ case BIO_CTRL_GET:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int null_gets(BIO *bp, char *buf, int size)
+ {
+ return(0);
+ }
+
+static int null_puts(BIO *bp, const char *str)
+ {
+ if (str == NULL) return(0);
+ return(strlen(str));
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,294 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Written by David L. Jones <jonesd at kcgl1.eng.ohio-state.edu>
+ * Date: 22-JUL-1996
+ * Revised: 25-SEP-1997 Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#include <iodef.h> /* VMS IO$_ definitions */
+#include <starlet.h>
+
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+
+struct rpc_msg { /* Should have member alignment inhibited */
+ char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
+ char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+ unsigned short int length; /* Amount of data returned or max to return */
+ char data[4092]; /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+struct rpc_ctx {
+ int filled, pos;
+ struct rpc_msg msg;
+};
+
+static int rtcp_write(BIO *h,const char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,const char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+
+static BIO_METHOD rtcp_method=
+ {
+ BIO_TYPE_FD,
+ "RTCP",
+ rtcp_write,
+ rtcp_read,
+ rtcp_puts,
+ rtcp_gets,
+ rtcp_ctrl,
+ rtcp_new,
+ rtcp_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_rtcp(void)
+ {
+ return(&rtcp_method);
+ }
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+ int status;
+ struct io_status iosb;
+ status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+ buffer, maxlen, 0, 0, 0, 0 );
+ if ( (status&1) == 1 ) status = iosb.status;
+ if ( (status&1) == 1 ) *length = iosb.count;
+ return status;
+}
+
+static int put ( io_channel chan, char *buffer, int length )
+{
+ int status;
+ struct io_status iosb;
+ status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+ buffer, length, 0, 0, 0, 0 );
+ if ( (status&1) == 1 ) status = iosb.status;
+ return status;
+}
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
+/***************************************************************************/
+
+static int rtcp_new(BIO *bi)
+{
+ struct rpc_ctx *ctx;
+ bi->init=1;
+ bi->num=0;
+ bi->flags = 0;
+ bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
+ ctx = (struct rpc_ctx *) bi->ptr;
+ ctx->filled = 0;
+ ctx->pos = 0;
+ return(1);
+}
+
+static int rtcp_free(BIO *a)
+{
+ if (a == NULL) return(0);
+ if ( a->ptr ) OPENSSL_free ( a->ptr );
+ a->ptr = NULL;
+ return(1);
+}
+
+static int rtcp_read(BIO *b, char *out, int outl)
+{
+ int status, length;
+ struct rpc_ctx *ctx;
+ /*
+ * read data, return existing.
+ */
+ ctx = (struct rpc_ctx *) b->ptr;
+ if ( ctx->pos < ctx->filled ) {
+ length = ctx->filled - ctx->pos;
+ if ( length > outl ) length = outl;
+ memmove ( out, &ctx->msg.data[ctx->pos], length );
+ ctx->pos += length;
+ return length;
+ }
+ /*
+ * Requst more data from R channel.
+ */
+ ctx->msg.channel = 'R';
+ ctx->msg.function = 'G';
+ ctx->msg.length = sizeof(ctx->msg.data);
+ status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+ if ( (status&1) == 0 ) {
+ return -1;
+ }
+ /*
+ * Read.
+ */
+ ctx->pos = ctx->filled = 0;
+ status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+ if ( (status&1) == 0 ) length = -1;
+ if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+ length = -1;
+ }
+ ctx->filled = length - RPC_HDR_SIZE;
+
+ if ( ctx->pos < ctx->filled ) {
+ length = ctx->filled - ctx->pos;
+ if ( length > outl ) length = outl;
+ memmove ( out, ctx->msg.data, length );
+ ctx->pos += length;
+ return length;
+ }
+
+ return length;
+}
+
+static int rtcp_write(BIO *b, const char *in, int inl)
+{
+ int status, i, segment, length;
+ struct rpc_ctx *ctx;
+ /*
+ * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+ */
+ ctx = (struct rpc_ctx *) b->ptr;
+ for ( i = 0; i < inl; i += segment ) {
+ segment = inl - i;
+ if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+ ctx->msg.channel = 'R';
+ ctx->msg.function = 'P';
+ ctx->msg.length = segment;
+ memmove ( ctx->msg.data, &in[i], segment );
+ status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+ if ((status&1) == 0 ) { i = -1; break; }
+
+ status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+ if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+ if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+ printf("unexpected response when confirming put %c %c\n",
+ ctx->msg.channel, ctx->msg.function );
+
+ }
+ }
+ return(i);
+}
+
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ case BIO_CTRL_EOF:
+ ret = 1;
+ break;
+ case BIO_C_SET_FD:
+ b->num = num;
+ ret = 1;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ case BIO_CTRL_FLUSH:
+ case BIO_CTRL_DUP:
+ ret=1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ case BIO_CTRL_INFO:
+ case BIO_CTRL_GET:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int rtcp_gets(BIO *bp, char *buf, int size)
+ {
+ return(0);
+ }
+
+static int rtcp_puts(BIO *bp, const char *str)
+{
+ int length;
+ if (str == NULL) return(0);
+ length = strlen ( str );
+ if ( length == 0 ) return (0);
+ return rtcp_write ( bp,str, length );
+}
+
Added: vendor-crypto/openssl/dist/crypto/bio/bss_sock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_sock.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_sock.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,294 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+#include <openssl/bio.h>
+
+#ifdef WATT32
+#define sock_write SockWrite /* Watt-32 uses same names */
+#define sock_read SockRead
+#define sock_puts SockPuts
+#endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static BIO_METHOD methods_sockp=
+ {
+ BIO_TYPE_SOCKET,
+ "socket",
+ sock_write,
+ sock_read,
+ sock_puts,
+ NULL, /* sock_gets, */
+ sock_ctrl,
+ sock_new,
+ sock_free,
+ NULL,
+ };
+
+BIO_METHOD *BIO_s_socket(void)
+ {
+ return(&methods_sockp);
+ }
+
+BIO *BIO_new_socket(int fd, int close_flag)
+ {
+ BIO *ret;
+
+ ret=BIO_new(BIO_s_socket());
+ if (ret == NULL) return(NULL);
+ BIO_set_fd(ret,fd,close_flag);
+ return(ret);
+ }
+
+static int sock_new(BIO *bi)
+ {
+ bi->init=0;
+ bi->num=0;
+ bi->ptr=NULL;
+ bi->flags=0;
+ return(1);
+ }
+
+static int sock_free(BIO *a)
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if (a->init)
+ {
+ SHUTDOWN2(a->num);
+ }
+ a->init=0;
+ a->flags=0;
+ }
+ return(1);
+ }
+
+static int sock_read(BIO *b, char *out, int outl)
+ {
+ int ret=0;
+
+ if (out != NULL)
+ {
+ clear_socket_error();
+ ret=readsocket(b->num,out,outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return(ret);
+ }
+
+static int sock_write(BIO *b, const char *in, int inl)
+ {
+ int ret;
+
+ clear_socket_error();
+ ret=writesocket(b->num,in,inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0)
+ {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return(ret);
+ }
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ long ret=1;
+ int *ip;
+
+ switch (cmd)
+ {
+ case BIO_C_SET_FD:
+ sock_free(b);
+ b->num= *((int *)ptr);
+ b->shutdown=(int)num;
+ b->init=1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init)
+ {
+ ip=(int *)ptr;
+ if (ip != NULL) *ip=b->num;
+ ret=b->num;
+ }
+ else
+ ret= -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret=1;
+ break;
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int sock_puts(BIO *bp, const char *str)
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=sock_write(bp,str,n);
+ return(ret);
+ }
+
+int BIO_sock_should_retry(int i)
+ {
+ int err;
+
+ if ((i == 0) || (i == -1))
+ {
+ err=get_last_socket_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+ if ((i == -1) && (err == 0))
+ return(1);
+#endif
+
+ return(BIO_sock_non_fatal_error(err));
+ }
+ return(0);
+ }
+
+int BIO_sock_non_fatal_error(int err)
+ {
+ switch (err)
+ {
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+# if defined(WSAEWOULDBLOCK)
+ case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+# if defined(WSAENOTCONN)
+ case WSAENOTCONN:
+# endif
+# endif
+#endif
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+ case ENOTCONN:
+#endif
+
+#ifdef EINTR
+ case EINTR:
+#endif
+
+#ifdef EAGAIN
+# if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+ case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+ case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+ case EALREADY:
+#endif
+ return(1);
+ /* break; */
+ default:
+ break;
+ }
+ return(0);
+ }
+
+#endif /* #ifndef OPENSSL_NO_SOCK */
Added: vendor-crypto/openssl/dist/crypto/bn/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,362 @@
+#
+# OpenSSL/crypto/bn/Makefile
+#
+
+DIR= bn
+TOP= ../..
+CC= cc
+CPP= $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+BN_ASM= bn_asm.o
+# or use
+#BN_ASM= bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+ bn_depr.c bn_x931p.c bn_const.c bn_opt.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
+ bn_depr.o bn_x931p.o bn_const.o bn_opt.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+bn_prime.h: bn_prime.pl
+ $(PERL) bn_prime.pl >bn_prime.h
+
+divtest: divtest.c ../../libcrypto.a
+ cc -I../../include divtest.c -o divtest ../../libcrypto.a
+
+bnbug: bnbug.c ../../libcrypto.a top
+ cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+# ELF
+bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
+co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
+mo86-elf.s: asm/mo-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
+co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
+mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
+co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
+mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@)
+
+sparcv8.o: asm/sparcv8.S
+ $(CC) $(CFLAGS) -c asm/sparcv8.S
+sparcv8plus.o: asm/sparcv8plus.S
+ $(CC) $(CFLAGS) -c asm/sparcv8plus.S
+
+bn-mips3.o: asm/mips3.s
+ @if [ "$(CC)" = "gcc" ]; then \
+ ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
+ as -$$ABI -O -o $@ asm/mips3.s; \
+ else $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+
+x86_64-gcc.o: asm/x86_64-gcc.c
+ $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
+x86_64-mont.s: asm/x86_64-mont.pl
+ $(PERL) asm/x86_64-mont.pl $@
+
+bn-ia64.s: asm/ia64.S
+ $(CC) $(CFLAGS) -E asm/ia64.S > $@
+
+# GNU assembler fails to compile PA-RISC2 modules, insist on calling
+# vendor assembler...
+pa-risc2W.o: asm/pa-risc2W.s
+ /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
+pa-risc2.o: asm/pa-risc2.s
+ /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
+
+# ppc - AIX, Linux, MacOS X...
+linux_ppc32.s: asm/ppc.pl; $(PERL) $< $@
+linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@
+aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@
+aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@
+osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@
+osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+exptest:
+ rm -f exptest
+ gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+ rm -f a.out
+ gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_err.o: bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
+bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_x931p.o: ../../include/openssl/opensslconf.h
+bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c
Added: vendor-crypto/openssl/dist/crypto/bn/asm/README
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/README (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/README 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,27 @@
+<OBSOLETE>
+
+All assember in this directory are just version of the file
+crypto/bn/bn_asm.c.
+
+Quite a few of these files are just the assember output from gcc since on
+quite a few machines they are 2 times faster than the system compiler.
+
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it. This normally gives a 2 time speed up in the RSA
+routines.
+
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits). So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+
+There are 3 versions of assember for the HP PA-RISC.
+
+pa-risc.s is the origional one which works fine and generated using gcc :-)
+
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).
+
+</OBSOLETE>
Added: vendor-crypto/openssl/dist/crypto/bn/asm/bn-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/bn-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/bn-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,675 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_sub_part_words("bn_sub_part_words");
+
+&asm_finish();
+
+sub bn_mul_add_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+ &comment("");
+ $Low="eax";
+ $High="edx";
+ $a="ebx";
+ $w="ebp";
+ $r="edi";
+ $c="esi";
+
+ &xor($c,$c); # clear carry
+ &mov($r,&wparam(0)); #
+
+ &mov("ecx",&wparam(2)); #
+ &mov($a,&wparam(1)); #
+
+ &and("ecx",0xfffffff8); # num / 8
+ &mov($w,&wparam(3)); #
+
+ &push("ecx"); # Up the stack for a tmp variable
+
+ &jz(&label("maw_finish"));
+
+ if ($sse2) {
+ &picmeup("eax","OPENSSL_ia32cap_P");
+ &bt(&DWP(0,"eax"),26);
+ &jnc(&label("maw_loop"));
+
+ &movd("mm0",$w); # mm0 = w
+ &pxor("mm1","mm1"); # mm1 = carry_in
+
+ &set_label("maw_sse2_loop",0);
+ &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0]
+ &paddq("mm1","mm3"); # mm1 = carry_in + r[0]
+ &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0]
+ &pmuludq("mm2","mm0"); # mm2 = w*a[0]
+ &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1]
+ &pmuludq("mm4","mm0"); # mm4 = w*a[1]
+ &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2]
+ &pmuludq("mm6","mm0"); # mm6 = w*a[2]
+ &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3]
+ &pmuludq("mm7","mm0"); # mm7 = w*a[3]
+ &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0]
+ &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1]
+ &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1]
+ &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2]
+ &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2]
+ &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3]
+ &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3]
+ &movd(&DWP(0,$r,"",0),"mm1");
+ &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4]
+ &pmuludq("mm2","mm0"); # mm2 = w*a[4]
+ &psrlq("mm1",32); # mm1 = carry0
+ &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5]
+ &pmuludq("mm4","mm0"); # mm4 = w*a[5]
+ &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1]
+ &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6]
+ &pmuludq("mm6","mm0"); # mm6 = w*a[6]
+ &movd(&DWP(4,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry1
+ &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7]
+ &add($a,32);
+ &pmuludq("mm3","mm0"); # mm3 = w*a[7]
+ &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2]
+ &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4]
+ &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4]
+ &movd(&DWP(8,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry2
+ &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3]
+ &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5]
+ &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5]
+ &movd(&DWP(12,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry3
+ &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4]
+ &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6]
+ &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6]
+ &movd(&DWP(16,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry4
+ &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5]
+ &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7]
+ &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7]
+ &movd(&DWP(20,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry5
+ &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6]
+ &movd(&DWP(24,$r,"",0),"mm1");
+ &psrlq("mm1",32); # mm1 = carry6
+ &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7]
+ &movd(&DWP(28,$r,"",0),"mm1");
+ &add($r,32);
+ &psrlq("mm1",32); # mm1 = carry_out
+
+ &sub("ecx",8);
+ &jnz(&label("maw_sse2_loop"));
+
+ &movd($c,"mm1"); # c = carry_out
+ &emms();
+
+ &jmp(&label("maw_finish"));
+ }
+
+ &set_label("maw_loop",0);
+
+ &mov(&swtmp(0),"ecx"); #
+
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+= *r
+ &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r
+ &adc("edx",0); # H(t)+=carry
+ &add("eax",$c); # L(t)+=c
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ }
+
+ &comment("");
+ &mov("ecx",&swtmp(0)); #
+ &add($a,32);
+ &add($r,32);
+ &sub("ecx",8);
+ &jnz(&label("maw_loop"));
+
+ &set_label("maw_finish",0);
+ &mov("ecx",&wparam(2)); # get num
+ &and("ecx",7);
+ &jnz(&label("maw_finish2")); # helps branch prediction
+ &jmp(&label("maw_end"));
+
+ &set_label("maw_finish2",1);
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0));# *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r
+ &adc("edx",0); # H(t)+=carry
+ &add("eax",$c);
+ &adc("edx",0); # H(t)+=carry
+ &dec("ecx") if ($i != 7-1);
+ &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ &jz(&label("maw_end")) if ($i != 7-1);
+ }
+ &set_label("maw_end",0);
+ &mov("eax",$c);
+
+ &pop("ecx"); # clear variable from
+
+ &function_end($name);
+ }
+
+sub bn_mul_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $Low="eax";
+ $High="edx";
+ $a="ebx";
+ $w="ecx";
+ $r="edi";
+ $c="esi";
+ $num="ebp";
+
+ &xor($c,$c); # clear carry
+ &mov($r,&wparam(0)); #
+ &mov($a,&wparam(1)); #
+ &mov($num,&wparam(2)); #
+ &mov($w,&wparam(3)); #
+
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("mw_finish"));
+
+ &set_label("mw_loop",0);
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ # XXX
+
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t);
+
+ &mov($c,"edx"); # c= H(t);
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,32);
+ &sub($num,8);
+ &jz(&label("mw_finish"));
+ &jmp(&label("mw_loop"));
+
+ &set_label("mw_finish",0);
+ &mov($num,&wparam(2)); # get num
+ &and($num,7);
+ &jnz(&label("mw_finish2"));
+ &jmp(&label("mw_end"));
+
+ &set_label("mw_finish2",1);
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0));# *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ # XXX
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ &dec($num) if ($i != 7-1);
+ &jz(&label("mw_end")) if ($i != 7-1);
+ }
+ &set_label("mw_end",0);
+ &mov("eax",$c);
+
+ &function_end($name);
+ }
+
+sub bn_sqr_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $r="esi";
+ $a="edi";
+ $num="ebx";
+
+ &mov($r,&wparam(0)); #
+ &mov($a,&wparam(1)); #
+ &mov($num,&wparam(2)); #
+
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("sw_finish"));
+
+ &set_label("sw_loop",0);
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ # XXX
+ &mul("eax"); # *a * *a
+ &mov(&DWP($i*2,$r,"",0),"eax"); #
+ &mov(&DWP($i*2+4,$r,"",0),"edx");#
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,64);
+ &sub($num,8);
+ &jnz(&label("sw_loop"));
+
+ &set_label("sw_finish",0);
+ &mov($num,&wparam(2)); # get num
+ &and($num,7);
+ &jz(&label("sw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0)); # *a
+ # XXX
+ &mul("eax"); # *a * *a
+ &mov(&DWP($i*8,$r,"",0),"eax"); #
+ &dec($num) if ($i != 7-1);
+ &mov(&DWP($i*8+4,$r,"",0),"edx");
+ &jz(&label("sw_end")) if ($i != 7-1);
+ }
+ &set_label("sw_end",0);
+
+ &function_end($name);
+ }
+
+sub bn_div_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+ &mov("edx",&wparam(0)); #
+ &mov("eax",&wparam(1)); #
+ &mov("ebx",&wparam(2)); #
+ &div("ebx");
+ &function_end($name);
+ }
+
+sub bn_add_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $a="esi";
+ $b="edi";
+ $c="eax";
+ $r="ebx";
+ $tmp1="ecx";
+ $tmp2="edx";
+ $num="ebp";
+
+ &mov($r,&wparam(0)); # get r
+ &mov($a,&wparam(1)); # get a
+ &mov($b,&wparam(2)); # get b
+ &mov($num,&wparam(3)); # get num
+ &xor($c,$c); # clear carry
+ &and($num,0xfffffff8); # num / 8
+
+ &jz(&label("aw_finish"));
+
+ &set_label("aw_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &add($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &add($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("aw_loop"));
+
+ &set_label("aw_finish",0);
+ &mov($num,&wparam(3)); # get num
+ &and($num,7);
+ &jz(&label("aw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+ &add($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &add($tmp1,$tmp2);
+ &adc($c,0);
+ &dec($num) if ($i != 6);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &jz(&label("aw_end")) if ($i != 6);
+ }
+ &set_label("aw_end",0);
+
+# &mov("eax",$c); # $c is "eax"
+
+ &function_end($name);
+ }
+
+sub bn_sub_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $a="esi";
+ $b="edi";
+ $c="eax";
+ $r="ebx";
+ $tmp1="ecx";
+ $tmp2="edx";
+ $num="ebp";
+
+ &mov($r,&wparam(0)); # get r
+ &mov($a,&wparam(1)); # get a
+ &mov($b,&wparam(2)); # get b
+ &mov($num,&wparam(3)); # get num
+ &xor($c,$c); # clear carry
+ &and($num,0xfffffff8); # num / 8
+
+ &jz(&label("aw_finish"));
+
+ &set_label("aw_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("aw_loop"));
+
+ &set_label("aw_finish",0);
+ &mov($num,&wparam(3)); # get num
+ &and($num,7);
+ &jz(&label("aw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &dec($num) if ($i != 6);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &jz(&label("aw_end")) if ($i != 6);
+ }
+ &set_label("aw_end",0);
+
+# &mov("eax",$c); # $c is "eax"
+
+ &function_end($name);
+ }
+
+sub bn_sub_part_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $a="esi";
+ $b="edi";
+ $c="eax";
+ $r="ebx";
+ $tmp1="ecx";
+ $tmp2="edx";
+ $num="ebp";
+
+ &mov($r,&wparam(0)); # get r
+ &mov($a,&wparam(1)); # get a
+ &mov($b,&wparam(2)); # get b
+ &mov($num,&wparam(3)); # get num
+ &xor($c,$c); # clear carry
+ &and($num,0xfffffff8); # num / 8
+
+ &jz(&label("aw_finish"));
+
+ &set_label("aw_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("aw_loop"));
+
+ &set_label("aw_finish",0);
+ &mov($num,&wparam(3)); # get num
+ &and($num,7);
+ &jz(&label("aw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov($tmp1,&DWP(0,$a,"",0)); # *a
+ &mov($tmp2,&DWP(0,$b,"",0));# *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP(0,$r,"",0),$tmp1); # *r
+ &add($a, 4);
+ &add($b, 4);
+ &add($r, 4);
+ &dec($num) if ($i != 6);
+ &jz(&label("aw_end")) if ($i != 6);
+ }
+ &set_label("aw_end",0);
+
+ &cmp(&wparam(4),0);
+ &je(&label("pw_end"));
+
+ &mov($num,&wparam(4)); # get dl
+ &cmp($num,0);
+ &je(&label("pw_end"));
+ &jge(&label("pw_pos"));
+
+ &comment("pw_neg");
+ &mov($tmp2,0);
+ &sub($tmp2,$num);
+ &mov($num,$tmp2);
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("pw_neg_finish"));
+
+ &set_label("pw_neg_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("dl<0 Round $i");
+
+ &mov($tmp1,0);
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("pw_neg_loop"));
+
+ &set_label("pw_neg_finish",0);
+ &mov($tmp2,&wparam(4)); # get dl
+ &mov($num,0);
+ &sub($num,$tmp2);
+ &and($num,7);
+ &jz(&label("pw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("dl<0 Tail Round $i");
+ &mov($tmp1,0);
+ &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &dec($num) if ($i != 6);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &jz(&label("pw_end")) if ($i != 6);
+ }
+
+ &jmp(&label("pw_end"));
+
+ &set_label("pw_pos",0);
+
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("pw_pos_finish"));
+
+ &set_label("pw_pos_loop",0);
+
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("dl>0 Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &sub($tmp1,$c);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &jnc(&label("pw_nc".$i));
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("pw_pos_loop"));
+
+ &set_label("pw_pos_finish",0);
+ &mov($num,&wparam(4)); # get dl
+ &and($num,7);
+ &jz(&label("pw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("dl>0 Tail Round $i");
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &sub($tmp1,$c);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &jnc(&label("pw_tail_nc".$i));
+ &dec($num) if ($i != 6);
+ &jz(&label("pw_end")) if ($i != 6);
+ }
+ &mov($c,1);
+ &jmp(&label("pw_end"));
+
+ &set_label("pw_nc_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &set_label("pw_nc".$i,0);
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("pw_nc_loop"));
+
+ &mov($num,&wparam(4)); # get dl
+ &and($num,7);
+ &jz(&label("pw_nc_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ &set_label("pw_tail_nc".$i,0);
+ &dec($num) if ($i != 6);
+ &jz(&label("pw_nc_end")) if ($i != 6);
+ }
+
+ &set_label("pw_nc_end",0);
+ &mov($c,0);
+
+ &set_label("pw_end",0);
+
+# &mov("eax",$c); # $c is "eax"
+
+ &function_end($name);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/asm/co-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/co-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/co-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,286 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+sub mul_add_c
+ {
+ local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("mul a[$ai]*b[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$b,"",0));
+
+ &mul("edx");
+ &add($c0,"eax");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a
+ &mov("eax",&wparam(0)) if $pos > 0; # load r[]
+ ###
+ &adc($c1,"edx");
+ &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b
+ &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b
+ ###
+ &adc($c2,0);
+ # is pos > 1, it means it is the last loop
+ &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[];
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a
+ }
+
+sub sqr_add_c
+ {
+ local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("sqr a[$ai]*a[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$b,"",0));
+
+ if ($ai == $bi)
+ { &mul("eax");}
+ else
+ { &mul("edx");}
+ &add($c0,"eax");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
+ ###
+ &adc($c1,"edx");
+ &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+ ###
+ &adc($c2,0);
+ # is pos > 1, it means it is the last loop
+ &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[];
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b
+ }
+
+sub sqr_add_c2
+ {
+ local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("sqr a[$ai]*a[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$a,"",0));
+
+ if ($ai == $bi)
+ { &mul("eax");}
+ else
+ { &mul("edx");}
+ &add("eax","eax");
+ ###
+ &adc("edx","edx");
+ ###
+ &adc($c2,0);
+ &add($c0,"eax");
+ &adc($c1,"edx");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b
+ &adc($c2,0);
+ &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[];
+ &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+ ###
+ }
+
+sub bn_mul_comba
+ {
+ local($name,$num)=@_;
+ local($a,$b,$c0,$c1,$c2);
+ local($i,$as,$ae,$bs,$be,$ai,$bi);
+ local($tot,$end);
+
+ &function_begin_B($name,"");
+
+ $c0="ebx";
+ $c1="ecx";
+ $c2="ebp";
+ $a="esi";
+ $b="edi";
+
+ $as=0;
+ $ae=0;
+ $bs=0;
+ $be=0;
+ $tot=$num+$num-1;
+
+ &push("esi");
+ &mov($a,&wparam(1));
+ &push("edi");
+ &mov($b,&wparam(2));
+ &push("ebp");
+ &push("ebx");
+
+ &xor($c0,$c0);
+ &mov("eax",&DWP(0,$a,"",0)); # load the first word
+ &xor($c1,$c1);
+ &mov("edx",&DWP(0,$b,"",0)); # load the first second
+
+ for ($i=0; $i<$tot; $i++)
+ {
+ $ai=$as;
+ $bi=$bs;
+ $end=$be+1;
+
+ &comment("################## Calculate word $i");
+
+ for ($j=$bs; $j<$end; $j++)
+ {
+ &xor($c2,$c2) if ($j == $bs);
+ if (($j+1) == $end)
+ {
+ $v=1;
+ $v=2 if (($i+1) == $tot);
+ }
+ else
+ { $v=0; }
+ if (($j+1) != $end)
+ {
+ $na=($ai-1);
+ $nb=($bi+1);
+ }
+ else
+ {
+ $na=$as+($i < ($num-1));
+ $nb=$bs+($i >= ($num-1));
+ }
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+ &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+ if ($v)
+ {
+ &comment("saved r[$i]");
+ # &mov("eax",&wparam(0));
+ # &mov(&DWP($i*4,"eax","",0),$c0);
+ ($c0,$c1,$c2)=($c1,$c2,$c0);
+ }
+ $ai--;
+ $bi++;
+ }
+ $as++ if ($i < ($num-1));
+ $ae++ if ($i >= ($num-1));
+
+ $bs++ if ($i >= ($num-1));
+ $be++ if ($i < ($num-1));
+ }
+ &comment("save r[$i]");
+ # &mov("eax",&wparam(0));
+ &mov(&DWP($i*4,"eax","",0),$c0);
+
+ &pop("ebx");
+ &pop("ebp");
+ &pop("edi");
+ &pop("esi");
+ &ret();
+ &function_end_B($name);
+ }
+
+sub bn_sqr_comba
+ {
+ local($name,$num)=@_;
+ local($r,$a,$c0,$c1,$c2)=@_;
+ local($i,$as,$ae,$bs,$be,$ai,$bi);
+ local($b,$tot,$end,$half);
+
+ &function_begin_B($name,"");
+
+ $c0="ebx";
+ $c1="ecx";
+ $c2="ebp";
+ $a="esi";
+ $r="edi";
+
+ &push("esi");
+ &push("edi");
+ &push("ebp");
+ &push("ebx");
+ &mov($r,&wparam(0));
+ &mov($a,&wparam(1));
+ &xor($c0,$c0);
+ &xor($c1,$c1);
+ &mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+ $as=0;
+ $ae=0;
+ $bs=0;
+ $be=0;
+ $tot=$num+$num-1;
+
+ for ($i=0; $i<$tot; $i++)
+ {
+ $ai=$as;
+ $bi=$bs;
+ $end=$be+1;
+
+ &comment("############### Calculate word $i");
+ for ($j=$bs; $j<$end; $j++)
+ {
+ &xor($c2,$c2) if ($j == $bs);
+ if (($ai-1) < ($bi+1))
+ {
+ $v=1;
+ $v=2 if ($i+1) == $tot;
+ }
+ else
+ { $v=0; }
+ if (!$v)
+ {
+ $na=$ai-1;
+ $nb=$bi+1;
+ }
+ else
+ {
+ $na=$as+($i < ($num-1));
+ $nb=$bs+($i >= ($num-1));
+ }
+ if ($ai == $bi)
+ {
+ &sqr_add_c($r,$a,$ai,$bi,
+ $c0,$c1,$c2,$v,$i,$na,$nb);
+ }
+ else
+ {
+ &sqr_add_c2($r,$a,$ai,$bi,
+ $c0,$c1,$c2,$v,$i,$na,$nb);
+ }
+ if ($v)
+ {
+ &comment("saved r[$i]");
+ #&mov(&DWP($i*4,$r,"",0),$c0);
+ ($c0,$c1,$c2)=($c1,$c2,$c0);
+ last;
+ }
+ $ai--;
+ $bi++;
+ }
+ $as++ if ($i < ($num-1));
+ $ae++ if ($i >= ($num-1));
+
+ $bs++ if ($i >= ($num-1));
+ $be++ if ($i < ($num-1));
+ }
+ &mov(&DWP($i*4,$r,"",0),$c0);
+ &pop("ebx");
+ &pop("ebp");
+ &pop("edi");
+ &pop("esi");
+ &ret();
+ &function_end_B($name);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/asm/ia64.S
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/ia64.S (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/ia64.S 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1555 @@
+.explicit
+.text
+.ident "ia64.S, Version 2.1"
+.ident "IA-64 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
+//
+// ====================================================================
+// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+//
+// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
+// different from Itanium to this module viewpoint. Most notably, is it
+// "wider" than Itanium? Can you experience loop scalability as
+// discussed in commentary sections? Not really:-( Itanium2 has 6
+// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
+// spin twice as fast, as I need 8 IALU ports. Amount of floating point
+// ports is the same, i.e. 2, while I need 4. In other words, to this
+// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
+// essentially different in respect to this module, and a re-tune was
+// required. Well, because some intruction latencies has changed. Most
+// noticeably those intensively used:
+//
+// Itanium Itanium2
+// ldf8 9 6 L2 hit
+// ld8 2 1 L1 hit
+// getf 2 5
+// xma[->getf] 7[+1] 4[+0]
+// add[->st8] 1[+1] 1[+0]
+//
+// What does it mean? You might ratiocinate that the original code
+// should run just faster... Because sum of latencies is smaller...
+// Wrong! Note that getf latency increased. This means that if a loop is
+// scheduled for lower latency (as they were), then it will suffer from
+// stall condition and the code will therefore turn anti-scalable, e.g.
+// original bn_mul_words spun at 5*n or 2.5 times slower than expected
+// on Itanium2! What to do? Reschedule loops for Itanium2? But then
+// Itanium would exhibit anti-scalability. So I've chosen to reschedule
+// for worst latency for every instruction aiming for best *all-round*
+// performance.
+
+// Q. How much faster does it get?
+// A. Here is the output from 'openssl speed rsa dsa' for vanilla
+// 0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
+// Linux 7.1 2.96-81):
+//
+// sign verify sign/s verify/s
+// rsa 512 bits 0.0036s 0.0003s 275.3 2999.2
+// rsa 1024 bits 0.0203s 0.0011s 49.3 894.1
+// rsa 2048 bits 0.1331s 0.0040s 7.5 250.9
+// rsa 4096 bits 0.9270s 0.0147s 1.1 68.1
+// sign verify sign/s verify/s
+// dsa 512 bits 0.0035s 0.0043s 288.3 234.8
+// dsa 1024 bits 0.0111s 0.0135s 90.0 74.2
+//
+// And here is similar output but for this assembler
+// implementation:-)
+//
+// sign verify sign/s verify/s
+// rsa 512 bits 0.0021s 0.0001s 549.4 9638.5
+// rsa 1024 bits 0.0055s 0.0002s 183.8 4481.1
+// rsa 2048 bits 0.0244s 0.0006s 41.4 1726.3
+// rsa 4096 bits 0.1295s 0.0018s 7.7 561.5
+// sign verify sign/s verify/s
+// dsa 512 bits 0.0012s 0.0013s 891.9 756.6
+// dsa 1024 bits 0.0023s 0.0028s 440.4 376.2
+//
+// Yes, you may argue that it's not fair comparison as it's
+// possible to craft the C implementation with BN_UMULT_HIGH
+// inline assembler macro. But of course! Here is the output
+// with the macro:
+//
+// sign verify sign/s verify/s
+// rsa 512 bits 0.0020s 0.0002s 495.0 6561.0
+// rsa 1024 bits 0.0086s 0.0004s 116.2 2235.7
+// rsa 2048 bits 0.0519s 0.0015s 19.3 667.3
+// rsa 4096 bits 0.3464s 0.0053s 2.9 187.7
+// sign verify sign/s verify/s
+// dsa 512 bits 0.0016s 0.0020s 613.1 510.5
+// dsa 1024 bits 0.0045s 0.0054s 221.0 183.9
+//
+// My code is still way faster, huh:-) And I believe that even
+// higher performance can be achieved. Note that as keys get
+// longer, performance gain is larger. Why? According to the
+// profiler there is another player in the field, namely
+// BN_from_montgomery consuming larger and larger portion of CPU
+// time as keysize decreases. I therefore consider putting effort
+// to assembler implementation of the following routine:
+//
+// void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
+// {
+// int i,j;
+// BN_ULONG v;
+//
+// for (i=0; i<nl; i++)
+// {
+// v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+// nrp++;
+// rp++;
+// if (((nrp[-1]+=v)&BN_MASK2) < v)
+// for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
+// }
+// }
+//
+// It might as well be beneficial to implement even combaX
+// variants, as it appears as it can literally unleash the
+// performance (see comment section to bn_mul_comba8 below).
+//
+// And finally for your reference the output for 0.9.6a compiled
+// with SGIcc version 0.01.0-12 (keep in mind that for the moment
+// of this writing it's not possible to convince SGIcc to use
+// BN_UMULT_HIGH inline assembler macro, yet the code is fast,
+// i.e. for a compiler generated one:-):
+//
+// sign verify sign/s verify/s
+// rsa 512 bits 0.0022s 0.0002s 452.7 5894.3
+// rsa 1024 bits 0.0097s 0.0005s 102.7 2002.9
+// rsa 2048 bits 0.0578s 0.0017s 17.3 600.2
+// rsa 4096 bits 0.3838s 0.0061s 2.6 164.5
+// sign verify sign/s verify/s
+// dsa 512 bits 0.0018s 0.0022s 547.3 459.6
+// dsa 1024 bits 0.0051s 0.0062s 196.6 161.3
+//
+// Oh! Benchmarks were performed on 733MHz Lion-class Itanium
+// system running Redhat Linux 7.1 (very special thanks to Ray
+// McCaffity of Williams Communications for providing an account).
+//
+// Q. What's the heck with 'rum 1<<5' at the end of every function?
+// A. Well, by clearing the "upper FP registers written" bit of the
+// User Mask I want to excuse the kernel from preserving upper
+// (f32-f128) FP register bank over process context switch, thus
+// minimizing bus bandwidth consumption during the switch (i.e.
+// after PKI opration completes and the program is off doing
+// something else like bulk symmetric encryption). Having said
+// this, I also want to point out that it might be good idea
+// to compile the whole toolkit (as well as majority of the
+// programs for that matter) with -mfixed-range=f32-f127 command
+// line option. No, it doesn't prevent the compiler from writing
+// to upper bank, but at least discourages to do so. If you don't
+// like the idea you have the option to compile the module with
+// -Drum=nop.m in command line.
+//
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define ADDP addp4
+#else
+#define ADDP add
+#endif
+
+#if 1
+//
+// bn_[add|sub]_words routines.
+//
+// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
+// data reside in L1 cache, i.e. 2 ticks away). It's possible to
+// compress the epilogue and get down to 2*n+6, but at the cost of
+// scalability (the neat feature of this implementation is that it
+// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
+// I consider that the epilogue is short enough as it is to trade tiny
+// performance loss on Itanium for scalability.
+//
+// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global bn_add_words#
+.proc bn_add_words#
+.align 64
+.skip 32 // makes the loop body aligned at 64-byte boundary
+bn_add_words:
+ .prologue
+ .save ar.pfs,r2
+{ .mii; alloc r2=ar.pfs,4,12,0,16
+ cmp4.le p6,p0=r35,r0 };;
+{ .mfb; mov r8=r0 // return value
+(p6) br.ret.spnt.many b0 };;
+
+{ .mib; sub r10=r35,r0,1
+ .save ar.lc,r3
+ mov r3=ar.lc
+ brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16
+ }
+{ .mib; ADDP r14=0,r32 // rp
+ .save pr,r9
+ mov r9=pr };;
+ .body
+{ .mii; ADDP r15=0,r33 // ap
+ mov ar.lc=r10
+ mov ar.ec=6 }
+{ .mib; ADDP r16=0,r34 // bp
+ mov pr.rot=1<<16 };;
+
+.L_bn_add_words_ctop:
+{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++)
+ (p18) add r39=r37,r34
+ (p19) cmp.ltu.unc p56,p0=r40,r38 }
+{ .mfb; (p0) nop.m 0x0
+ (p0) nop.f 0x0
+ (p0) nop.b 0x0 }
+{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++)
+ (p58) cmp.eq.or p57,p0=-1,r41 // (p20)
+ (p58) add r41=1,r41 } // (p20)
+{ .mfb; (p21) st8 [r14]=r42,8 // *(rp++)=r
+ (p0) nop.f 0x0
+ br.ctop.sptk .L_bn_add_words_ctop };;
+.L_bn_add_words_cend:
+
+{ .mii;
+(p59) add r8=1,r8 // return value
+ mov pr=r9,0x1ffff
+ mov ar.lc=r3 }
+{ .mbb; nop.b 0x0
+ br.ret.sptk.many b0 };;
+.endp bn_add_words#
+
+//
+// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global bn_sub_words#
+.proc bn_sub_words#
+.align 64
+.skip 32 // makes the loop body aligned at 64-byte boundary
+bn_sub_words:
+ .prologue
+ .save ar.pfs,r2
+{ .mii; alloc r2=ar.pfs,4,12,0,16
+ cmp4.le p6,p0=r35,r0 };;
+{ .mfb; mov r8=r0 // return value
+(p6) br.ret.spnt.many b0 };;
+
+{ .mib; sub r10=r35,r0,1
+ .save ar.lc,r3
+ mov r3=ar.lc
+ brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+ }
+{ .mib; ADDP r14=0,r32 // rp
+ .save pr,r9
+ mov r9=pr };;
+ .body
+{ .mii; ADDP r15=0,r33 // ap
+ mov ar.lc=r10
+ mov ar.ec=6 }
+{ .mib; ADDP r16=0,r34 // bp
+ mov pr.rot=1<<16 };;
+
+.L_bn_sub_words_ctop:
+{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++)
+ (p18) sub r39=r37,r34
+ (p19) cmp.gtu.unc p56,p0=r40,r38 }
+{ .mfb; (p0) nop.m 0x0
+ (p0) nop.f 0x0
+ (p0) nop.b 0x0 }
+{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++)
+ (p58) cmp.eq.or p57,p0=0,r41 // (p20)
+ (p58) add r41=-1,r41 } // (p20)
+{ .mbb; (p21) st8 [r14]=r42,8 // *(rp++)=r
+ (p0) nop.b 0x0
+ br.ctop.sptk .L_bn_sub_words_ctop };;
+.L_bn_sub_words_cend:
+
+{ .mii;
+(p59) add r8=1,r8 // return value
+ mov pr=r9,0x1ffff
+ mov ar.lc=r3 }
+{ .mbb; nop.b 0x0
+ br.ret.sptk.many b0 };;
+.endp bn_sub_words#
+#endif
+
+#if 0
+#define XMA_TEMPTATION
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global bn_mul_words#
+.proc bn_mul_words#
+.align 64
+.skip 32 // makes the loop body aligned at 64-byte boundary
+bn_mul_words:
+ .prologue
+ .save ar.pfs,r2
+#ifdef XMA_TEMPTATION
+{ .mfi; alloc r2=ar.pfs,4,0,0,0 };;
+#else
+{ .mfi; alloc r2=ar.pfs,4,12,0,16 };;
+#endif
+{ .mib; mov r8=r0 // return value
+ cmp4.le p6,p0=r34,r0
+(p6) br.ret.spnt.many b0 };;
+
+{ .mii; sub r10=r34,r0,1
+ .save ar.lc,r3
+ mov r3=ar.lc
+ .save pr,r9
+ mov r9=pr };;
+
+ .body
+{ .mib; setf.sig f8=r35 // w
+ mov pr.rot=0x800001<<16
+ // ------^----- serves as (p50) at first (p27)
+ brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+ }
+
+#ifndef XMA_TEMPTATION
+
+{ .mmi; ADDP r14=0,r32 // rp
+ ADDP r15=0,r33 // ap
+ mov ar.lc=r10 }
+{ .mmi; mov r40=0 // serves as r35 at first (p27)
+ mov ar.ec=13 };;
+
+// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+// bypass L1 cache and L2 latency is actually best-case scenario for
+// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+// would give us ~5% in *overall* performance improvement on "wider"
+// IA-64, but would hurt Itanium for about same because of longer
+// epilogue. As it's a matter of few percents in either case I've
+// chosen to trade the scalability for development time (you can see
+// this very instruction sequence in bn_mul_add_words loop which in
+// turn is scalable).
+.L_bn_mul_words_ctop:
+{ .mfi; (p25) getf.sig r36=f52 // low
+ (p21) xmpy.lu f48=f37,f8
+ (p28) cmp.ltu p54,p50=r41,r39 }
+{ .mfi; (p16) ldf8 f32=[r15],8
+ (p21) xmpy.hu f40=f37,f8
+ (p0) nop.i 0x0 };;
+{ .mii; (p25) getf.sig r32=f44 // high
+ .pred.rel "mutex",p50,p54
+ (p50) add r40=r38,r35 // (p27)
+ (p54) add r40=r38,r35,1 } // (p27)
+{ .mfb; (p28) st8 [r14]=r41,8
+ (p0) nop.f 0x0
+ br.ctop.sptk .L_bn_mul_words_ctop };;
+.L_bn_mul_words_cend:
+
+{ .mii; nop.m 0x0
+.pred.rel "mutex",p51,p55
+(p51) add r8=r36,r0
+(p55) add r8=r36,r0,1 }
+{ .mfb; nop.m 0x0
+ nop.f 0x0
+ nop.b 0x0 }
+
+#else // XMA_TEMPTATION
+
+ setf.sig f37=r0 // serves as carry at (p18) tick
+ mov ar.lc=r10
+ mov ar.ec=5;;
+
+// Most of you examining this code very likely wonder why in the name
+// of Intel the following loop is commented out? Indeed, it looks so
+// neat that you find it hard to believe that it's something wrong
+// with it, right? The catch is that every iteration depends on the
+// result from previous one and the latter isn't available instantly.
+// The loop therefore spins at the latency of xma minus 1, or in other
+// words at 6*(n+4) ticks:-( Compare to the "production" loop above
+// that runs in 2*(n+11) where the low latency problem is worked around
+// by moving the dependency to one-tick latent interger ALU. Note that
+// "distance" between ldf8 and xma is not latency of ldf8, but the
+// *difference* between xma and ldf8 latencies.
+.L_bn_mul_words_ctop:
+{ .mfi; (p16) ldf8 f32=[r33],8
+ (p18) xma.hu f38=f34,f8,f39 }
+{ .mfb; (p20) stf8 [r32]=f37,8
+ (p18) xma.lu f35=f34,f8,f39
+ br.ctop.sptk .L_bn_mul_words_ctop };;
+.L_bn_mul_words_cend:
+
+ getf.sig r8=f41 // the return value
+
+#endif // XMA_TEMPTATION
+
+{ .mii; nop.m 0x0
+ mov pr=r9,0x1ffff
+ mov ar.lc=r3 }
+{ .mfb; rum 1<<5 // clear um.mfh
+ nop.f 0x0
+ br.ret.sptk.many b0 };;
+.endp bn_mul_words#
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global bn_mul_add_words#
+.proc bn_mul_add_words#
+.align 64
+.skip 48 // makes the loop body aligned at 64-byte boundary
+bn_mul_add_words:
+ .prologue
+ .save ar.pfs,r2
+{ .mmi; alloc r2=ar.pfs,4,4,0,8
+ cmp4.le p6,p0=r34,r0
+ .save ar.lc,r3
+ mov r3=ar.lc };;
+{ .mib; mov r8=r0 // return value
+ sub r10=r34,r0,1
+(p6) br.ret.spnt.many b0 };;
+
+{ .mib; setf.sig f8=r35 // w
+ .save pr,r9
+ mov r9=pr
+ brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+ }
+ .body
+{ .mmi; ADDP r14=0,r32 // rp
+ ADDP r15=0,r33 // ap
+ mov ar.lc=r10 }
+{ .mii; ADDP r16=0,r32 // rp copy
+ mov pr.rot=0x2001<<16
+ // ------^----- serves as (p40) at first (p27)
+ mov ar.ec=11 };;
+
+// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
+// Itanium 2. Yes, unlike previous versions it scales:-) Previous
+// version was peforming *all* additions in IALU and was starving
+// for those even on Itanium 2. In this version one addition is
+// moved to FPU and is folded with multiplication. This is at cost
+// of propogating the result from previous call to this subroutine
+// to L2 cache... In other words negligible even for shorter keys.
+// *Overall* performance improvement [over previous version] varies
+// from 11 to 22 percent depending on key length.
+.L_bn_mul_add_words_ctop:
+.pred.rel "mutex",p40,p42
+{ .mfi; (p23) getf.sig r36=f45 // low
+ (p20) xma.lu f42=f36,f8,f50 // low
+ (p40) add r39=r39,r35 } // (p27)
+{ .mfi; (p16) ldf8 f32=[r15],8 // *(ap++)
+ (p20) xma.hu f36=f36,f8,f50 // high
+ (p42) add r39=r39,r35,1 };; // (p27)
+{ .mmi; (p24) getf.sig r32=f40 // high
+ (p16) ldf8 f46=[r16],8 // *(rp1++)
+ (p40) cmp.ltu p41,p39=r39,r35 } // (p27)
+{ .mib; (p26) st8 [r14]=r39,8 // *(rp2++)
+ (p42) cmp.leu p41,p39=r39,r35 // (p27)
+ br.ctop.sptk .L_bn_mul_add_words_ctop};;
+.L_bn_mul_add_words_cend:
+
+{ .mmi; .pred.rel "mutex",p40,p42
+(p40) add r8=r35,r0
+(p42) add r8=r35,r0,1
+ mov pr=r9,0x1ffff }
+{ .mib; rum 1<<5 // clear um.mfh
+ mov ar.lc=r3
+ br.ret.sptk.many b0 };;
+.endp bn_mul_add_words#
+#endif
+
+#if 1
+//
+// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+//
+.global bn_sqr_words#
+.proc bn_sqr_words#
+.align 64
+.skip 32 // makes the loop body aligned at 64-byte boundary
+bn_sqr_words:
+ .prologue
+ .save ar.pfs,r2
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+ sxt4 r34=r34 };;
+{ .mii; cmp.le p6,p0=r34,r0
+ mov r8=r0 } // return value
+{ .mfb; ADDP r32=0,r32
+ nop.f 0x0
+(p6) br.ret.spnt.many b0 };;
+
+{ .mii; sub r10=r34,r0,1
+ .save ar.lc,r3
+ mov r3=ar.lc
+ .save pr,r9
+ mov r9=pr };;
+
+ .body
+{ .mib; ADDP r33=0,r33
+ mov pr.rot=1<<16
+ brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+ }
+{ .mii; add r34=8,r32
+ mov ar.lc=r10
+ mov ar.ec=18 };;
+
+// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
+// possible to compress the epilogue (I'm getting tired to write this
+// comment over and over) and get down to 2*n+16 at the cost of
+// scalability. The decision will very likely be reconsidered after the
+// benchmark program is profiled. I.e. if perfomance gain on Itanium
+// will appear larger than loss on "wider" IA-64, then the loop should
+// be explicitely split and the epilogue compressed.
+.L_bn_sqr_words_ctop:
+{ .mfi; (p16) ldf8 f32=[r33],8
+ (p25) xmpy.lu f42=f41,f41
+ (p0) nop.i 0x0 }
+{ .mib; (p33) stf8 [r32]=f50,16
+ (p0) nop.i 0x0
+ (p0) nop.b 0x0 }
+{ .mfi; (p0) nop.m 0x0
+ (p25) xmpy.hu f52=f41,f41
+ (p0) nop.i 0x0 }
+{ .mib; (p33) stf8 [r34]=f60,16
+ (p0) nop.i 0x0
+ br.ctop.sptk .L_bn_sqr_words_ctop };;
+.L_bn_sqr_words_cend:
+
+{ .mii; nop.m 0x0
+ mov pr=r9,0x1ffff
+ mov ar.lc=r3 }
+{ .mfb; rum 1<<5 // clear um.mfh
+ nop.f 0x0
+ br.ret.sptk.many b0 };;
+.endp bn_sqr_words#
+#endif
+
+#if 1
+// Apparently we win nothing by implementing special bn_sqr_comba8.
+// Yes, it is possible to reduce the number of multiplications by
+// almost factor of two, but then the amount of additions would
+// increase by factor of two (as we would have to perform those
+// otherwise performed by xma ourselves). Normally we would trade
+// anyway as multiplications are way more expensive, but not this
+// time... Multiplication kernel is fully pipelined and as we drain
+// one 128-bit multiplication result per clock cycle multiplications
+// are effectively as inexpensive as additions. Special implementation
+// might become of interest for "wider" IA-64 implementation as you'll
+// be able to get through the multiplication phase faster (there won't
+// be any stall issues as discussed in the commentary section below and
+// you therefore will be able to employ all 4 FP units)... But these
+// Itanium days it's simply too hard to justify the effort so I just
+// drop down to bn_mul_comba8 code:-)
+//
+// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+//
+.global bn_sqr_comba8#
+.proc bn_sqr_comba8#
+.align 64
+bn_sqr_comba8:
+ .prologue
+ .save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+ addp4 r33=0,r33
+ addp4 r32=0,r32 };;
+{ .mii;
+#else
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+#endif
+ mov r34=r33
+ add r14=8,r33 };;
+ .body
+{ .mii; add r17=8,r34
+ add r15=16,r33
+ add r18=16,r34 }
+{ .mfb; add r16=24,r33
+ br .L_cheat_entry_point8 };;
+.endp bn_sqr_comba8#
+#endif
+
+#if 1
+// I've estimated this routine to run in ~120 ticks, but in reality
+// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
+// cycles consumed for instructions fetch? Or did I misinterpret some
+// clause in Itanium \xB5-architecture manual? Comments are welcomed and
+// highly appreciated.
+//
+// On Itanium 2 it takes ~190 ticks. This is because of stalls on
+// result from getf.sig. I do nothing about it at this point for
+// reasons depicted below.
+//
+// However! It should be noted that even 160 ticks is darn good result
+// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
+// C version (compiled with gcc with inline assembler). I really
+// kicked compiler's butt here, didn't I? Yeah! This brings us to the
+// following statement. It's damn shame that this routine isn't called
+// very often nowadays! According to the profiler most CPU time is
+// consumed by bn_mul_add_words called from BN_from_montgomery. In
+// order to estimate what we're missing, I've compared the performance
+// of this routine against "traditional" implementation, i.e. against
+// following routine:
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+// { r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]);
+// r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+// r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+// r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+// r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+// r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+// r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+// r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+// }
+//
+// The one below is over 8 times faster than the one above:-( Even
+// more reasons to "combafy" bn_mul_add_mont...
+//
+// And yes, this routine really made me wish there were an optimizing
+// assembler! It also feels like it deserves a dedication.
+//
+// To my wife for being there and to my kids...
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define carry1 r14
+#define carry2 r15
+#define carry3 r34
+.global bn_mul_comba8#
+.proc bn_mul_comba8#
+.align 64
+bn_mul_comba8:
+ .prologue
+ .save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+ addp4 r33=0,r33
+ addp4 r34=0,r34 };;
+{ .mii; addp4 r32=0,r32
+#else
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+#endif
+ add r14=8,r33
+ add r17=8,r34 }
+ .body
+{ .mii; add r15=16,r33
+ add r18=16,r34
+ add r16=24,r33 }
+.L_cheat_entry_point8:
+{ .mmi; add r19=24,r34
+
+ ldf8 f32=[r33],32 };;
+
+{ .mmi; ldf8 f120=[r34],32
+ ldf8 f121=[r17],32 }
+{ .mmi; ldf8 f122=[r18],32
+ ldf8 f123=[r19],32 };;
+{ .mmi; ldf8 f124=[r34]
+ ldf8 f125=[r17] }
+{ .mmi; ldf8 f126=[r18]
+ ldf8 f127=[r19] }
+
+{ .mmi; ldf8 f33=[r14],32
+ ldf8 f34=[r15],32 }
+{ .mmi; ldf8 f35=[r16],32;;
+ ldf8 f36=[r33] }
+{ .mmi; ldf8 f37=[r14]
+ ldf8 f38=[r15] }
+{ .mfi; ldf8 f39=[r16]
+// -------\ Entering multiplier's heaven /-------
+// ------------\ /------------
+// -----------------\ /-----------------
+// ----------------------\/----------------------
+ xma.hu f41=f32,f120,f0 }
+{ .mfi; xma.lu f40=f32,f120,f0 };; // (*)
+{ .mfi; xma.hu f51=f32,f121,f0 }
+{ .mfi; xma.lu f50=f32,f121,f0 };;
+{ .mfi; xma.hu f61=f32,f122,f0 }
+{ .mfi; xma.lu f60=f32,f122,f0 };;
+{ .mfi; xma.hu f71=f32,f123,f0 }
+{ .mfi; xma.lu f70=f32,f123,f0 };;
+{ .mfi; xma.hu f81=f32,f124,f0 }
+{ .mfi; xma.lu f80=f32,f124,f0 };;
+{ .mfi; xma.hu f91=f32,f125,f0 }
+{ .mfi; xma.lu f90=f32,f125,f0 };;
+{ .mfi; xma.hu f101=f32,f126,f0 }
+{ .mfi; xma.lu f100=f32,f126,f0 };;
+{ .mfi; xma.hu f111=f32,f127,f0 }
+{ .mfi; xma.lu f110=f32,f127,f0 };;//
+// (*) You can argue that splitting at every second bundle would
+// prevent "wider" IA-64 implementations from achieving the peak
+// performance. Well, not really... The catch is that if you
+// intend to keep 4 FP units busy by splitting at every fourth
+// bundle and thus perform these 16 multiplications in 4 ticks,
+// the first bundle *below* would stall because the result from
+// the first xma bundle *above* won't be available for another 3
+// ticks (if not more, being an optimist, I assume that "wider"
+// implementation will have same latency:-). This stall will hold
+// you back and the performance would be as if every second bundle
+// were split *anyway*...
+{ .mfi; getf.sig r16=f40
+ xma.hu f42=f33,f120,f41
+ add r33=8,r32 }
+{ .mfi; xma.lu f41=f33,f120,f41 };;
+{ .mfi; getf.sig r24=f50
+ xma.hu f52=f33,f121,f51 }
+{ .mfi; xma.lu f51=f33,f121,f51 };;
+{ .mfi; st8 [r32]=r16,16
+ xma.hu f62=f33,f122,f61 }
+{ .mfi; xma.lu f61=f33,f122,f61 };;
+{ .mfi; xma.hu f72=f33,f123,f71 }
+{ .mfi; xma.lu f71=f33,f123,f71 };;
+{ .mfi; xma.hu f82=f33,f124,f81 }
+{ .mfi; xma.lu f81=f33,f124,f81 };;
+{ .mfi; xma.hu f92=f33,f125,f91 }
+{ .mfi; xma.lu f91=f33,f125,f91 };;
+{ .mfi; xma.hu f102=f33,f126,f101 }
+{ .mfi; xma.lu f101=f33,f126,f101 };;
+{ .mfi; xma.hu f112=f33,f127,f111 }
+{ .mfi; xma.lu f111=f33,f127,f111 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r25=f41
+ xma.hu f43=f34,f120,f42 }
+{ .mfi; xma.lu f42=f34,f120,f42 };;
+{ .mfi; getf.sig r16=f60
+ xma.hu f53=f34,f121,f52 }
+{ .mfi; xma.lu f52=f34,f121,f52 };;
+{ .mfi; getf.sig r17=f51
+ xma.hu f63=f34,f122,f62
+ add r25=r25,r24 }
+{ .mfi; xma.lu f62=f34,f122,f62
+ mov carry1=0 };;
+{ .mfi; cmp.ltu p6,p0=r25,r24
+ xma.hu f73=f34,f123,f72 }
+{ .mfi; xma.lu f72=f34,f123,f72 };;
+{ .mfi; st8 [r33]=r25,16
+ xma.hu f83=f34,f124,f82
+(p6) add carry1=1,carry1 }
+{ .mfi; xma.lu f82=f34,f124,f82 };;
+{ .mfi; xma.hu f93=f34,f125,f92 }
+{ .mfi; xma.lu f92=f34,f125,f92 };;
+{ .mfi; xma.hu f103=f34,f126,f102 }
+{ .mfi; xma.lu f102=f34,f126,f102 };;
+{ .mfi; xma.hu f113=f34,f127,f112 }
+{ .mfi; xma.lu f112=f34,f127,f112 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r18=f42
+ xma.hu f44=f35,f120,f43
+ add r17=r17,r16 }
+{ .mfi; xma.lu f43=f35,f120,f43 };;
+{ .mfi; getf.sig r24=f70
+ xma.hu f54=f35,f121,f53 }
+{ .mfi; mov carry2=0
+ xma.lu f53=f35,f121,f53 };;
+{ .mfi; getf.sig r25=f61
+ xma.hu f64=f35,f122,f63
+ cmp.ltu p7,p0=r17,r16 }
+{ .mfi; add r18=r18,r17
+ xma.lu f63=f35,f122,f63 };;
+{ .mfi; getf.sig r26=f52
+ xma.hu f74=f35,f123,f73
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r18,r17
+ xma.lu f73=f35,f123,f73
+ add r18=r18,carry1 };;
+{ .mfi;
+ xma.hu f84=f35,f124,f83
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r18,carry1
+ xma.lu f83=f35,f124,f83 };;
+{ .mfi; st8 [r32]=r18,16
+ xma.hu f94=f35,f125,f93
+(p7) add carry2=1,carry2 }
+{ .mfi; xma.lu f93=f35,f125,f93 };;
+{ .mfi; xma.hu f104=f35,f126,f103 }
+{ .mfi; xma.lu f103=f35,f126,f103 };;
+{ .mfi; xma.hu f114=f35,f127,f113 }
+{ .mfi; mov carry1=0
+ xma.lu f113=f35,f127,f113
+ add r25=r25,r24 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r27=f43
+ xma.hu f45=f36,f120,f44
+ cmp.ltu p6,p0=r25,r24 }
+{ .mfi; xma.lu f44=f36,f120,f44
+ add r26=r26,r25 };;
+{ .mfi; getf.sig r16=f80
+ xma.hu f55=f36,f121,f54
+(p6) add carry1=1,carry1 }
+{ .mfi; xma.lu f54=f36,f121,f54 };;
+{ .mfi; getf.sig r17=f71
+ xma.hu f65=f36,f122,f64
+ cmp.ltu p6,p0=r26,r25 }
+{ .mfi; xma.lu f64=f36,f122,f64
+ add r27=r27,r26 };;
+{ .mfi; getf.sig r18=f62
+ xma.hu f75=f36,f123,f74
+(p6) add carry1=1,carry1 }
+{ .mfi; cmp.ltu p6,p0=r27,r26
+ xma.lu f74=f36,f123,f74
+ add r27=r27,carry2 };;
+{ .mfi; getf.sig r19=f53
+ xma.hu f85=f36,f124,f84
+(p6) add carry1=1,carry1 }
+{ .mfi; xma.lu f84=f36,f124,f84
+ cmp.ltu p6,p0=r27,carry2 };;
+{ .mfi; st8 [r33]=r27,16
+ xma.hu f95=f36,f125,f94
+(p6) add carry1=1,carry1 }
+{ .mfi; xma.lu f94=f36,f125,f94 };;
+{ .mfi; xma.hu f105=f36,f126,f104 }
+{ .mfi; mov carry2=0
+ xma.lu f104=f36,f126,f104
+ add r17=r17,r16 };;
+{ .mfi; xma.hu f115=f36,f127,f114
+ cmp.ltu p7,p0=r17,r16 }
+{ .mfi; xma.lu f114=f36,f127,f114
+ add r18=r18,r17 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r20=f44
+ xma.hu f46=f37,f120,f45
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r18,r17
+ xma.lu f45=f37,f120,f45
+ add r19=r19,r18 };;
+{ .mfi; getf.sig r24=f90
+ xma.hu f56=f37,f121,f55 }
+{ .mfi; xma.lu f55=f37,f121,f55 };;
+{ .mfi; getf.sig r25=f81
+ xma.hu f66=f37,f122,f65
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r19,r18
+ xma.lu f65=f37,f122,f65
+ add r20=r20,r19 };;
+{ .mfi; getf.sig r26=f72
+ xma.hu f76=f37,f123,f75
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r20,r19
+ xma.lu f75=f37,f123,f75
+ add r20=r20,carry1 };;
+{ .mfi; getf.sig r27=f63
+ xma.hu f86=f37,f124,f85
+(p7) add carry2=1,carry2 }
+{ .mfi; xma.lu f85=f37,f124,f85
+ cmp.ltu p7,p0=r20,carry1 };;
+{ .mfi; getf.sig r28=f54
+ xma.hu f96=f37,f125,f95
+(p7) add carry2=1,carry2 }
+{ .mfi; st8 [r32]=r20,16
+ xma.lu f95=f37,f125,f95 };;
+{ .mfi; xma.hu f106=f37,f126,f105 }
+{ .mfi; mov carry1=0
+ xma.lu f105=f37,f126,f105
+ add r25=r25,r24 };;
+{ .mfi; xma.hu f116=f37,f127,f115
+ cmp.ltu p6,p0=r25,r24 }
+{ .mfi; xma.lu f115=f37,f127,f115
+ add r26=r26,r25 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r29=f45
+ xma.hu f47=f38,f120,f46
+(p6) add carry1=1,carry1 }
+{ .mfi; cmp.ltu p6,p0=r26,r25
+ xma.lu f46=f38,f120,f46
+ add r27=r27,r26 };;
+{ .mfi; getf.sig r16=f100
+ xma.hu f57=f38,f121,f56
+(p6) add carry1=1,carry1 }
+{ .mfi; cmp.ltu p6,p0=r27,r26
+ xma.lu f56=f38,f121,f56
+ add r28=r28,r27 };;
+{ .mfi; getf.sig r17=f91
+ xma.hu f67=f38,f122,f66
+(p6) add carry1=1,carry1 }
+{ .mfi; cmp.ltu p6,p0=r28,r27
+ xma.lu f66=f38,f122,f66
+ add r29=r29,r28 };;
+{ .mfi; getf.sig r18=f82
+ xma.hu f77=f38,f123,f76
+(p6) add carry1=1,carry1 }
+{ .mfi; cmp.ltu p6,p0=r29,r28
+ xma.lu f76=f38,f123,f76
+ add r29=r29,carry2 };;
+{ .mfi; getf.sig r19=f73
+ xma.hu f87=f38,f124,f86
+(p6) add carry1=1,carry1 }
+{ .mfi; xma.lu f86=f38,f124,f86
+ cmp.ltu p6,p0=r29,carry2 };;
+{ .mfi; getf.sig r20=f64
+ xma.hu f97=f38,f125,f96
+(p6) add carry1=1,carry1 }
+{ .mfi; st8 [r33]=r29,16
+ xma.lu f96=f38,f125,f96 };;
+{ .mfi; getf.sig r21=f55
+ xma.hu f107=f38,f126,f106 }
+{ .mfi; mov carry2=0
+ xma.lu f106=f38,f126,f106
+ add r17=r17,r16 };;
+{ .mfi; xma.hu f117=f38,f127,f116
+ cmp.ltu p7,p0=r17,r16 }
+{ .mfi; xma.lu f116=f38,f127,f116
+ add r18=r18,r17 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r22=f46
+ xma.hu f48=f39,f120,f47
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r18,r17
+ xma.lu f47=f39,f120,f47
+ add r19=r19,r18 };;
+{ .mfi; getf.sig r24=f110
+ xma.hu f58=f39,f121,f57
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r19,r18
+ xma.lu f57=f39,f121,f57
+ add r20=r20,r19 };;
+{ .mfi; getf.sig r25=f101
+ xma.hu f68=f39,f122,f67
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r20,r19
+ xma.lu f67=f39,f122,f67
+ add r21=r21,r20 };;
+{ .mfi; getf.sig r26=f92
+ xma.hu f78=f39,f123,f77
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r21,r20
+ xma.lu f77=f39,f123,f77
+ add r22=r22,r21 };;
+{ .mfi; getf.sig r27=f83
+ xma.hu f88=f39,f124,f87
+(p7) add carry2=1,carry2 }
+{ .mfi; cmp.ltu p7,p0=r22,r21
+ xma.lu f87=f39,f124,f87
+ add r22=r22,carry1 };;
+{ .mfi; getf.sig r28=f74
+ xma.hu f98=f39,f125,f97
+(p7) add carry2=1,carry2 }
+{ .mfi; xma.lu f97=f39,f125,f97
+ cmp.ltu p7,p0=r22,carry1 };;
+{ .mfi; getf.sig r29=f65
+ xma.hu f108=f39,f126,f107
+(p7) add carry2=1,carry2 }
+{ .mfi; st8 [r32]=r22,16
+ xma.lu f107=f39,f126,f107 };;
+{ .mfi; getf.sig r30=f56
+ xma.hu f118=f39,f127,f117 }
+{ .mfi; xma.lu f117=f39,f127,f117 };;//
+//-------------------------------------------------//
+// Leaving muliplier's heaven... Quite a ride, huh?
+
+{ .mii; getf.sig r31=f47
+ add r25=r25,r24
+ mov carry1=0 };;
+{ .mii; getf.sig r16=f111
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mfb; getf.sig r17=f102 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r27=r27,r26 };;
+{ .mfb; nop.m 0x0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r27,r26
+ add r28=r28,r27 };;
+{ .mii; getf.sig r18=f93
+ add r17=r17,r16
+ mov carry3=0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r28,r27
+ add r29=r29,r28 };;
+{ .mii; getf.sig r19=f84
+ cmp.ltu p7,p0=r17,r16 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r29,r28
+ add r30=r30,r29 };;
+{ .mii; getf.sig r20=f75
+ add r18=r18,r17 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r30,r29
+ add r31=r31,r30 };;
+{ .mfb; getf.sig r21=f66 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r18,r17
+ add r19=r19,r18 }
+{ .mfb; nop.m 0x0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r31,r30
+ add r31=r31,carry2 };;
+{ .mfb; getf.sig r22=f57 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r19,r18
+ add r20=r20,r19 }
+{ .mfb; nop.m 0x0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r31,carry2 };;
+{ .mfb; getf.sig r23=f48 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r20,r19
+ add r21=r21,r20 }
+{ .mii;
+(p6) add carry1=1,carry1 }
+{ .mfb; st8 [r33]=r31,16 };;
+
+{ .mfb; getf.sig r24=f112 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r21,r20
+ add r22=r22,r21 };;
+{ .mfb; getf.sig r25=f103 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r22,r21
+ add r23=r23,r22 };;
+{ .mfb; getf.sig r26=f94 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r23,r22
+ add r23=r23,carry1 };;
+{ .mfb; getf.sig r27=f85 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p8=r23,carry1};;
+{ .mii; getf.sig r28=f76
+ add r25=r25,r24
+ mov carry1=0 }
+{ .mii; st8 [r32]=r23,16
+ (p7) add carry2=1,carry3
+ (p8) add carry2=0,carry3 };;
+
+{ .mfb; nop.m 0x0 }
+{ .mii; getf.sig r29=f67
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mfb; getf.sig r30=f58 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r27=r27,r26 };;
+{ .mfb; getf.sig r16=f113 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r27,r26
+ add r28=r28,r27 };;
+{ .mfb; getf.sig r17=f104 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r28,r27
+ add r29=r29,r28 };;
+{ .mfb; getf.sig r18=f95 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r29,r28
+ add r30=r30,r29 };;
+{ .mii; getf.sig r19=f86
+ add r17=r17,r16
+ mov carry3=0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r30,r29
+ add r30=r30,carry2 };;
+{ .mii; getf.sig r20=f77
+ cmp.ltu p7,p0=r17,r16
+ add r18=r18,r17 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r30,carry2 };;
+{ .mfb; getf.sig r21=f68 }
+{ .mii; st8 [r33]=r30,16
+(p6) add carry1=1,carry1 };;
+
+{ .mfb; getf.sig r24=f114 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r18,r17
+ add r19=r19,r18 };;
+{ .mfb; getf.sig r25=f105 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r19,r18
+ add r20=r20,r19 };;
+{ .mfb; getf.sig r26=f96 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r20,r19
+ add r21=r21,r20 };;
+{ .mfb; getf.sig r27=f87 }
+{ .mii; (p7) add carry3=1,carry3
+ cmp.ltu p7,p0=r21,r20
+ add r21=r21,carry1 };;
+{ .mib; getf.sig r28=f78
+ add r25=r25,r24 }
+{ .mib; (p7) add carry3=1,carry3
+ cmp.ltu p7,p8=r21,carry1};;
+{ .mii; st8 [r32]=r21,16
+ (p7) add carry2=1,carry3
+ (p8) add carry2=0,carry3 }
+
+{ .mii; mov carry1=0
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mfb; getf.sig r16=f115 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r27=r27,r26 };;
+{ .mfb; getf.sig r17=f106 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r27,r26
+ add r28=r28,r27 };;
+{ .mfb; getf.sig r18=f97 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r28,r27
+ add r28=r28,carry2 };;
+{ .mib; getf.sig r19=f88
+ add r17=r17,r16 }
+{ .mib;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r28,carry2 };;
+{ .mii; st8 [r33]=r28,16
+(p6) add carry1=1,carry1 }
+
+{ .mii; mov carry2=0
+ cmp.ltu p7,p0=r17,r16
+ add r18=r18,r17 };;
+{ .mfb; getf.sig r24=f116 }
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r18,r17
+ add r19=r19,r18 };;
+{ .mfb; getf.sig r25=f107 }
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r19,r18
+ add r19=r19,carry1 };;
+{ .mfb; getf.sig r26=f98 }
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r19,carry1};;
+{ .mii; st8 [r32]=r19,16
+ (p7) add carry2=1,carry2 }
+
+{ .mfb; add r25=r25,r24 };;
+
+{ .mfb; getf.sig r16=f117 }
+{ .mii; mov carry1=0
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mfb; getf.sig r17=f108 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r26=r26,carry2 };;
+{ .mfb; nop.m 0x0 }
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,carry2 };;
+{ .mii; st8 [r33]=r26,16
+(p6) add carry1=1,carry1 }
+
+{ .mfb; add r17=r17,r16 };;
+{ .mfb; getf.sig r24=f118 }
+{ .mii; mov carry2=0
+ cmp.ltu p7,p0=r17,r16
+ add r17=r17,carry1 };;
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r17,carry1};;
+{ .mii; st8 [r32]=r17
+ (p7) add carry2=1,carry2 };;
+{ .mfb; add r24=r24,carry2 };;
+{ .mib; st8 [r33]=r24 }
+
+{ .mib; rum 1<<5 // clear um.mfh
+ br.ret.sptk.many b0 };;
+.endp bn_mul_comba8#
+#undef carry3
+#undef carry2
+#undef carry1
+#endif
+
+#if 1
+// It's possible to make it faster (see comment to bn_sqr_comba8), but
+// I reckon it doesn't worth the effort. Basically because the routine
+// (actually both of them) practically never called... So I just play
+// same trick as with bn_sqr_comba8.
+//
+// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+//
+.global bn_sqr_comba4#
+.proc bn_sqr_comba4#
+.align 64
+bn_sqr_comba4:
+ .prologue
+ .save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+ addp4 r32=0,r32
+ addp4 r33=0,r33 };;
+{ .mii;
+#else
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+#endif
+ mov r34=r33
+ add r14=8,r33 };;
+ .body
+{ .mii; add r17=8,r34
+ add r15=16,r33
+ add r18=16,r34 }
+{ .mfb; add r16=24,r33
+ br .L_cheat_entry_point4 };;
+.endp bn_sqr_comba4#
+#endif
+
+#if 1
+// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
+//
+// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define carry1 r14
+#define carry2 r15
+.global bn_mul_comba4#
+.proc bn_mul_comba4#
+.align 64
+bn_mul_comba4:
+ .prologue
+ .save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+ addp4 r33=0,r33
+ addp4 r34=0,r34 };;
+{ .mii; addp4 r32=0,r32
+#else
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+#endif
+ add r14=8,r33
+ add r17=8,r34 }
+ .body
+{ .mii; add r15=16,r33
+ add r18=16,r34
+ add r16=24,r33 };;
+.L_cheat_entry_point4:
+{ .mmi; add r19=24,r34
+
+ ldf8 f32=[r33] }
+
+{ .mmi; ldf8 f120=[r34]
+ ldf8 f121=[r17] };;
+{ .mmi; ldf8 f122=[r18]
+ ldf8 f123=[r19] }
+
+{ .mmi; ldf8 f33=[r14]
+ ldf8 f34=[r15] }
+{ .mfi; ldf8 f35=[r16]
+
+ xma.hu f41=f32,f120,f0 }
+{ .mfi; xma.lu f40=f32,f120,f0 };;
+{ .mfi; xma.hu f51=f32,f121,f0 }
+{ .mfi; xma.lu f50=f32,f121,f0 };;
+{ .mfi; xma.hu f61=f32,f122,f0 }
+{ .mfi; xma.lu f60=f32,f122,f0 };;
+{ .mfi; xma.hu f71=f32,f123,f0 }
+{ .mfi; xma.lu f70=f32,f123,f0 };;//
+// Major stall takes place here, and 3 more places below. Result from
+// first xma is not available for another 3 ticks.
+{ .mfi; getf.sig r16=f40
+ xma.hu f42=f33,f120,f41
+ add r33=8,r32 }
+{ .mfi; xma.lu f41=f33,f120,f41 };;
+{ .mfi; getf.sig r24=f50
+ xma.hu f52=f33,f121,f51 }
+{ .mfi; xma.lu f51=f33,f121,f51 };;
+{ .mfi; st8 [r32]=r16,16
+ xma.hu f62=f33,f122,f61 }
+{ .mfi; xma.lu f61=f33,f122,f61 };;
+{ .mfi; xma.hu f72=f33,f123,f71 }
+{ .mfi; xma.lu f71=f33,f123,f71 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r25=f41
+ xma.hu f43=f34,f120,f42 }
+{ .mfi; xma.lu f42=f34,f120,f42 };;
+{ .mfi; getf.sig r16=f60
+ xma.hu f53=f34,f121,f52 }
+{ .mfi; xma.lu f52=f34,f121,f52 };;
+{ .mfi; getf.sig r17=f51
+ xma.hu f63=f34,f122,f62
+ add r25=r25,r24 }
+{ .mfi; mov carry1=0
+ xma.lu f62=f34,f122,f62 };;
+{ .mfi; st8 [r33]=r25,16
+ xma.hu f73=f34,f123,f72
+ cmp.ltu p6,p0=r25,r24 }
+{ .mfi; xma.lu f72=f34,f123,f72 };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig r18=f42
+ xma.hu f44=f35,f120,f43
+(p6) add carry1=1,carry1 }
+{ .mfi; add r17=r17,r16
+ xma.lu f43=f35,f120,f43
+ mov carry2=0 };;
+{ .mfi; getf.sig r24=f70
+ xma.hu f54=f35,f121,f53
+ cmp.ltu p7,p0=r17,r16 }
+{ .mfi; xma.lu f53=f35,f121,f53 };;
+{ .mfi; getf.sig r25=f61
+ xma.hu f64=f35,f122,f63
+ add r18=r18,r17 }
+{ .mfi; xma.lu f63=f35,f122,f63
+(p7) add carry2=1,carry2 };;
+{ .mfi; getf.sig r26=f52
+ xma.hu f74=f35,f123,f73
+ cmp.ltu p7,p0=r18,r17 }
+{ .mfi; xma.lu f73=f35,f123,f73
+ add r18=r18,carry1 };;
+//-------------------------------------------------//
+{ .mii; st8 [r32]=r18,16
+(p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r18,carry1 };;
+
+{ .mfi; getf.sig r27=f43 // last major stall
+(p7) add carry2=1,carry2 };;
+{ .mii; getf.sig r16=f71
+ add r25=r25,r24
+ mov carry1=0 };;
+{ .mii; getf.sig r17=f62
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r27=r27,r26 };;
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r27,r26
+ add r27=r27,carry2 };;
+{ .mii; getf.sig r18=f53
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r27,carry2 };;
+{ .mfi; st8 [r33]=r27,16
+(p6) add carry1=1,carry1 }
+
+{ .mii; getf.sig r19=f44
+ add r17=r17,r16
+ mov carry2=0 };;
+{ .mii; getf.sig r24=f72
+ cmp.ltu p7,p0=r17,r16
+ add r18=r18,r17 };;
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r18,r17
+ add r19=r19,r18 };;
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r19,r18
+ add r19=r19,carry1 };;
+{ .mii; getf.sig r25=f63
+ (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r19,carry1};;
+{ .mii; st8 [r32]=r19,16
+ (p7) add carry2=1,carry2 }
+
+{ .mii; getf.sig r26=f54
+ add r25=r25,r24
+ mov carry1=0 };;
+{ .mii; getf.sig r16=f73
+ cmp.ltu p6,p0=r25,r24
+ add r26=r26,r25 };;
+{ .mii;
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,r25
+ add r26=r26,carry2 };;
+{ .mii; getf.sig r17=f64
+(p6) add carry1=1,carry1
+ cmp.ltu p6,p0=r26,carry2 };;
+{ .mii; st8 [r33]=r26,16
+(p6) add carry1=1,carry1 }
+
+{ .mii; getf.sig r24=f74
+ add r17=r17,r16
+ mov carry2=0 };;
+{ .mii; cmp.ltu p7,p0=r17,r16
+ add r17=r17,carry1 };;
+
+{ .mii; (p7) add carry2=1,carry2
+ cmp.ltu p7,p0=r17,carry1};;
+{ .mii; st8 [r32]=r17,16
+ (p7) add carry2=1,carry2 };;
+
+{ .mii; add r24=r24,carry2 };;
+{ .mii; st8 [r33]=r24 }
+
+{ .mib; rum 1<<5 // clear um.mfh
+ br.ret.sptk.many b0 };;
+.endp bn_mul_comba4#
+#undef carry2
+#undef carry1
+#endif
+
+#if 1
+//
+// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+//
+// In the nutshell it's a port of my MIPS III/IV implementation.
+//
+#define AT r14
+#define H r16
+#define HH r20
+#define L r17
+#define D r18
+#define DH r22
+#define I r21
+
+#if 0
+// Some preprocessors (most notably HP-UX) appear to be allergic to
+// macros enclosed to parenthesis [as these three were].
+#define cont p16
+#define break p0 // p20
+#define equ p24
+#else
+cont=p16
+break=p0
+equ=p24
+#endif
+
+.global abort#
+.global bn_div_words#
+.proc bn_div_words#
+.align 64
+bn_div_words:
+ .prologue
+ .save ar.pfs,r2
+{ .mii; alloc r2=ar.pfs,3,5,0,8
+ .save b0,r3
+ mov r3=b0
+ .save pr,r10
+ mov r10=pr };;
+{ .mmb; cmp.eq p6,p0=r34,r0
+ mov r8=-1
+(p6) br.ret.spnt.many b0 };;
+
+ .body
+{ .mii; mov H=r32 // save h
+ mov ar.ec=0 // don't rotate at exit
+ mov pr.rot=0 }
+{ .mii; mov L=r33 // save l
+ mov r36=r0 };;
+
+.L_divw_shift: // -vv- note signed comparison
+{ .mfi; (p0) cmp.lt p16,p0=r0,r34 // d
+ (p0) shladd r33=r34,1,r0 }
+{ .mfb; (p0) add r35=1,r36
+ (p0) nop.f 0x0
+(p16) br.wtop.dpnt .L_divw_shift };;
+
+{ .mii; mov D=r34
+ shr.u DH=r34,32
+ sub r35=64,r36 };;
+{ .mii; setf.sig f7=DH
+ shr.u AT=H,r35
+ mov I=r36 };;
+{ .mib; cmp.ne p6,p0=r0,AT
+ shl H=H,r36
+(p6) br.call.spnt.clr b0=abort };; // overflow, die...
+
+{ .mfi; fcvt.xuf.s1 f7=f7
+ shr.u AT=L,r35 };;
+{ .mii; shl L=L,r36
+ or H=H,AT };;
+
+{ .mii; nop.m 0x0
+ cmp.leu p6,p0=D,H;;
+(p6) sub H=H,D }
+
+{ .mlx; setf.sig f14=D
+ movl AT=0xffffffff };;
+///////////////////////////////////////////////////////////
+{ .mii; setf.sig f6=H
+ shr.u HH=H,32;;
+ cmp.eq p6,p7=HH,DH };;
+{ .mfb;
+(p6) setf.sig f8=AT
+(p7) fcvt.xuf.s1 f6=f6
+(p7) br.call.sptk b6=.L_udiv64_32_b6 };;
+
+{ .mfi; getf.sig r33=f8 // q
+ xmpy.lu f9=f8,f14 }
+{ .mfi; xmpy.hu f10=f8,f14
+ shrp H=H,L,32 };;
+
+{ .mmi; getf.sig r35=f9 // tl
+ getf.sig r31=f10 };; // th
+
+.L_divw_1st_iter:
+{ .mii; (p0) add r32=-1,r33
+ (p0) cmp.eq equ,cont=HH,r31 };;
+{ .mii; (p0) cmp.ltu p8,p0=r35,D
+ (p0) sub r34=r35,D
+ (equ) cmp.leu break,cont=r35,H };;
+{ .mib; (cont) cmp.leu cont,break=HH,r31
+ (p8) add r31=-1,r31
+(cont) br.wtop.spnt .L_divw_1st_iter };;
+///////////////////////////////////////////////////////////
+{ .mii; sub H=H,r35
+ shl r8=r33,32
+ shl L=L,32 };;
+///////////////////////////////////////////////////////////
+{ .mii; setf.sig f6=H
+ shr.u HH=H,32;;
+ cmp.eq p6,p7=HH,DH };;
+{ .mfb;
+(p6) setf.sig f8=AT
+(p7) fcvt.xuf.s1 f6=f6
+(p7) br.call.sptk b6=.L_udiv64_32_b6 };;
+
+{ .mfi; getf.sig r33=f8 // q
+ xmpy.lu f9=f8,f14 }
+{ .mfi; xmpy.hu f10=f8,f14
+ shrp H=H,L,32 };;
+
+{ .mmi; getf.sig r35=f9 // tl
+ getf.sig r31=f10 };; // th
+
+.L_divw_2nd_iter:
+{ .mii; (p0) add r32=-1,r33
+ (p0) cmp.eq equ,cont=HH,r31 };;
+{ .mii; (p0) cmp.ltu p8,p0=r35,D
+ (p0) sub r34=r35,D
+ (equ) cmp.leu break,cont=r35,H };;
+{ .mib; (cont) cmp.leu cont,break=HH,r31
+ (p8) add r31=-1,r31
+(cont) br.wtop.spnt .L_divw_2nd_iter };;
+///////////////////////////////////////////////////////////
+{ .mii; sub H=H,r35
+ or r8=r8,r33
+ mov ar.pfs=r2 };;
+{ .mii; shr.u r9=H,I // remainder if anybody wants it
+ mov pr=r10,0x1ffff }
+{ .mfb; br.ret.sptk.many b0 };;
+
+// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+// procedure.
+//
+// inputs: f6 = (double)a, f7 = (double)b
+// output: f8 = (int)(a/b)
+// clobbered: f8,f9,f10,f11,pred
+pred=p15
+// One can argue that this snippet is copyrighted to Intel
+// Corporation, as it's essentially identical to one of those
+// found in "Divide, Square Root and Remainder" section at
+// http://www.intel.com/software/products/opensource/libraries/num.htm.
+// Yes, I admit that the referred code was used as template,
+// but after I realized that there hardly is any other instruction
+// sequence which would perform this operation. I mean I figure that
+// any independent attempt to implement high-performance division
+// will result in code virtually identical to the Intel code. It
+// should be noted though that below division kernel is 1 cycle
+// faster than Intel one (note commented splits:-), not to mention
+// original prologue (rather lack of one) and epilogue.
+.align 32
+.skip 16
+.L_udiv64_32_b6:
+ frcpa.s1 f8,pred=f6,f7;; // [0] y0 = 1 / b
+
+(pred) fnma.s1 f9=f7,f8,f1 // [5] e0 = 1 - b * y0
+(pred) fmpy.s1 f10=f6,f8;; // [5] q0 = a * y0
+(pred) fmpy.s1 f11=f9,f9 // [10] e1 = e0 * e0
+(pred) fma.s1 f10=f9,f10,f10;; // [10] q1 = q0 + e0 * q0
+(pred) fma.s1 f8=f9,f8,f8 //;; // [15] y1 = y0 + e0 * y0
+(pred) fma.s1 f9=f11,f10,f10;; // [15] q2 = q1 + e1 * q1
+(pred) fma.s1 f8=f11,f8,f8 //;; // [20] y2 = y1 + e1 * y1
+(pred) fnma.s1 f10=f7,f9,f6;; // [20] r2 = a - b * q2
+(pred) fma.s1 f8=f10,f8,f9;; // [25] q3 = q2 + r2 * y2
+
+ fcvt.fxu.trunc.s1 f8=f8 // [30] q = trunc(q3)
+ br.ret.sptk.many b6;;
+.endp bn_div_words#
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2201 @@
+.rdata
+.asciiz "mips3.s, Version 1.1"
+.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ * <appro at fy.chalmers.se>
+ */
+#include <asm.h>
+#include <regdef.h>
+
+#if _MIPS_ISA>=4
+#define MOVNZ(cond,dst,src) \
+ movn dst,src,cond
+#else
+#define MOVNZ(cond,dst,src) \
+ .set noreorder; \
+ bnezl cond,.+8; \
+ move dst,src; \
+ .set reorder
+#endif
+
+.text
+
+.set noat
+.set reorder
+
+#define MINUS4 v1
+
+.align 5
+LEAF(bn_mul_add_words)
+ .set noreorder
+ bgtzl a2,.L_bn_mul_add_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_mul_add_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+ dmultu t0,a3
+ ld t1,0(a0)
+ ld t2,8(a1)
+ ld t3,8(a0)
+ ld ta0,16(a1)
+ ld ta1,16(a0)
+ daddu t1,v0
+ sltu v0,t1,v0 /* All manuals say it "compares 32-bit
+ * values", but it seems to work fine
+ * even on 64-bit registers. */
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,0(a0)
+ daddu v0,AT
+
+ dmultu t2,a3
+ ld ta2,24(a1)
+ ld ta3,24(a0)
+ daddu t3,v0
+ sltu v0,t3,v0
+ mflo AT
+ mfhi t2
+ daddu t3,AT
+ daddu v0,t2
+ sltu AT,t3,AT
+ sd t3,8(a0)
+ daddu v0,AT
+
+ dmultu ta0,a3
+ subu a2,4
+ PTR_ADD a0,32
+ PTR_ADD a1,32
+ daddu ta1,v0
+ sltu v0,ta1,v0
+ mflo AT
+ mfhi ta0
+ daddu ta1,AT
+ daddu v0,ta0
+ sltu AT,ta1,AT
+ sd ta1,-16(a0)
+ daddu v0,AT
+
+
+ dmultu ta2,a3
+ and ta0,a2,MINUS4
+ daddu ta3,v0
+ sltu v0,ta3,v0
+ mflo AT
+ mfhi ta2
+ daddu ta3,AT
+ daddu v0,ta2
+ sltu AT,ta3,AT
+ sd ta3,-8(a0)
+ daddu v0,AT
+ .set noreorder
+ bgtzl ta0,.L_bn_mul_add_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_mul_add_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_mul_add_words_return:
+ jr ra
+
+.L_bn_mul_add_words_tail:
+ dmultu t0,a3
+ ld t1,0(a0)
+ subu a2,1
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,0(a0)
+ daddu v0,AT
+ beqz a2,.L_bn_mul_add_words_return
+
+ ld t0,8(a1)
+ dmultu t0,a3
+ ld t1,8(a0)
+ subu a2,1
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,8(a0)
+ daddu v0,AT
+ beqz a2,.L_bn_mul_add_words_return
+
+ ld t0,16(a1)
+ dmultu t0,a3
+ ld t1,16(a0)
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,16(a0)
+ daddu v0,AT
+ jr ra
+END(bn_mul_add_words)
+
+.align 5
+LEAF(bn_mul_words)
+ .set noreorder
+ bgtzl a2,.L_bn_mul_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_mul_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+ dmultu t0,a3
+ ld t2,8(a1)
+ ld ta0,16(a1)
+ ld ta2,24(a1)
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,0(a0)
+ daddu v0,t1,t0
+
+ dmultu t2,a3
+ subu a2,4
+ PTR_ADD a0,32
+ PTR_ADD a1,32
+ mflo AT
+ mfhi t2
+ daddu v0,AT
+ sltu t3,v0,AT
+ sd v0,-24(a0)
+ daddu v0,t3,t2
+
+ dmultu ta0,a3
+ mflo AT
+ mfhi ta0
+ daddu v0,AT
+ sltu ta1,v0,AT
+ sd v0,-16(a0)
+ daddu v0,ta1,ta0
+
+
+ dmultu ta2,a3
+ and ta0,a2,MINUS4
+ mflo AT
+ mfhi ta2
+ daddu v0,AT
+ sltu ta3,v0,AT
+ sd v0,-8(a0)
+ daddu v0,ta3,ta2
+ .set noreorder
+ bgtzl ta0,.L_bn_mul_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_mul_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_mul_words_return:
+ jr ra
+
+.L_bn_mul_words_tail:
+ dmultu t0,a3
+ subu a2,1
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,0(a0)
+ daddu v0,t1,t0
+ beqz a2,.L_bn_mul_words_return
+
+ ld t0,8(a1)
+ dmultu t0,a3
+ subu a2,1
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,8(a0)
+ daddu v0,t1,t0
+ beqz a2,.L_bn_mul_words_return
+
+ ld t0,16(a1)
+ dmultu t0,a3
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,16(a0)
+ daddu v0,t1,t0
+ jr ra
+END(bn_mul_words)
+
+.align 5
+LEAF(bn_sqr_words)
+ .set noreorder
+ bgtzl a2,.L_bn_sqr_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_sqr_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+ dmultu t0,t0
+ ld t2,8(a1)
+ ld ta0,16(a1)
+ ld ta2,24(a1)
+ mflo t1
+ mfhi t0
+ sd t1,0(a0)
+ sd t0,8(a0)
+
+ dmultu t2,t2
+ subu a2,4
+ PTR_ADD a0,64
+ PTR_ADD a1,32
+ mflo t3
+ mfhi t2
+ sd t3,-48(a0)
+ sd t2,-40(a0)
+
+ dmultu ta0,ta0
+ mflo ta1
+ mfhi ta0
+ sd ta1,-32(a0)
+ sd ta0,-24(a0)
+
+
+ dmultu ta2,ta2
+ and ta0,a2,MINUS4
+ mflo ta3
+ mfhi ta2
+ sd ta3,-16(a0)
+ sd ta2,-8(a0)
+
+ .set noreorder
+ bgtzl ta0,.L_bn_sqr_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_sqr_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_sqr_words_return:
+ move v0,zero
+ jr ra
+
+.L_bn_sqr_words_tail:
+ dmultu t0,t0
+ subu a2,1
+ mflo t1
+ mfhi t0
+ sd t1,0(a0)
+ sd t0,8(a0)
+ beqz a2,.L_bn_sqr_words_return
+
+ ld t0,8(a1)
+ dmultu t0,t0
+ subu a2,1
+ mflo t1
+ mfhi t0
+ sd t1,16(a0)
+ sd t0,24(a0)
+ beqz a2,.L_bn_sqr_words_return
+
+ ld t0,16(a1)
+ dmultu t0,t0
+ mflo t1
+ mfhi t0
+ sd t1,32(a0)
+ sd t0,40(a0)
+ jr ra
+END(bn_sqr_words)
+
+.align 5
+LEAF(bn_add_words)
+ .set noreorder
+ bgtzl a3,.L_bn_add_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_add_words_proceed:
+ li MINUS4,-4
+ and AT,a3,MINUS4
+ move v0,zero
+ beqz AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+ ld ta0,0(a2)
+ subu a3,4
+ ld t1,8(a1)
+ and AT,a3,MINUS4
+ ld t2,16(a1)
+ PTR_ADD a2,32
+ ld t3,24(a1)
+ PTR_ADD a0,32
+ ld ta1,-24(a2)
+ PTR_ADD a1,32
+ ld ta2,-16(a2)
+ ld ta3,-8(a2)
+ daddu ta0,t0
+ sltu t8,ta0,t0
+ daddu t0,ta0,v0
+ sltu v0,t0,ta0
+ sd t0,-32(a0)
+ daddu v0,t8
+
+ daddu ta1,t1
+ sltu t9,ta1,t1
+ daddu t1,ta1,v0
+ sltu v0,t1,ta1
+ sd t1,-24(a0)
+ daddu v0,t9
+
+ daddu ta2,t2
+ sltu t8,ta2,t2
+ daddu t2,ta2,v0
+ sltu v0,t2,ta2
+ sd t2,-16(a0)
+ daddu v0,t8
+
+ daddu ta3,t3
+ sltu t9,ta3,t3
+ daddu t3,ta3,v0
+ sltu v0,t3,ta3
+ sd t3,-8(a0)
+ daddu v0,t9
+
+ .set noreorder
+ bgtzl AT,.L_bn_add_words_loop
+ ld t0,0(a1)
+
+ bnezl a3,.L_bn_add_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_add_words_return:
+ jr ra
+
+.L_bn_add_words_tail:
+ ld ta0,0(a2)
+ daddu ta0,t0
+ subu a3,1
+ sltu t8,ta0,t0
+ daddu t0,ta0,v0
+ sltu v0,t0,ta0
+ sd t0,0(a0)
+ daddu v0,t8
+ beqz a3,.L_bn_add_words_return
+
+ ld t1,8(a1)
+ ld ta1,8(a2)
+ daddu ta1,t1
+ subu a3,1
+ sltu t9,ta1,t1
+ daddu t1,ta1,v0
+ sltu v0,t1,ta1
+ sd t1,8(a0)
+ daddu v0,t9
+ beqz a3,.L_bn_add_words_return
+
+ ld t2,16(a1)
+ ld ta2,16(a2)
+ daddu ta2,t2
+ sltu t8,ta2,t2
+ daddu t2,ta2,v0
+ sltu v0,t2,ta2
+ sd t2,16(a0)
+ daddu v0,t8
+ jr ra
+END(bn_add_words)
+
+.align 5
+LEAF(bn_sub_words)
+ .set noreorder
+ bgtzl a3,.L_bn_sub_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_sub_words_proceed:
+ li MINUS4,-4
+ and AT,a3,MINUS4
+ move v0,zero
+ beqz AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+ ld ta0,0(a2)
+ subu a3,4
+ ld t1,8(a1)
+ and AT,a3,MINUS4
+ ld t2,16(a1)
+ PTR_ADD a2,32
+ ld t3,24(a1)
+ PTR_ADD a0,32
+ ld ta1,-24(a2)
+ PTR_ADD a1,32
+ ld ta2,-16(a2)
+ ld ta3,-8(a2)
+ sltu t8,t0,ta0
+ dsubu t0,ta0
+ dsubu ta0,t0,v0
+ sd ta0,-32(a0)
+ MOVNZ (t0,v0,t8)
+
+ sltu t9,t1,ta1
+ dsubu t1,ta1
+ dsubu ta1,t1,v0
+ sd ta1,-24(a0)
+ MOVNZ (t1,v0,t9)
+
+
+ sltu t8,t2,ta2
+ dsubu t2,ta2
+ dsubu ta2,t2,v0
+ sd ta2,-16(a0)
+ MOVNZ (t2,v0,t8)
+
+ sltu t9,t3,ta3
+ dsubu t3,ta3
+ dsubu ta3,t3,v0
+ sd ta3,-8(a0)
+ MOVNZ (t3,v0,t9)
+
+ .set noreorder
+ bgtzl AT,.L_bn_sub_words_loop
+ ld t0,0(a1)
+
+ bnezl a3,.L_bn_sub_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_sub_words_return:
+ jr ra
+
+.L_bn_sub_words_tail:
+ ld ta0,0(a2)
+ subu a3,1
+ sltu t8,t0,ta0
+ dsubu t0,ta0
+ dsubu ta0,t0,v0
+ MOVNZ (t0,v0,t8)
+ sd ta0,0(a0)
+ beqz a3,.L_bn_sub_words_return
+
+ ld t1,8(a1)
+ subu a3,1
+ ld ta1,8(a2)
+ sltu t9,t1,ta1
+ dsubu t1,ta1
+ dsubu ta1,t1,v0
+ MOVNZ (t1,v0,t9)
+ sd ta1,8(a0)
+ beqz a3,.L_bn_sub_words_return
+
+ ld t2,16(a1)
+ ld ta2,16(a2)
+ sltu t8,t2,ta2
+ dsubu t2,ta2
+ dsubu ta2,t2,v0
+ MOVNZ (t2,v0,t8)
+ sd ta2,16(a0)
+ jr ra
+END(bn_sub_words)
+
+#undef MINUS4
+
+.align 5
+LEAF(bn_div_3_words)
+ .set reorder
+ move a3,a0 /* we know that bn_div_words doesn't
+ * touch a3, ta2, ta3 and preserves a2
+ * so that we can save two arguments
+ * and return address in registers
+ * instead of stack:-)
+ */
+ ld a0,(a3)
+ move ta2,a1
+ ld a1,-8(a3)
+ bne a0,a2,.L_bn_div_3_words_proceed
+ li v0,-1
+ jr ra
+.L_bn_div_3_words_proceed:
+ move ta3,ra
+ bal bn_div_words
+ move ra,ta3
+ dmultu ta2,v0
+ ld t2,-16(a3)
+ move ta0,zero
+ mfhi t1
+ mflo t0
+ sltu t8,t1,v1
+.L_bn_div_3_words_inner_loop:
+ bnez t8,.L_bn_div_3_words_inner_loop_done
+ sgeu AT,t2,t0
+ seq t9,t1,v1
+ and AT,t9
+ sltu t3,t0,ta2
+ daddu v1,a2
+ dsubu t1,t3
+ dsubu t0,ta2
+ sltu t8,t1,v1
+ sltu ta0,v1,a2
+ or t8,ta0
+ .set noreorder
+ beqzl AT,.L_bn_div_3_words_inner_loop
+ dsubu v0,1
+ .set reorder
+.L_bn_div_3_words_inner_loop_done:
+ jr ra
+END(bn_div_3_words)
+
+.align 5
+LEAF(bn_div_words)
+ .set noreorder
+ bnezl a2,.L_bn_div_words_proceed
+ move v1,zero
+ jr ra
+ li v0,-1 /* I'd rather signal div-by-zero
+ * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+ bltz a2,.L_bn_div_words_body
+ move t9,v1
+ dsll a2,1
+ bgtz a2,.-4
+ addu t9,1
+
+ .set reorder
+ negu t1,t9
+ li t2,-1
+ dsll t2,t1
+ and t2,a0
+ dsrl AT,a1,t1
+ .set noreorder
+ bnezl t2,.+8
+ break 6 /* signal overflow */
+ .set reorder
+ dsll a0,t9
+ dsll a1,t9
+ or a0,AT
+
+#define QT ta0
+#define HH ta1
+#define DH v1
+.L_bn_div_words_body:
+ dsrl DH,a2,32
+ sgeu AT,a0,a2
+ .set noreorder
+ bnezl AT,.+8
+ dsubu a0,a2
+ .set reorder
+
+ li QT,-1
+ dsrl HH,a0,32
+ dsrl QT,32 /* q=0xffffffff */
+ beq DH,HH,.L_bn_div_words_skip_div1
+ ddivu zero,a0,DH
+ mflo QT
+.L_bn_div_words_skip_div1:
+ dmultu a2,QT
+ dsll t3,a0,32
+ dsrl AT,a1,32
+ or t3,AT
+ mflo t0
+ mfhi t1
+.L_bn_div_words_inner_loop1:
+ sltu t2,t3,t0
+ seq t8,HH,t1
+ sltu AT,HH,t1
+ and t2,t8
+ sltu v0,t0,a2
+ or AT,t2
+ .set noreorder
+ beqz AT,.L_bn_div_words_inner_loop1_done
+ dsubu t1,v0
+ dsubu t0,a2
+ b .L_bn_div_words_inner_loop1
+ dsubu QT,1
+ .set reorder
+.L_bn_div_words_inner_loop1_done:
+
+ dsll a1,32
+ dsubu a0,t3,t0
+ dsll v0,QT,32
+
+ li QT,-1
+ dsrl HH,a0,32
+ dsrl QT,32 /* q=0xffffffff */
+ beq DH,HH,.L_bn_div_words_skip_div2
+ ddivu zero,a0,DH
+ mflo QT
+.L_bn_div_words_skip_div2:
+#undef DH
+ dmultu a2,QT
+ dsll t3,a0,32
+ dsrl AT,a1,32
+ or t3,AT
+ mflo t0
+ mfhi t1
+.L_bn_div_words_inner_loop2:
+ sltu t2,t3,t0
+ seq t8,HH,t1
+ sltu AT,HH,t1
+ and t2,t8
+ sltu v1,t0,a2
+ or AT,t2
+ .set noreorder
+ beqz AT,.L_bn_div_words_inner_loop2_done
+ dsubu t1,v1
+ dsubu t0,a2
+ b .L_bn_div_words_inner_loop2
+ dsubu QT,1
+ .set reorder
+.L_bn_div_words_inner_loop2_done:
+#undef HH
+
+ dsubu a0,t3,t0
+ or v0,QT
+ dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
+ dsrl a2,t9 /* restore a2 */
+ jr ra
+#undef QT
+END(bn_div_words)
+
+#define a_0 t0
+#define a_1 t1
+#define a_2 t2
+#define a_3 t3
+#define b_0 ta0
+#define b_1 ta1
+#define b_2 ta2
+#define b_3 ta3
+
+#define a_4 s0
+#define a_5 s2
+#define a_6 s4
+#define a_7 a1 /* once we load a[7] we don't need a anymore */
+#define b_4 s1
+#define b_5 s3
+#define b_6 s5
+#define b_7 a2 /* once we load b[7] we don't need b anymore */
+
+#define t_1 t8
+#define t_2 t9
+
+#define c_1 v0
+#define c_2 v1
+#define c_3 a3
+
+#define FRAME_SIZE 48
+
+.align 5
+LEAF(bn_mul_comba8)
+ .set noreorder
+ PTR_SUB sp,FRAME_SIZE
+ .frame sp,64,ra
+ .set reorder
+ ld a_0,0(a1) /* If compiled with -mips3 option on
+ * R5000 box assembler barks on this
+ * line with "shouldn't have mult/div
+ * as last instruction in bb (R10K
+ * bug)" warning. If anybody out there
+ * has a clue about how to circumvent
+ * this do send me a note.
+ * <appro at fy.chalmers.se>
+ */
+ ld b_0,0(a2)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+ ld b_1,8(a2)
+ ld b_2,16(a2)
+ ld b_3,24(a2)
+ dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ sd s0,0(sp)
+ sd s1,8(sp)
+ sd s2,16(sp)
+ sd s3,24(sp)
+ sd s4,32(sp)
+ sd s5,40(sp)
+ mflo c_1
+ mfhi c_2
+
+ dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
+ ld a_4,32(a1)
+ ld a_5,40(a1)
+ ld a_6,48(a1)
+ ld a_7,56(a1)
+ ld b_4,32(a2)
+ ld b_5,40(a2)
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
+ ld b_6,48(a2)
+ ld b_7,56(a2)
+ sd c_1,0(a0) /* r[0]=c1; */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ sd c_2,8(a0) /* r[1]=c2; */
+
+ dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0) /* r[2]=c3; */
+
+ dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0) /* r[3]=c1; */
+
+ dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0) /* r[4]=c2; */
+
+ dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0) /* r[5]=c3; */
+
+ dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,48(a0) /* r[6]=c1; */
+
+ dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,56(a0) /* r[7]=c2; */
+
+ dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,64(a0) /* r[8]=c3; */
+
+ dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,72(a0) /* r[9]=c1; */
+
+ dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,80(a0) /* r[10]=c2; */
+
+ dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,88(a0) /* r[11]=c3; */
+
+ dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,96(a0) /* r[12]=c1; */
+
+ dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,104(a0) /* r[13]=c2; */
+
+ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
+ ld s0,0(sp)
+ ld s1,8(sp)
+ ld s2,16(sp)
+ ld s3,24(sp)
+ ld s4,32(sp)
+ ld s5,40(sp)
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sd c_3,112(a0) /* r[14]=c3; */
+ sd c_1,120(a0) /* r[15]=c1; */
+
+ PTR_ADD sp,FRAME_SIZE
+
+ jr ra
+END(bn_mul_comba8)
+
+.align 5
+LEAF(bn_mul_comba4)
+ .set reorder
+ ld a_0,0(a1)
+ ld b_0,0(a2)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ ld a_3,24(a1)
+ ld b_1,8(a2)
+ ld b_2,16(a2)
+ ld b_3,24(a2)
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ sd c_2,8(a0)
+
+ dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0)
+
+ dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0)
+
+ dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sd c_1,48(a0)
+ sd c_2,56(a0)
+
+ jr ra
+END(bn_mul_comba4)
+
+#undef a_4
+#undef a_5
+#undef a_6
+#undef a_7
+#define a_4 b_0
+#define a_5 b_1
+#define a_6 b_2
+#define a_7 b_3
+
+.align 5
+LEAF(bn_sqr_comba8)
+ .set reorder
+ ld a_0,0(a1)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ ld a_4,32(a1)
+ ld a_5,40(a1)
+ ld a_6,48(a1)
+ ld a_7,56(a1)
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ sd c_2,8(a0)
+
+ dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0)
+
+ dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0)
+
+ dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,48(a0)
+
+ dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,56(a0)
+
+ dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,64(a0)
+
+ dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,72(a0)
+
+ dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,80(a0)
+
+ dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,88(a0)
+
+ dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,96(a0)
+
+ dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,104(a0)
+
+ dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sd c_3,112(a0)
+ sd c_1,120(a0)
+
+ jr ra
+END(bn_sqr_comba8)
+
+.align 5
+LEAF(bn_sqr_comba4)
+ .set reorder
+ ld a_0,0(a1)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ sd c_2,8(a0)
+
+ dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ slt AT,t_2,zero
+ daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0)
+
+ dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0)
+
+ dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sd c_1,48(a0)
+ sd c_2,56(a0)
+
+ jr ra
+END(bn_sqr_comba4)
Added: vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,605 @@
+#!/usr/bin/env perl
+
+# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl)
+# from OpenSSL 0.9.9-dev
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+ push @str,0;
+ while ($#str>15) {
+ &data_byte(@str[0..15]);
+ foreach (0..15) { shift @str; }
+ }
+ &data_byte(@str) if (@str);
+}
+
+# ====================================================================
+# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# This is a "teaser" code, as it can be improved in several ways...
+# First of all non-SSE2 path should be implemented (yes, for now it
+# performs Montgomery multiplication/convolution only on SSE2-capable
+# CPUs such as P4, others fall down to original code). Then inner loop
+# can be unrolled and modulo-scheduled to improve ILP and possibly
+# moved to 128-bit XMM register bank (though it would require input
+# rearrangement and/or increase bus bandwidth utilization). Dedicated
+# squaring procedure should give further performance improvement...
+# Yet, for being draft, the code improves rsa512 *sign* benchmark by
+# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
+
+# December 2006
+#
+# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
+# Integer-only code [being equipped with dedicated squaring procedure]
+# gives ~40% on rsa512 sign benchmark...
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&function_begin("bn_mul_mont");
+
+$i="edx";
+$j="ecx";
+$ap="esi"; $tp="esi"; # overlapping variables!!!
+$rp="edi"; $bp="edi"; # overlapping variables!!!
+$np="ebp";
+$num="ebx";
+
+$_num=&DWP(4*0,"esp"); # stack top layout
+$_rp=&DWP(4*1,"esp");
+$_ap=&DWP(4*2,"esp");
+$_bp=&DWP(4*3,"esp");
+$_np=&DWP(4*4,"esp");
+$_n0=&DWP(4*5,"esp"); $_n0q=&QWP(4*5,"esp");
+$_sp=&DWP(4*6,"esp");
+$_bpend=&DWP(4*7,"esp");
+$frame=32; # size of above frame rounded up to 16n
+
+ &xor ("eax","eax");
+ &mov ("edi",&wparam(5)); # int num
+ &cmp ("edi",4);
+ &jl (&label("just_leave"));
+
+ &lea ("esi",&wparam(0)); # put aside pointer to argument block
+ &lea ("edx",&wparam(1)); # load ap
+ &mov ("ebp","esp"); # saved stack pointer!
+ &add ("edi",2); # extra two words on top of tp
+ &neg ("edi");
+ &lea ("esp",&DWP(-$frame,"esp","edi",4)); # alloca($frame+4*(num+2))
+ &neg ("edi");
+
+ # minimize cache contention by arraning 2K window between stack
+ # pointer and ap argument [np is also position sensitive vector,
+ # but it's assumed to be near ap, as it's allocated at ~same
+ # time].
+ &mov ("eax","esp");
+ &sub ("eax","edx");
+ &and ("eax",2047);
+ &sub ("esp","eax"); # this aligns sp and ap modulo 2048
+
+ &xor ("edx","esp");
+ &and ("edx",2048);
+ &xor ("edx",2048);
+ &sub ("esp","edx"); # this splits them apart modulo 4096
+
+ &and ("esp",-64); # align to cache line
+
+ ################################# load argument block...
+ &mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
+ &mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
+ &mov ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
+ &mov ("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
+ &mov ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
+ #&mov ("edi",&DWP(5*4,"esi"));# int num
+
+ &mov ("esi",&DWP(0,"esi")); # pull n0[0]
+ &mov ($_rp,"eax"); # ... save a copy of argument block
+ &mov ($_ap,"ebx");
+ &mov ($_bp,"ecx");
+ &mov ($_np,"edx");
+ &mov ($_n0,"esi");
+ &lea ($num,&DWP(-3,"edi")); # num=num-1 to assist modulo-scheduling
+ #&mov ($_num,$num); # redundant as $num is not reused
+ &mov ($_sp,"ebp"); # saved stack pointer!
+
+if($sse2) {
+$acc0="mm0"; # mmx register bank layout
+$acc1="mm1";
+$car0="mm2";
+$car1="mm3";
+$mul0="mm4";
+$mul1="mm5";
+$temp="mm6";
+$mask="mm7";
+
+ &picmeup("eax","OPENSSL_ia32cap_P");
+ &bt (&DWP(0,"eax"),26);
+ &jnc (&label("non_sse2"));
+
+ &mov ("eax",-1);
+ &movd ($mask,"eax"); # mask 32 lower bits
+
+ &mov ($ap,$_ap); # load input pointers
+ &mov ($bp,$_bp);
+ &mov ($np,$_np);
+
+ &xor ($i,$i); # i=0
+ &xor ($j,$j); # j=0
+
+ &movd ($mul0,&DWP(0,$bp)); # bp[0]
+ &movd ($mul1,&DWP(0,$ap)); # ap[0]
+ &movd ($car1,&DWP(0,$np)); # np[0]
+
+ &pmuludq($mul1,$mul0); # ap[0]*bp[0]
+ &movq ($car0,$mul1);
+ &movq ($acc0,$mul1); # I wish movd worked for
+ &pand ($acc0,$mask); # inter-register transfers
+
+ &pmuludq($mul1,$_n0q); # *=n0
+
+ &pmuludq($car1,$mul1); # "t[0]"*np[0]*n0
+ &paddq ($car1,$acc0);
+
+ &movd ($acc1,&DWP(4,$np)); # np[1]
+ &movd ($acc0,&DWP(4,$ap)); # ap[1]
+
+ &psrlq ($car0,32);
+ &psrlq ($car1,32);
+
+ &inc ($j); # j++
+&set_label("1st",16);
+ &pmuludq($acc0,$mul0); # ap[j]*bp[0]
+ &pmuludq($acc1,$mul1); # np[j]*m1
+ &paddq ($car0,$acc0); # +=c0
+ &paddq ($car1,$acc1); # +=c1
+
+ &movq ($acc0,$car0);
+ &pand ($acc0,$mask);
+ &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1]
+ &paddq ($car1,$acc0); # +=ap[j]*bp[0];
+ &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1]
+ &psrlq ($car0,32);
+ &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[j-1]=
+ &psrlq ($car1,32);
+
+ &lea ($j,&DWP(1,$j));
+ &cmp ($j,$num);
+ &jl (&label("1st"));
+
+ &pmuludq($acc0,$mul0); # ap[num-1]*bp[0]
+ &pmuludq($acc1,$mul1); # np[num-1]*m1
+ &paddq ($car0,$acc0); # +=c0
+ &paddq ($car1,$acc1); # +=c1
+
+ &movq ($acc0,$car0);
+ &pand ($acc0,$mask);
+ &paddq ($car1,$acc0); # +=ap[num-1]*bp[0];
+ &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]=
+
+ &psrlq ($car0,32);
+ &psrlq ($car1,32);
+
+ &paddq ($car1,$car0);
+ &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1]
+
+ &inc ($i); # i++
+&set_label("outer");
+ &xor ($j,$j); # j=0
+
+ &movd ($mul0,&DWP(0,$bp,$i,4)); # bp[i]
+ &movd ($mul1,&DWP(0,$ap)); # ap[0]
+ &movd ($temp,&DWP($frame,"esp")); # tp[0]
+ &movd ($car1,&DWP(0,$np)); # np[0]
+ &pmuludq($mul1,$mul0); # ap[0]*bp[i]
+
+ &paddq ($mul1,$temp); # +=tp[0]
+ &movq ($acc0,$mul1);
+ &movq ($car0,$mul1);
+ &pand ($acc0,$mask);
+
+ &pmuludq($mul1,$_n0q); # *=n0
+
+ &pmuludq($car1,$mul1);
+ &paddq ($car1,$acc0);
+
+ &movd ($temp,&DWP($frame+4,"esp")); # tp[1]
+ &movd ($acc1,&DWP(4,$np)); # np[1]
+ &movd ($acc0,&DWP(4,$ap)); # ap[1]
+
+ &psrlq ($car0,32);
+ &psrlq ($car1,32);
+ &paddq ($car0,$temp); # +=tp[1]
+
+ &inc ($j); # j++
+ &dec ($num);
+&set_label("inner");
+ &pmuludq($acc0,$mul0); # ap[j]*bp[i]
+ &pmuludq($acc1,$mul1); # np[j]*m1
+ &paddq ($car0,$acc0); # +=c0
+ &paddq ($car1,$acc1); # +=c1
+
+ &movq ($acc0,$car0);
+ &movd ($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
+ &pand ($acc0,$mask);
+ &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1]
+ &paddq ($car1,$acc0); # +=ap[j]*bp[i]+tp[j]
+ &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1]
+ &psrlq ($car0,32);
+ &movd (&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
+ &psrlq ($car1,32);
+ &paddq ($car0,$temp); # +=tp[j+1]
+
+ &dec ($num);
+ &lea ($j,&DWP(1,$j)); # j++
+ &jnz (&label("inner"));
+
+ &mov ($num,$j);
+ &pmuludq($acc0,$mul0); # ap[num-1]*bp[i]
+ &pmuludq($acc1,$mul1); # np[num-1]*m1
+ &paddq ($car0,$acc0); # +=c0
+ &paddq ($car1,$acc1); # +=c1
+
+ &movq ($acc0,$car0);
+ &pand ($acc0,$mask);
+ &paddq ($car1,$acc0); # +=ap[num-1]*bp[i]+tp[num-1]
+ &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]=
+ &psrlq ($car0,32);
+ &psrlq ($car1,32);
+
+ &movd ($temp,&DWP($frame+4,"esp",$num,4)); # += tp[num]
+ &paddq ($car1,$car0);
+ &paddq ($car1,$temp);
+ &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1]
+
+ &lea ($i,&DWP(1,$i)); # i++
+ &cmp ($i,$num);
+ &jle (&label("outer"));
+
+ &emms (); # done with mmx bank
+ &jmp (&label("common_tail"));
+
+&set_label("non_sse2",16);
+}
+
+if (0) {
+ &mov ("esp",$_sp);
+ &xor ("eax","eax"); # signal "not fast enough [yet]"
+ &jmp (&label("just_leave"));
+ # While the below code provides competitive performance for
+ # all key lengthes on modern Intel cores, it's still more
+ # than 10% slower for 4096-bit key elsewhere:-( "Competitive"
+ # means compared to the original integer-only assembler.
+ # 512-bit RSA sign is better by ~40%, but that's about all
+ # one can say about all CPUs...
+} else {
+$inp="esi"; # integer path uses these registers differently
+$word="edi";
+$carry="ebp";
+
+ &mov ($inp,$_ap);
+ &lea ($carry,&DWP(1,$num));
+ &mov ($word,$_bp);
+ &xor ($j,$j); # j=0
+ &mov ("edx",$inp);
+ &and ($carry,1); # see if num is even
+ &sub ("edx",$word); # see if ap==bp
+ &lea ("eax",&DWP(4,$word,$num,4)); # &bp[num]
+ &or ($carry,"edx");
+ &mov ($word,&DWP(0,$word)); # bp[0]
+ &jz (&label("bn_sqr_mont"));
+ &mov ($_bpend,"eax");
+ &mov ("eax",&DWP(0,$inp));
+ &xor ("edx","edx");
+
+&set_label("mull",16);
+ &mov ($carry,"edx");
+ &mul ($word); # ap[j]*bp[0]
+ &add ($carry,"eax");
+ &lea ($j,&DWP(1,$j));
+ &adc ("edx",0);
+ &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1]
+ &cmp ($j,$num);
+ &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]=
+ &jl (&label("mull"));
+
+ &mov ($carry,"edx");
+ &mul ($word); # ap[num-1]*bp[0]
+ &mov ($word,$_n0);
+ &add ("eax",$carry);
+ &mov ($inp,$_np);
+ &adc ("edx",0);
+ &imul ($word,&DWP($frame,"esp")); # n0*tp[0]
+
+ &mov (&DWP($frame,"esp",$num,4),"eax"); # tp[num-1]=
+ &xor ($j,$j);
+ &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]=
+ &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]=
+
+ &mov ("eax",&DWP(0,$inp)); # np[0]
+ &mul ($word); # np[0]*m
+ &add ("eax",&DWP($frame,"esp")); # +=tp[0]
+ &mov ("eax",&DWP(4,$inp)); # np[1]
+ &adc ("edx",0);
+ &inc ($j);
+
+ &jmp (&label("2ndmadd"));
+
+&set_label("1stmadd",16);
+ &mov ($carry,"edx");
+ &mul ($word); # ap[j]*bp[i]
+ &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j]
+ &lea ($j,&DWP(1,$j));
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1]
+ &adc ("edx",0);
+ &cmp ($j,$num);
+ &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]=
+ &jl (&label("1stmadd"));
+
+ &mov ($carry,"edx");
+ &mul ($word); # ap[num-1]*bp[i]
+ &add ("eax",&DWP($frame,"esp",$num,4)); # +=tp[num-1]
+ &mov ($word,$_n0);
+ &adc ("edx",0);
+ &mov ($inp,$_np);
+ &add ($carry,"eax");
+ &adc ("edx",0);
+ &imul ($word,&DWP($frame,"esp")); # n0*tp[0]
+
+ &xor ($j,$j);
+ &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num]
+ &mov (&DWP($frame,"esp",$num,4),$carry); # tp[num-1]=
+ &adc ($j,0);
+ &mov ("eax",&DWP(0,$inp)); # np[0]
+ &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]=
+ &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]=
+
+ &mul ($word); # np[0]*m
+ &add ("eax",&DWP($frame,"esp")); # +=tp[0]
+ &mov ("eax",&DWP(4,$inp)); # np[1]
+ &adc ("edx",0);
+ &mov ($j,1);
+
+&set_label("2ndmadd",16);
+ &mov ($carry,"edx");
+ &mul ($word); # np[j]*m
+ &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j]
+ &lea ($j,&DWP(1,$j));
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+1]
+ &adc ("edx",0);
+ &cmp ($j,$num);
+ &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j-1]=
+ &jl (&label("2ndmadd"));
+
+ &mov ($carry,"edx");
+ &mul ($word); # np[j]*m
+ &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1]
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &adc ("edx",0);
+ &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]=
+
+ &xor ("eax","eax");
+ &mov ($j,$_bp); # &bp[i]
+ &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num]
+ &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1]
+ &lea ($j,&DWP(4,$j));
+ &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]=
+ &cmp ($j,$_bpend);
+ &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]=
+ &je (&label("common_tail"));
+
+ &mov ($word,&DWP(0,$j)); # bp[i+1]
+ &mov ($inp,$_ap);
+ &mov ($_bp,$j); # &bp[++i]
+ &xor ($j,$j);
+ &xor ("edx","edx");
+ &mov ("eax",&DWP(0,$inp));
+ &jmp (&label("1stmadd"));
+
+&set_label("bn_sqr_mont",16);
+$sbit=$num;
+ &mov ($_num,$num);
+ &mov ($_bp,$j); # i=0
+
+ &mov ("eax",$word); # ap[0]
+ &mul ($word); # ap[0]*ap[0]
+ &mov (&DWP($frame,"esp"),"eax"); # tp[0]=
+ &mov ($sbit,"edx");
+ &shr ("edx",1);
+ &and ($sbit,1);
+ &inc ($j);
+&set_label("sqr",16);
+ &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j]
+ &mov ($carry,"edx");
+ &mul ($word); # ap[j]*ap[0]
+ &add ("eax",$carry);
+ &lea ($j,&DWP(1,$j));
+ &adc ("edx",0);
+ &lea ($carry,&DWP(0,$sbit,"eax",2));
+ &shr ("eax",31);
+ &cmp ($j,$_num);
+ &mov ($sbit,"eax");
+ &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]=
+ &jl (&label("sqr"));
+
+ &mov ("eax",&DWP(0,$inp,$j,4)); # ap[num-1]
+ &mov ($carry,"edx");
+ &mul ($word); # ap[num-1]*ap[0]
+ &add ("eax",$carry);
+ &mov ($word,$_n0);
+ &adc ("edx",0);
+ &mov ($inp,$_np);
+ &lea ($carry,&DWP(0,$sbit,"eax",2));
+ &imul ($word,&DWP($frame,"esp")); # n0*tp[0]
+ &shr ("eax",31);
+ &mov (&DWP($frame,"esp",$j,4),$carry); # tp[num-1]=
+
+ &lea ($carry,&DWP(0,"eax","edx",2));
+ &mov ("eax",&DWP(0,$inp)); # np[0]
+ &shr ("edx",31);
+ &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num]=
+ &mov (&DWP($frame+8,"esp",$j,4),"edx"); # tp[num+1]=
+
+ &mul ($word); # np[0]*m
+ &add ("eax",&DWP($frame,"esp")); # +=tp[0]
+ &mov ($num,$j);
+ &adc ("edx",0);
+ &mov ("eax",&DWP(4,$inp)); # np[1]
+ &mov ($j,1);
+
+&set_label("3rdmadd",16);
+ &mov ($carry,"edx");
+ &mul ($word); # np[j]*m
+ &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j]
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &mov ("eax",&DWP(4,$inp,$j,4)); # np[j+1]
+ &adc ("edx",0);
+ &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j-1]=
+
+ &mov ($carry,"edx");
+ &mul ($word); # np[j+1]*m
+ &add ($carry,&DWP($frame+4,"esp",$j,4)); # +=tp[j+1]
+ &lea ($j,&DWP(2,$j));
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+2]
+ &adc ("edx",0);
+ &cmp ($j,$num);
+ &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j]=
+ &jl (&label("3rdmadd"));
+
+ &mov ($carry,"edx");
+ &mul ($word); # np[j]*m
+ &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1]
+ &adc ("edx",0);
+ &add ($carry,"eax");
+ &adc ("edx",0);
+ &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]=
+
+ &mov ($j,$_bp); # i
+ &xor ("eax","eax");
+ &mov ($inp,$_ap);
+ &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num]
+ &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1]
+ &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]=
+ &cmp ($j,$num);
+ &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]=
+ &je (&label("common_tail"));
+
+ &mov ($word,&DWP(4,$inp,$j,4)); # ap[i]
+ &lea ($j,&DWP(1,$j));
+ &mov ("eax",$word);
+ &mov ($_bp,$j); # ++i
+ &mul ($word); # ap[i]*ap[i]
+ &add ("eax",&DWP($frame,"esp",$j,4)); # +=tp[i]
+ &adc ("edx",0);
+ &mov (&DWP($frame,"esp",$j,4),"eax"); # tp[i]=
+ &xor ($carry,$carry);
+ &cmp ($j,$num);
+ &lea ($j,&DWP(1,$j));
+ &je (&label("sqrlast"));
+
+ &mov ($sbit,"edx"); # zaps $num
+ &shr ("edx",1);
+ &and ($sbit,1);
+&set_label("sqradd",16);
+ &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j]
+ &mov ($carry,"edx");
+ &mul ($word); # ap[j]*ap[i]
+ &add ("eax",$carry);
+ &lea ($carry,&DWP(0,"eax","eax"));
+ &adc ("edx",0);
+ &shr ("eax",31);
+ &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j]
+ &lea ($j,&DWP(1,$j));
+ &adc ("eax",0);
+ &add ($carry,$sbit);
+ &adc ("eax",0);
+ &cmp ($j,$_num);
+ &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]=
+ &mov ($sbit,"eax");
+ &jle (&label("sqradd"));
+
+ &mov ($carry,"edx");
+ &add ("edx","edx");
+ &shr ($carry,31);
+ &add ("edx",$sbit);
+ &adc ($carry,0);
+&set_label("sqrlast");
+ &mov ($word,$_n0);
+ &mov ($inp,$_np);
+ &imul ($word,&DWP($frame,"esp")); # n0*tp[0]
+
+ &add ("edx",&DWP($frame,"esp",$j,4)); # +=tp[num]
+ &mov ("eax",&DWP(0,$inp)); # np[0]
+ &adc ($carry,0);
+ &mov (&DWP($frame,"esp",$j,4),"edx"); # tp[num]=
+ &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num+1]=
+
+ &mul ($word); # np[0]*m
+ &add ("eax",&DWP($frame,"esp")); # +=tp[0]
+ &lea ($num,&DWP(-1,$j));
+ &adc ("edx",0);
+ &mov ($j,1);
+ &mov ("eax",&DWP(4,$inp)); # np[1]
+
+ &jmp (&label("3rdmadd"));
+}
+
+&set_label("common_tail",16);
+ &mov ($np,$_np); # load modulus pointer
+ &mov ($rp,$_rp); # load result pointer
+ &lea ($tp,&DWP($frame,"esp")); # [$ap and $bp are zapped]
+
+ &mov ("eax",&DWP(0,$tp)); # tp[0]
+ &mov ($j,$num); # j=num-1
+ &xor ($i,$i); # i=0 and clear CF!
+
+&set_label("sub",16);
+ &sbb ("eax",&DWP(0,$np,$i,4));
+ &mov (&DWP(0,$rp,$i,4),"eax"); # rp[i]=tp[i]-np[i]
+ &dec ($j); # doesn't affect CF!
+ &mov ("eax",&DWP(4,$tp,$i,4)); # tp[i+1]
+ &lea ($i,&DWP(1,$i)); # i++
+ &jge (&label("sub"));
+
+ &sbb ("eax",0); # handle upmost overflow bit
+ &and ($tp,"eax");
+ ¬ ("eax");
+ &mov ($np,$rp);
+ &and ($np,"eax");
+ &or ($tp,$np); # tp=carry?tp:rp
+
+&set_label("copy",16); # copy or in-place refresh
+ &mov ("eax",&DWP(0,$tp,$num,4));
+ &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i]
+ &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
+ &dec ($num);
+ &jge (&label("copy"));
+
+ &mov ("esp",$_sp); # pull saved stack pointer
+ &mov ("eax",1);
+&set_label("just_leave");
+&function_end("bn_mul_mont");
+
+&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
Added: vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2.s
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2.s (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2.s 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1618 @@
+;
+; PA-RISC 2.0 implementation of bn_asm code, based on the
+; 64-bit version of the code. This code is effectively the
+; same as the 64-bit version except the register model is
+; slightly different given all values must be 32-bit between
+; function calls. Thus the 64-bit return values are returned
+; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
+;
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/ for more details on the PA-RISC
+; architecture. Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+ .level 2.0N
+ .space $TEXT$
+ .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 32-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers
+;
+; "caller save" registers: fr4-fr11, fr22-fr31
+; "callee save" registers: fr12-fr21
+; "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+; value zero : r0
+; "caller save" registers: r1,r19-r26
+; "callee save" registers: r3-r18
+; return register : r2 (rp)
+; return values ; r28,r29 (ret0,ret1)
+; Stack pointer ; r30 (sp)
+; millicode return ptr ; r31 (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr .reg %r26
+a_ptr .reg %r25
+b_ptr .reg %r24
+num .reg %r24
+n .reg %r23
+
+;
+; Note that the "w" argument for bn_mul_add_words and bn_mul_words
+; is passed on the stack at a delta of -56 from the top of stack
+; as the routine is entered.
+;
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r23
+high_mask .reg %r22 ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr,
+; int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg3 = num
+; -56(sp) = w
+;
+; Local register definitions
+;
+
+fm1 .reg %fr22
+fm .reg %fr23
+ht_temp .reg %fr24
+ht_temp_1 .reg %fr25
+lt_temp .reg %fr26
+lt_temp_1 .reg %fr27
+fm1_1 .reg %fr28
+fm_1 .reg %fr29
+
+fw_h .reg %fr7L
+fw_l .reg %fr7R
+fw .reg %fr7
+
+fht_0 .reg %fr8L
+flt_0 .reg %fr8R
+t_float_0 .reg %fr8
+
+fht_1 .reg %fr9L
+flt_1 .reg %fr9R
+t_float_1 .reg %fr9
+
+tmp_0 .reg %r31
+tmp_1 .reg %r21
+m_0 .reg %r20
+m_1 .reg %r19
+ht_0 .reg %r1
+ht_1 .reg %r3
+lt_0 .reg %r4
+lt_1 .reg %r5
+m1_0 .reg %r6
+m1_1 .reg %r7
+rp_val .reg %r8
+rp_val_1 .reg %r9
+
+bn_mul_add_words
+ .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+ .proc
+ .callinfo frame=128
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ NOP ; Needed to make the loop 16-byte aligned
+ NOP ; needed to make the loop 16-byte aligned
+
+ STD %r5,16(%sp) ; save r5
+ NOP
+ STD %r6,24(%sp) ; save r6
+ STD %r7,32(%sp) ; save r7
+
+ STD %r8,40(%sp) ; save r8
+ STD %r9,48(%sp) ; save r9
+ COPY %r0,%ret1 ; return 0 by default
+ DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32
+
+ CMPIB,>= 0,num,bn_mul_add_words_exit ; if (num <= 0) then exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; The loop is unrolled twice, so if there is only 1 number
+ ; then go straight to the cleanup code.
+ ;
+ CMPIB,= 1,num,bn_mul_add_words_single_top
+ FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l)
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+ ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+ ; two 32-bit mutiplies can be issued per cycle.
+ ;
+bn_mul_add_words_unroll2
+
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ LDD 0(r_ptr),rp_val ; rp[0]
+ LDD 8(r_ptr),rp_val_1 ; rp[1]
+
+ XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l
+ XMPYU fht_1,fw_l,fm1_1 ; m1[1] = fht_1*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1[0]
+ FSTD fm1_1,-48(%sp) ; -48(sp) = m1[1]
+
+ XMPYU flt_0,fw_h,fm ; m[0] = flt_0*fw_h
+ XMPYU flt_1,fw_h,fm_1 ; m[1] = flt_1*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m[0]
+ FSTD fm_1,-40(%sp) ; -40(sp) = m[1]
+
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h
+ XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp_1 = fht_1*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht_temp
+ FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht_temp_1
+
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt_temp
+ FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt_temp_1
+
+ LDD -8(%sp),m_0 ; m[0]
+ LDD -40(%sp),m_1 ; m[1]
+ LDD -16(%sp),m1_0 ; m1[0]
+ LDD -48(%sp),m1_1 ; m1[1]
+
+ LDD -24(%sp),ht_0 ; ht[0]
+ LDD -56(%sp),ht_1 ; ht[1]
+ ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m[0] + m1[0];
+ ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m[1] + m1[1];
+
+ LDD -32(%sp),lt_0
+ LDD -64(%sp),lt_1
+ CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m[0] < m1[0])
+ ADD,L ht_0,top_overflow,ht_0 ; ht[0] += (1<<32)
+
+ CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m[1] < m1[1])
+ ADD,L ht_1,top_overflow,ht_1 ; ht[1] += (1<<32)
+ EXTRD,U tmp_0,31,32,m_0 ; m[0]>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1[0] = m[0]<<32
+
+ EXTRD,U tmp_1,31,32,m_1 ; m[1]>>32
+ DEPD,Z tmp_1,31,32,m1_1 ; m1[1] = m[1]<<32
+ ADD,L ht_0,m_0,ht_0 ; ht[0]+= (m[0]>>32)
+ ADD,L ht_1,m_1,ht_1 ; ht[1]+= (m[1]>>32)
+
+ ADD lt_0,m1_0,lt_0 ; lt[0] = lt[0]+m1[0];
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ ADD lt_1,m1_1,lt_1 ; lt[1] = lt[1]+m1[1];
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+
+ ADD %ret1,lt_0,lt_0 ; lt[0] = lt[0] + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ ADD lt_0,rp_val,lt_0 ; lt[0] = lt[0]+rp[0]
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+
+ LDO -2(num),num ; num = num - 2;
+ ADD ht_0,lt_1,lt_1 ; lt[1] = lt[1] + ht_0 (c);
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+ STD lt_0,0(r_ptr) ; rp[0] = lt[0]
+
+ ADD lt_1,rp_val_1,lt_1 ; lt[1] = lt[1]+rp[1]
+ ADD,DC ht_1,%r0,%ret1 ; ht[1]++
+ LDO 16(a_ptr),a_ptr ; a_ptr += 2
+
+ STD lt_1,8(r_ptr) ; rp[1] = lt[1]
+ CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+ LDO 16(r_ptr),r_ptr ; r_ptr += 2
+
+ CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_mul_add_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ LDD 0(r_ptr),rp_val ; rp[0]
+ LDO 8(a_ptr),a_ptr ; a_ptr++
+ XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+
+ LDD -8(%sp),m_0
+ LDD -16(%sp),m1_0 ; m1 = temp1
+ ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1;
+ LDD -24(%sp),ht_0
+ LDD -32(%sp),lt_0
+
+ CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD lt_0,m1_0,tmp_0 ; tmp_0 = lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+ ADD %ret1,tmp_0,lt_0 ; lt = lt + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+ ADD lt_0,rp_val,lt_0 ; lt = lt+rp[0]
+ ADD,DC ht_0,%r0,%ret1 ; ht++
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+
+bn_mul_add_words_exit
+ .EXIT
+
+ EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1
+ LDD -80(%sp),%r9 ; restore r9
+ LDD -88(%sp),%r8 ; restore r8
+ LDD -96(%sp),%r7 ; restore r7
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3 ; restore r3
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg3 = num
+; w on stack at -56(sp)
+
+bn_mul_words
+ .proc
+ .callinfo frame=128
+ .entry
+ .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ NOP
+ STD %r5,16(%sp) ; save r5
+
+ STD %r6,24(%sp) ; save r6
+ STD %r7,32(%sp) ; save r7
+ COPY %r0,%ret1 ; return 0 by default
+ DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32
+
+ CMPIB,>= 0,num,bn_mul_words_exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; See if only 1 word to do, thus just do cleanup
+ ;
+ CMPIB,= 1,num,bn_mul_words_single_top
+ FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l)
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+ ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+ ; two 32-bit mutiplies can be issued per cycle.
+ ;
+bn_mul_words_unroll2
+
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l
+ XMPYU fht_1,fw_l,fm1_1 ; m1[1] = ht*fw_l
+
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ FSTD fm1_1,-48(%sp) ; -48(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ XMPYU flt_1,fw_h,fm_1 ; m = lt*fw_h
+
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ FSTD fm_1,-40(%sp) ; -40(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h
+ XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp = ht*fw_h
+
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l
+
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+ FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt
+ LDD -8(%sp),m_0
+ LDD -40(%sp),m_1
+
+ LDD -16(%sp),m1_0
+ LDD -48(%sp),m1_1
+ LDD -24(%sp),ht_0
+ LDD -56(%sp),ht_1
+
+ ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m + m1;
+ ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m + m1;
+ LDD -32(%sp),lt_0
+ LDD -64(%sp),lt_1
+
+ CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+ CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m < m1)
+ ADD,L ht_1,top_overflow,ht_1 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+ EXTRD,U tmp_1,31,32,m_1 ; m>>32
+ DEPD,Z tmp_1,31,32,m1_1 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD,L ht_1,m_1,ht_1 ; ht+= (m>>32)
+ ADD lt_0,m1_0,lt_0 ; lt = lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD lt_1,m1_1,lt_1 ; lt = lt+m1;
+ ADD,DC ht_1,%r0,ht_1 ; ht++
+ ADD %ret1,lt_0,lt_0 ; lt = lt + c (ret1);
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD ht_0,lt_1,lt_1 ; lt = lt + c (ht_0)
+ ADD,DC ht_1,%r0,ht_1 ; ht++
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+ STD lt_1,8(r_ptr) ; rp[1] = lt
+
+ COPY ht_1,%ret1 ; carry = ht
+ LDO -2(num),num ; num = num - 2;
+ LDO 16(a_ptr),a_ptr ; ap += 2
+ CMPIB,<= 2,num,bn_mul_words_unroll2
+ LDO 16(r_ptr),r_ptr ; rp++
+
+ CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_mul_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+ XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+
+ LDD -8(%sp),m_0
+ LDD -16(%sp),m1_0
+ ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1;
+ LDD -24(%sp),ht_0
+ LDD -32(%sp),lt_0
+
+ CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD lt_0,m1_0,lt_0 ; lt= lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD %ret1,lt_0,lt_0 ; lt = lt + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ COPY ht_0,%ret1 ; copy carry
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+
+bn_mul_words_exit
+ .EXIT
+ EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1
+ LDD -96(%sp),%r7 ; restore r7
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3 ; restore r3
+ .PROCEND
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ NOP
+ STD %r5,16(%sp) ; save r5
+
+ CMPIB,>= 0,num,bn_sqr_words_exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; If only 1, the goto straight to cleanup
+ ;
+ CMPIB,= 1,num,bn_sqr_words_single_top
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+
+bn_sqr_words_unroll2
+ FLDD 0(a_ptr),t_float_0 ; a[0]
+ FLDD 8(a_ptr),t_float_1 ; a[1]
+ XMPYU fht_0,flt_0,fm ; m[0]
+ XMPYU fht_1,flt_1,fm_1 ; m[1]
+
+ FSTD fm,-24(%sp) ; store m[0]
+ FSTD fm_1,-56(%sp) ; store m[1]
+ XMPYU flt_0,flt_0,lt_temp ; lt[0]
+ XMPYU flt_1,flt_1,lt_temp_1 ; lt[1]
+
+ FSTD lt_temp,-16(%sp) ; store lt[0]
+ FSTD lt_temp_1,-48(%sp) ; store lt[1]
+ XMPYU fht_0,fht_0,ht_temp ; ht[0]
+ XMPYU fht_1,fht_1,ht_temp_1 ; ht[1]
+
+ FSTD ht_temp,-8(%sp) ; store ht[0]
+ FSTD ht_temp_1,-40(%sp) ; store ht[1]
+ LDD -24(%sp),m_0
+ LDD -56(%sp),m_1
+
+ AND m_0,high_mask,tmp_0 ; m[0] & Mask
+ AND m_1,high_mask,tmp_1 ; m[1] & Mask
+ DEPD,Z m_0,30,31,m_0 ; m[0] << 32+1
+ DEPD,Z m_1,30,31,m_1 ; m[1] << 32+1
+
+ LDD -16(%sp),lt_0
+ LDD -48(%sp),lt_1
+ EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m[0]&Mask >> 32-1
+ EXTRD,U tmp_1,32,33,tmp_1 ; tmp_1 = m[1]&Mask >> 32-1
+
+ LDD -8(%sp),ht_0
+ LDD -40(%sp),ht_1
+ ADD,L ht_0,tmp_0,ht_0 ; ht[0] += tmp_0
+ ADD,L ht_1,tmp_1,ht_1 ; ht[1] += tmp_1
+
+ ADD lt_0,m_0,lt_0 ; lt = lt+m
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ STD lt_0,0(r_ptr) ; rp[0] = lt[0]
+ STD ht_0,8(r_ptr) ; rp[1] = ht[1]
+
+ ADD lt_1,m_1,lt_1 ; lt = lt+m
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+ STD lt_1,16(r_ptr) ; rp[2] = lt[1]
+ STD ht_1,24(r_ptr) ; rp[3] = ht[1]
+
+ LDO -2(num),num ; num = num - 2;
+ LDO 16(a_ptr),a_ptr ; ap += 2
+ CMPIB,<= 2,num,bn_sqr_words_unroll2
+ LDO 32(r_ptr),r_ptr ; rp += 4
+
+ CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_sqr_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+ XMPYU fht_0,flt_0,fm ; m
+ FSTD fm,-24(%sp) ; store m
+
+ XMPYU flt_0,flt_0,lt_temp ; lt
+ FSTD lt_temp,-16(%sp) ; store lt
+
+ XMPYU fht_0,fht_0,ht_temp ; ht
+ FSTD ht_temp,-8(%sp) ; store ht
+
+ LDD -24(%sp),m_0 ; load m
+ AND m_0,high_mask,tmp_0 ; m & Mask
+ DEPD,Z m_0,30,31,m_0 ; m << 32+1
+ LDD -16(%sp),lt_0 ; lt
+
+ LDD -8(%sp),ht_0 ; ht
+ EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m&Mask >> 32-1
+ ADD m_0,lt_0,lt_0 ; lt = lt+m
+ ADD,L ht_0,tmp_0,ht_0 ; ht += tmp_0
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+ STD ht_0,8(r_ptr) ; rp[1] = ht
+
+bn_sqr_words_exit
+ .EXIT
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = bp
+; arg3 = n
+
+t .reg %r22
+b .reg %r21
+l .reg %r20
+
+bn_add_words
+ .proc
+ .entry
+ .callinfo
+ .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .align 64
+
+ CMPIB,>= 0,n,bn_add_words_exit
+ COPY %r0,%ret1 ; return 0 by default
+
+ ;
+ ; If 2 or more numbers do the loop
+ ;
+ CMPIB,= 1,n,bn_add_words_single_top
+ NOP
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+bn_add_words_unroll2
+ LDD 0(a_ptr),t
+ LDD 0(b_ptr),b
+ ADD t,%ret1,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret1 ; set c to carry
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret1,%r0,%ret1 ; c+= carry
+ STD l,0(r_ptr)
+
+ LDD 8(a_ptr),t
+ LDD 8(b_ptr),b
+ ADD t,%ret1,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret1 ; set c to carry
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret1,%r0,%ret1 ; c+= carry
+ STD l,8(r_ptr)
+
+ LDO -2(n),n
+ LDO 16(a_ptr),a_ptr
+ LDO 16(b_ptr),b_ptr
+
+ CMPIB,<= 2,n,bn_add_words_unroll2
+ LDO 16(r_ptr),r_ptr
+
+ CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+ LDD 0(a_ptr),t
+ LDD 0(b_ptr),b
+
+ ADD t,%ret1,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret1 ; set c to carry (could use CMPCLR??)
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret1,%r0,%ret1 ; c+= carry
+ STD l,0(r_ptr)
+
+bn_add_words_exit
+ .EXIT
+ BVE (%rp)
+ EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = bp
+; arg3 = n
+
+t1 .reg %r22
+t2 .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+ .proc
+ .callinfo
+ .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ CMPIB,>= 0,n,bn_sub_words_exit
+ COPY %r0,%ret1 ; return 0 by default
+
+ ;
+ ; If 2 or more numbers do the loop
+ ;
+ CMPIB,= 1,n,bn_sub_words_single_top
+ NOP
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+bn_sub_words_unroll2
+ LDD 0(a_ptr),t1
+ LDD 0(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c;
+
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret1
+ STD sub_tmp1,0(r_ptr)
+
+ LDD 8(a_ptr),t1
+ LDD 8(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c;
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret1
+ STD sub_tmp1,8(r_ptr)
+
+ LDO -2(n),n
+ LDO 16(a_ptr),a_ptr
+ LDO 16(b_ptr),b_ptr
+
+ CMPIB,<= 2,n,bn_sub_words_unroll2
+ LDO 16(r_ptr),r_ptr
+
+ CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+ LDD 0(a_ptr),t1
+ LDD 0(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c;
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret1
+
+ STD sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+ .EXIT
+ BVE (%rp)
+ EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just output from the HP C compiler.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+ .PROC
+ .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+ .IMPORT BN_num_bits_word,CODE
+ ;--- not PIC .IMPORT __iob,DATA
+ ;--- not PIC .IMPORT fprintf,CODE
+ .IMPORT abort,CODE
+ .IMPORT $$div2U,MILLICODE
+ .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+ .ENTRY
+ STW %r2,-20(%r30) ;offset 0x8ec
+ STW,MA %r3,192(%r30) ;offset 0x8f0
+ STW %r4,-188(%r30) ;offset 0x8f4
+ DEPD %r5,31,32,%r6 ;offset 0x8f8
+ STD %r6,-184(%r30) ;offset 0x8fc
+ DEPD %r7,31,32,%r8 ;offset 0x900
+ STD %r8,-176(%r30) ;offset 0x904
+ STW %r9,-168(%r30) ;offset 0x908
+ LDD -248(%r30),%r3 ;offset 0x90c
+ COPY %r26,%r4 ;offset 0x910
+ COPY %r24,%r5 ;offset 0x914
+ DEPD %r25,31,32,%r4 ;offset 0x918
+ CMPB,*<> %r3,%r0,$0006000C ;offset 0x91c
+ DEPD %r23,31,32,%r5 ;offset 0x920
+ MOVIB,TR -1,%r29,$00060002 ;offset 0x924
+ EXTRD,U %r29,31,32,%r28 ;offset 0x928
+$0006002A
+ LDO -1(%r29),%r29 ;offset 0x92c
+ SUB %r23,%r7,%r23 ;offset 0x930
+$00060024
+ SUB %r4,%r31,%r25 ;offset 0x934
+ AND %r25,%r19,%r26 ;offset 0x938
+ CMPB,*<>,N %r0,%r26,$00060046 ;offset 0x93c
+ DEPD,Z %r25,31,32,%r20 ;offset 0x940
+ OR %r20,%r24,%r21 ;offset 0x944
+ CMPB,*<<,N %r21,%r23,$0006002A ;offset 0x948
+ SUB %r31,%r2,%r31 ;offset 0x94c
+$00060046
+$0006002E
+ DEPD,Z %r23,31,32,%r25 ;offset 0x950
+ EXTRD,U %r23,31,32,%r26 ;offset 0x954
+ AND %r25,%r19,%r24 ;offset 0x958
+ ADD,L %r31,%r26,%r31 ;offset 0x95c
+ CMPCLR,*>>= %r5,%r24,%r0 ;offset 0x960
+ LDO 1(%r31),%r31 ;offset 0x964
+$00060032
+ CMPB,*<<=,N %r31,%r4,$00060036 ;offset 0x968
+ LDO -1(%r29),%r29 ;offset 0x96c
+ ADD,L %r4,%r3,%r4 ;offset 0x970
+$00060036
+ ADDIB,=,N -1,%r8,$D0 ;offset 0x974
+ SUB %r5,%r24,%r28 ;offset 0x978
+$0006003A
+ SUB %r4,%r31,%r24 ;offset 0x97c
+ SHRPD %r24,%r28,32,%r4 ;offset 0x980
+ DEPD,Z %r29,31,32,%r9 ;offset 0x984
+ DEPD,Z %r28,31,32,%r5 ;offset 0x988
+$0006001C
+ EXTRD,U %r4,31,32,%r31 ;offset 0x98c
+ CMPB,*<>,N %r31,%r2,$00060020 ;offset 0x990
+ MOVB,TR %r6,%r29,$D1 ;offset 0x994
+ STD %r29,-152(%r30) ;offset 0x998
+$0006000C
+ EXTRD,U %r3,31,32,%r25 ;offset 0x99c
+ COPY %r3,%r26 ;offset 0x9a0
+ EXTRD,U %r3,31,32,%r9 ;offset 0x9a4
+ EXTRD,U %r4,31,32,%r8 ;offset 0x9a8
+ .CALL ARGW0=GR,ARGW1=GR,RTNVAL=GR ;in=25,26;out=28;
+ B,L BN_num_bits_word,%r2 ;offset 0x9ac
+ EXTRD,U %r5,31,32,%r7 ;offset 0x9b0
+ LDI 64,%r20 ;offset 0x9b4
+ DEPD %r7,31,32,%r5 ;offset 0x9b8
+ DEPD %r8,31,32,%r4 ;offset 0x9bc
+ DEPD %r9,31,32,%r3 ;offset 0x9c0
+ CMPB,= %r28,%r20,$00060012 ;offset 0x9c4
+ COPY %r28,%r24 ;offset 0x9c8
+ MTSARCM %r24 ;offset 0x9cc
+ DEPDI,Z -1,%sar,1,%r19 ;offset 0x9d0
+ CMPB,*>>,N %r4,%r19,$D2 ;offset 0x9d4
+$00060012
+ SUBI 64,%r24,%r31 ;offset 0x9d8
+ CMPCLR,*<< %r4,%r3,%r0 ;offset 0x9dc
+ SUB %r4,%r3,%r4 ;offset 0x9e0
+$00060016
+ CMPB,= %r31,%r0,$0006001A ;offset 0x9e4
+ COPY %r0,%r9 ;offset 0x9e8
+ MTSARCM %r31 ;offset 0x9ec
+ DEPD,Z %r3,%sar,64,%r3 ;offset 0x9f0
+ SUBI 64,%r31,%r26 ;offset 0x9f4
+ MTSAR %r26 ;offset 0x9f8
+ SHRPD %r4,%r5,%sar,%r4 ;offset 0x9fc
+ MTSARCM %r31 ;offset 0xa00
+ DEPD,Z %r5,%sar,64,%r5 ;offset 0xa04
+$0006001A
+ DEPDI,Z -1,31,32,%r19 ;offset 0xa08
+ AND %r3,%r19,%r29 ;offset 0xa0c
+ EXTRD,U %r29,31,32,%r2 ;offset 0xa10
+ DEPDI,Z -1,63,32,%r6 ;offset 0xa14
+ MOVIB,TR 2,%r8,$0006001C ;offset 0xa18
+ EXTRD,U %r3,63,32,%r7 ;offset 0xa1c
+$D2
+ ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20
+ ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24
+ ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28
+ ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28;
+ ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c
+ ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30
+ .CALL ;
+ B,L abort,%r2 ;offset 0xa34
+ NOP ;offset 0xa38
+ B $D3 ;offset 0xa3c
+ LDW -212(%r30),%r2 ;offset 0xa40
+$00060020
+ COPY %r4,%r26 ;offset 0xa44
+ EXTRD,U %r4,31,32,%r25 ;offset 0xa48
+ COPY %r2,%r24 ;offset 0xa4c
+ .CALL ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+ B,L $$div2U,%r31 ;offset 0xa50
+ EXTRD,U %r2,31,32,%r23 ;offset 0xa54
+ DEPD %r28,31,32,%r29 ;offset 0xa58
+$00060022
+ STD %r29,-152(%r30) ;offset 0xa5c
+$D1
+ AND %r5,%r19,%r24 ;offset 0xa60
+ EXTRD,U %r24,31,32,%r24 ;offset 0xa64
+ STW %r2,-160(%r30) ;offset 0xa68
+ STW %r7,-128(%r30) ;offset 0xa6c
+ FLDD -152(%r30),%fr4 ;offset 0xa70
+ FLDD -152(%r30),%fr7 ;offset 0xa74
+ FLDW -160(%r30),%fr8L ;offset 0xa78
+ FLDW -128(%r30),%fr5L ;offset 0xa7c
+ XMPYU %fr8L,%fr7L,%fr10 ;offset 0xa80
+ FSTD %fr10,-136(%r30) ;offset 0xa84
+ XMPYU %fr8L,%fr7R,%fr22 ;offset 0xa88
+ FSTD %fr22,-144(%r30) ;offset 0xa8c
+ XMPYU %fr5L,%fr4L,%fr11 ;offset 0xa90
+ XMPYU %fr5L,%fr4R,%fr23 ;offset 0xa94
+ FSTD %fr11,-112(%r30) ;offset 0xa98
+ FSTD %fr23,-120(%r30) ;offset 0xa9c
+ LDD -136(%r30),%r28 ;offset 0xaa0
+ DEPD,Z %r28,31,32,%r31 ;offset 0xaa4
+ LDD -144(%r30),%r20 ;offset 0xaa8
+ ADD,L %r20,%r31,%r31 ;offset 0xaac
+ LDD -112(%r30),%r22 ;offset 0xab0
+ DEPD,Z %r22,31,32,%r22 ;offset 0xab4
+ LDD -120(%r30),%r21 ;offset 0xab8
+ B $00060024 ;offset 0xabc
+ ADD,L %r21,%r22,%r23 ;offset 0xac0
+$D0
+ OR %r9,%r29,%r29 ;offset 0xac4
+$00060040
+ EXTRD,U %r29,31,32,%r28 ;offset 0xac8
+$00060002
+$L2
+ LDW -212(%r30),%r2 ;offset 0xacc
+$D3
+ LDW -168(%r30),%r9 ;offset 0xad0
+ LDD -176(%r30),%r8 ;offset 0xad4
+ EXTRD,U %r8,31,32,%r7 ;offset 0xad8
+ LDD -184(%r30),%r6 ;offset 0xadc
+ EXTRD,U %r6,31,32,%r5 ;offset 0xae0
+ LDW -188(%r30),%r4 ;offset 0xae4
+ BVE (%r2) ;offset 0xae8
+ .EXIT
+ LDW,MB -192(%r30),%r3 ;offset 0xaec
+ .PROCEND ;in=23,25;out=28,29;fpin=105,107;
+
+
+
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate. The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+;
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers
+;
+;
+; Floating point registers to use to save values that
+; are manipulated. These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0 .reg %fr22
+a0L .reg %fr22L
+a0R .reg %fr22R
+
+a1 .reg %fr23
+a1L .reg %fr23L
+a1R .reg %fr23R
+
+a2 .reg %fr24
+a2L .reg %fr24L
+a2R .reg %fr24R
+
+a3 .reg %fr25
+a3L .reg %fr25L
+a3R .reg %fr25R
+
+a4 .reg %fr26
+a4L .reg %fr26L
+a4R .reg %fr26R
+
+a5 .reg %fr27
+a5L .reg %fr27L
+a5R .reg %fr27R
+
+a6 .reg %fr28
+a6L .reg %fr28L
+a6R .reg %fr28R
+
+a7 .reg %fr29
+a7L .reg %fr29L
+a7R .reg %fr29R
+
+b0 .reg %fr30
+b0L .reg %fr30L
+b0R .reg %fr30R
+
+b1 .reg %fr31
+b1L .reg %fr31L
+b1R .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1 .reg %fr4
+ftemp2 .reg %fr5
+ftemp3 .reg %fr6
+ftemp4 .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2 .reg %fr8
+b2L .reg %fr8L
+b2R .reg %fr8R
+
+b3 .reg %fr9
+b3L .reg %fr9L
+b3R .reg %fr9R
+
+b4 .reg %fr10
+b4L .reg %fr10L
+b4R .reg %fr10R
+
+b5 .reg %fr11
+b5L .reg %fr11L
+b5R .reg %fr11R
+
+b6 .reg %fr12
+b6L .reg %fr12L
+b6R .reg %fr12R
+
+b7 .reg %fr13
+b7L .reg %fr13L
+b7R .reg %fr13R
+
+c1 .reg %r21 ; only reg
+temp1 .reg %r20 ; only reg
+temp2 .reg %r19 ; only reg
+temp3 .reg %r31 ; only reg
+
+m1 .reg %r28
+c2 .reg %r23
+high_one .reg %r1
+ht .reg %r6
+lt .reg %r5
+m .reg %r4
+c3 .reg %r3
+
+SQR_ADD_C .macro A0L,A0R,C1,C2,C3
+ XMPYU A0L,A0R,ftemp1 ; m
+ FSTD ftemp1,-24(%sp) ; store m
+
+ XMPYU A0R,A0R,ftemp2 ; lt
+ FSTD ftemp2,-16(%sp) ; store lt
+
+ XMPYU A0L,A0L,ftemp3 ; ht
+ FSTD ftemp3,-8(%sp) ; store ht
+
+ LDD -24(%sp),m ; load m
+ AND m,high_mask,temp2 ; m & Mask
+ DEPD,Z m,30,31,temp3 ; m << 32+1
+ LDD -16(%sp),lt ; lt
+
+ LDD -8(%sp),ht ; ht
+ EXTRD,U temp2,32,33,temp1 ; temp1 = m&Mask >> 32-1
+ ADD temp3,lt,lt ; lt = lt+m
+ ADD,L ht,temp1,ht ; ht += temp1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C2,ht,C2 ; c2=c2+ht
+ ADD,DC C3,%r0,C3 ; c3++
+.endm
+
+SQR_ADD_C2 .macro A0L,A0R,A1L,A1R,C1,C2,C3
+ XMPYU A0L,A1R,ftemp1 ; m1 = bl*ht
+ FSTD ftemp1,-16(%sp) ;
+ XMPYU A0R,A1L,ftemp2 ; m = bh*lt
+ FSTD ftemp2,-8(%sp) ;
+ XMPYU A0R,A1R,ftemp3 ; lt = bl*lt
+ FSTD ftemp3,-32(%sp)
+ XMPYU A0L,A1L,ftemp4 ; ht = bh*ht
+ FSTD ftemp4,-24(%sp) ;
+
+ LDD -8(%sp),m ; r21 = m
+ LDD -16(%sp),m1 ; r19 = m1
+ ADD,L m,m1,m ; m+m1
+
+ DEPD,Z m,31,32,temp3 ; (m+m1<<32)
+ LDD -24(%sp),ht ; r24 = ht
+
+ CMPCLR,*>>= m,m1,%r0 ; if (m < m1)
+ ADD,L ht,high_one,ht ; ht+=high_one
+
+ EXTRD,U m,31,32,temp1 ; m >> 32
+ LDD -32(%sp),lt ; lt
+ ADD,L ht,temp1,ht ; ht+= m>>32
+ ADD lt,temp3,lt ; lt = lt+m1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD ht,ht,ht ; ht=ht+ht;
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+
+ ADD lt,lt,lt ; lt=lt+lt;
+ ADD,DC ht,%r0,ht ; add in carry (ht++)
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC,*NUV ht,%r0,ht ; add in carry (ht++)
+ LDO 1(C3),C3 ; bump c3 if overflow,nullify otherwise
+
+ ADD C2,ht,C2 ; c2 = c2 + ht
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+ .PROC
+ .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .ENTRY
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ SQR_ADD_C a0L,a0R,c1,c2,c3
+ STD c1,0(r_ptr) ; r[0] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+ STD c2,8(r_ptr) ; r[1] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+ STD c3,16(r_ptr) ; r[2] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+ SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+ STD c1,24(r_ptr) ; r[3] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+ SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+ STD c2,32(r_ptr) ; r[4] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+ SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+ STD c3,40(r_ptr) ; r[5] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a3L,a3R,c1,c2,c3
+ SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+ SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+ SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+ STD c1,48(r_ptr) ; r[6] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+ SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+ SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+ STD c2,56(r_ptr) ; r[7] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a4L,a4R,c3,c1,c2
+ SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+ SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+ SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+ STD c3,64(r_ptr) ; r[8] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+ SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+ SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+ STD c1,72(r_ptr) ; r[9] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a5L,a5R,c2,c3,c1
+ SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+ SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+ STD c2,80(r_ptr) ; r[10] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+ SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+ STD c3,88(r_ptr) ; r[11] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a6L,a6R,c1,c2,c3
+ SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+ STD c1,96(r_ptr) ; r[12] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+ STD c2,104(r_ptr) ; r[13] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a7L,a7R,c3,c1,c2
+ STD c3, 112(r_ptr) ; r[14] = c3
+ STD c1, 120(r_ptr) ; r[15] = c1
+
+ .EXIT
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ SQR_ADD_C a0L,a0R,c1,c2,c3
+
+ STD c1,0(r_ptr) ; r[0] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+ STD c2,8(r_ptr) ; r[1] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+ STD c3,16(r_ptr) ; r[2] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+ SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+ STD c1,24(r_ptr) ; r[3] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+ STD c2,32(r_ptr) ; r[4] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+ STD c3,40(r_ptr) ; r[5] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a3L,a3R,c1,c2,c3
+ STD c1,48(r_ptr) ; r[6] = c1;
+ STD c2,56(r_ptr) ; r[7] = c2;
+
+ .EXIT
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C .macro A0L,A0R,B0L,B0R,C1,C2,C3
+ XMPYU A0L,B0R,ftemp1 ; m1 = bl*ht
+ FSTD ftemp1,-16(%sp) ;
+ XMPYU A0R,B0L,ftemp2 ; m = bh*lt
+ FSTD ftemp2,-8(%sp) ;
+ XMPYU A0R,B0R,ftemp3 ; lt = bl*lt
+ FSTD ftemp3,-32(%sp)
+ XMPYU A0L,B0L,ftemp4 ; ht = bh*ht
+ FSTD ftemp4,-24(%sp) ;
+
+ LDD -8(%sp),m ; r21 = m
+ LDD -16(%sp),m1 ; r19 = m1
+ ADD,L m,m1,m ; m+m1
+
+ DEPD,Z m,31,32,temp3 ; (m+m1<<32)
+ LDD -24(%sp),ht ; r24 = ht
+
+ CMPCLR,*>>= m,m1,%r0 ; if (m < m1)
+ ADD,L ht,high_one,ht ; ht+=high_one
+
+ EXTRD,U m,31,32,temp1 ; m >> 32
+ LDD -32(%sp),lt ; lt
+ ADD,L ht,temp1,ht ; ht+= m>>32
+ ADD lt,temp3,lt ; lt = lt+m1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC ht,%r0,ht ; bump c3 if overflow,nullify otherwise
+
+ ADD C2,ht,C2 ; c2 = c2 + ht
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+ FSTD %fr12,32(%sp) ; save r6
+ FSTD %fr13,40(%sp) ; save r7
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ FLDD 0(b_ptr),b0
+ FLDD 8(b_ptr),b1
+ FLDD 16(b_ptr),b2
+ FLDD 24(b_ptr),b3
+ FLDD 32(b_ptr),b4
+ FLDD 40(b_ptr),b5
+ FLDD 48(b_ptr),b6
+ FLDD 56(b_ptr),b7
+
+ MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+ STD c1,0(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+ STD c2,8(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+ STD c3,16(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+ STD c1,24(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+ STD c2,32(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+ MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+ MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+ STD c3,40(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+ STD c1,48(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+ MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+ STD c2,56(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+ STD c3,64(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+ MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+ MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+ STD c1,72(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+ MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+ MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+ STD c2,80(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+ MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+ STD c3,88(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+ STD c1,96(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+ MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+ STD c2,104(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+ STD c3,112(r_ptr)
+ STD c1,120(r_ptr)
+
+ .EXIT
+ FLDD -88(%sp),%fr13
+ FLDD -96(%sp),%fr12
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+ FSTD %fr12,32(%sp) ; save r6
+ FSTD %fr13,40(%sp) ; save r7
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+
+ FLDD 0(b_ptr),b0
+ FLDD 8(b_ptr),b1
+ FLDD 16(b_ptr),b2
+ FLDD 24(b_ptr),b3
+
+ MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+ STD c1,0(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+ STD c2,8(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+ STD c3,16(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+ STD c1,24(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+ STD c2,32(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+ STD c3,40(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+ STD c1,48(r_ptr)
+ STD c2,56(r_ptr)
+
+ .EXIT
+ FLDD -88(%sp),%fr13
+ FLDD -96(%sp),%fr12
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+
+;--- not PIC .SPACE $TEXT$
+;--- not PIC .SUBSPA $CODE$
+;--- not PIC .SPACE $PRIVATE$,SORT=16
+;--- not PIC .IMPORT $global$,DATA
+;--- not PIC .SPACE $TEXT$
+;--- not PIC .SUBSPA $CODE$
+;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c
+;--- not PIC C$7
+;--- not PIC .ALIGN 8
+;--- not PIC .STRINGZ "Division would overflow (%d)\n"
+ .END
Added: vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2W.s
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2W.s (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/pa-risc2W.s 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1605 @@
+;
+; PA-RISC 64-bit implementation of bn_asm code
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/ for more details on the PA-RISC
+; architecture. Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+ .level 2.0W
+ .space $TEXT$
+ .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 64-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers
+;
+; "caller save" registers: fr4-fr11, fr22-fr31
+; "callee save" registers: fr12-fr21
+; "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+; value zero : r0
+; "caller save" registers: r1,r19-r26
+; "callee save" registers: r3-r18
+; return register : r2 (rp)
+; return values ; r28 (ret0,ret1)
+; Stack pointer ; r30 (sp)
+; global data pointer ; r27 (dp)
+; argument pointer ; r29 (ap)
+; millicode return ptr ; r31 (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr .reg %r26
+a_ptr .reg %r25
+b_ptr .reg %r24
+num .reg %r24
+w .reg %r23
+n .reg %r23
+
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r29
+high_mask .reg %r22 ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr,
+; int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = num
+; arg3 = w
+;
+; Local register definitions
+;
+
+fm1 .reg %fr22
+fm .reg %fr23
+ht_temp .reg %fr24
+ht_temp_1 .reg %fr25
+lt_temp .reg %fr26
+lt_temp_1 .reg %fr27
+fm1_1 .reg %fr28
+fm_1 .reg %fr29
+
+fw_h .reg %fr7L
+fw_l .reg %fr7R
+fw .reg %fr7
+
+fht_0 .reg %fr8L
+flt_0 .reg %fr8R
+t_float_0 .reg %fr8
+
+fht_1 .reg %fr9L
+flt_1 .reg %fr9R
+t_float_1 .reg %fr9
+
+tmp_0 .reg %r31
+tmp_1 .reg %r21
+m_0 .reg %r20
+m_1 .reg %r19
+ht_0 .reg %r1
+ht_1 .reg %r3
+lt_0 .reg %r4
+lt_1 .reg %r5
+m1_0 .reg %r6
+m1_1 .reg %r7
+rp_val .reg %r8
+rp_val_1 .reg %r9
+
+bn_mul_add_words
+ .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+ .proc
+ .callinfo frame=128
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ NOP ; Needed to make the loop 16-byte aligned
+ NOP ; Needed to make the loop 16-byte aligned
+
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+ STD %r7,32(%sp) ; save r7
+ STD %r8,40(%sp) ; save r8
+
+ STD %r9,48(%sp) ; save r9
+ COPY %r0,%ret0 ; return 0 by default
+ DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32
+ STD w,56(%sp) ; store w on stack
+
+ CMPIB,>= 0,num,bn_mul_add_words_exit ; if (num <= 0) then exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; The loop is unrolled twice, so if there is only 1 number
+ ; then go straight to the cleanup code.
+ ;
+ CMPIB,= 1,num,bn_mul_add_words_single_top
+ FLDD -72(%sp),fw ; load up w into fp register fw (fw_h/fw_l)
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+ ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+ ; two 32-bit mutiplies can be issued per cycle.
+ ;
+bn_mul_add_words_unroll2
+
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ LDD 0(r_ptr),rp_val ; rp[0]
+ LDD 8(r_ptr),rp_val_1 ; rp[1]
+
+ XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l
+ XMPYU fht_1,fw_l,fm1_1 ; m1[1] = fht_1*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1[0]
+ FSTD fm1_1,-48(%sp) ; -48(sp) = m1[1]
+
+ XMPYU flt_0,fw_h,fm ; m[0] = flt_0*fw_h
+ XMPYU flt_1,fw_h,fm_1 ; m[1] = flt_1*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m[0]
+ FSTD fm_1,-40(%sp) ; -40(sp) = m[1]
+
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h
+ XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp_1 = fht_1*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht_temp
+ FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht_temp_1
+
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt_temp
+ FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt_temp_1
+
+ LDD -8(%sp),m_0 ; m[0]
+ LDD -40(%sp),m_1 ; m[1]
+ LDD -16(%sp),m1_0 ; m1[0]
+ LDD -48(%sp),m1_1 ; m1[1]
+
+ LDD -24(%sp),ht_0 ; ht[0]
+ LDD -56(%sp),ht_1 ; ht[1]
+ ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m[0] + m1[0];
+ ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m[1] + m1[1];
+
+ LDD -32(%sp),lt_0
+ LDD -64(%sp),lt_1
+ CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m[0] < m1[0])
+ ADD,L ht_0,top_overflow,ht_0 ; ht[0] += (1<<32)
+
+ CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m[1] < m1[1])
+ ADD,L ht_1,top_overflow,ht_1 ; ht[1] += (1<<32)
+ EXTRD,U tmp_0,31,32,m_0 ; m[0]>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1[0] = m[0]<<32
+
+ EXTRD,U tmp_1,31,32,m_1 ; m[1]>>32
+ DEPD,Z tmp_1,31,32,m1_1 ; m1[1] = m[1]<<32
+ ADD,L ht_0,m_0,ht_0 ; ht[0]+= (m[0]>>32)
+ ADD,L ht_1,m_1,ht_1 ; ht[1]+= (m[1]>>32)
+
+ ADD lt_0,m1_0,lt_0 ; lt[0] = lt[0]+m1[0];
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ ADD lt_1,m1_1,lt_1 ; lt[1] = lt[1]+m1[1];
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+
+ ADD %ret0,lt_0,lt_0 ; lt[0] = lt[0] + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ ADD lt_0,rp_val,lt_0 ; lt[0] = lt[0]+rp[0]
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+
+ LDO -2(num),num ; num = num - 2;
+ ADD ht_0,lt_1,lt_1 ; lt[1] = lt[1] + ht_0 (c);
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+ STD lt_0,0(r_ptr) ; rp[0] = lt[0]
+
+ ADD lt_1,rp_val_1,lt_1 ; lt[1] = lt[1]+rp[1]
+ ADD,DC ht_1,%r0,%ret0 ; ht[1]++
+ LDO 16(a_ptr),a_ptr ; a_ptr += 2
+
+ STD lt_1,8(r_ptr) ; rp[1] = lt[1]
+ CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+ LDO 16(r_ptr),r_ptr ; r_ptr += 2
+
+ CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_mul_add_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ LDD 0(r_ptr),rp_val ; rp[0]
+ LDO 8(a_ptr),a_ptr ; a_ptr++
+ XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+
+ LDD -8(%sp),m_0
+ LDD -16(%sp),m1_0 ; m1 = temp1
+ ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1;
+ LDD -24(%sp),ht_0
+ LDD -32(%sp),lt_0
+
+ CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD lt_0,m1_0,tmp_0 ; tmp_0 = lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+ ADD %ret0,tmp_0,lt_0 ; lt = lt + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+ ADD lt_0,rp_val,lt_0 ; lt = lt+rp[0]
+ ADD,DC ht_0,%r0,%ret0 ; ht++
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+
+bn_mul_add_words_exit
+ .EXIT
+ LDD -80(%sp),%r9 ; restore r9
+ LDD -88(%sp),%r8 ; restore r8
+ LDD -96(%sp),%r7 ; restore r7
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3 ; restore r3
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+; arg3 = w
+
+bn_mul_words
+ .proc
+ .callinfo frame=128
+ .entry
+ .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+
+ STD %r7,32(%sp) ; save r7
+ COPY %r0,%ret0 ; return 0 by default
+ DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32
+ STD w,56(%sp) ; w on stack
+
+ CMPIB,>= 0,num,bn_mul_words_exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; See if only 1 word to do, thus just do cleanup
+ ;
+ CMPIB,= 1,num,bn_mul_words_single_top
+ FLDD -72(%sp),fw ; load up w into fp register fw (fw_h/fw_l)
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+ ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+ ; two 32-bit mutiplies can be issued per cycle.
+ ;
+bn_mul_words_unroll2
+
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+ XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l
+ XMPYU fht_1,fw_l,fm1_1 ; m1[1] = ht*fw_l
+
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ FSTD fm1_1,-48(%sp) ; -48(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ XMPYU flt_1,fw_h,fm_1 ; m = lt*fw_h
+
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ FSTD fm_1,-40(%sp) ; -40(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h
+ XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp = ht*fw_h
+
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l
+
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+ FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt
+ LDD -8(%sp),m_0
+ LDD -40(%sp),m_1
+
+ LDD -16(%sp),m1_0
+ LDD -48(%sp),m1_1
+ LDD -24(%sp),ht_0
+ LDD -56(%sp),ht_1
+
+ ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m + m1;
+ ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m + m1;
+ LDD -32(%sp),lt_0
+ LDD -64(%sp),lt_1
+
+ CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+ CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m < m1)
+ ADD,L ht_1,top_overflow,ht_1 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+ EXTRD,U tmp_1,31,32,m_1 ; m>>32
+ DEPD,Z tmp_1,31,32,m1_1 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD,L ht_1,m_1,ht_1 ; ht+= (m>>32)
+ ADD lt_0,m1_0,lt_0 ; lt = lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD lt_1,m1_1,lt_1 ; lt = lt+m1;
+ ADD,DC ht_1,%r0,ht_1 ; ht++
+ ADD %ret0,lt_0,lt_0 ; lt = lt + c (ret0);
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD ht_0,lt_1,lt_1 ; lt = lt + c (ht_0)
+ ADD,DC ht_1,%r0,ht_1 ; ht++
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+ STD lt_1,8(r_ptr) ; rp[1] = lt
+
+ COPY ht_1,%ret0 ; carry = ht
+ LDO -2(num),num ; num = num - 2;
+ LDO 16(a_ptr),a_ptr ; ap += 2
+ CMPIB,<= 2,num,bn_mul_words_unroll2
+ LDO 16(r_ptr),r_ptr ; rp++
+
+ CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_mul_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+ XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l
+ FSTD fm1,-16(%sp) ; -16(sp) = m1
+ XMPYU flt_0,fw_h,fm ; m = lt*fw_h
+ FSTD fm,-8(%sp) ; -8(sp) = m
+ XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h
+ FSTD ht_temp,-24(%sp) ; -24(sp) = ht
+ XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l
+ FSTD lt_temp,-32(%sp) ; -32(sp) = lt
+
+ LDD -8(%sp),m_0
+ LDD -16(%sp),m1_0
+ ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1;
+ LDD -24(%sp),ht_0
+ LDD -32(%sp),lt_0
+
+ CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1)
+ ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32)
+
+ EXTRD,U tmp_0,31,32,m_0 ; m>>32
+ DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32
+
+ ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32)
+ ADD lt_0,m1_0,lt_0 ; lt= lt+m1;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ ADD %ret0,lt_0,lt_0 ; lt = lt + c;
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ COPY ht_0,%ret0 ; copy carry
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+
+bn_mul_words_exit
+ .EXIT
+ LDD -96(%sp),%r7 ; restore r7
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3 ; restore r3
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ NOP
+ STD %r5,16(%sp) ; save r5
+
+ CMPIB,>= 0,num,bn_sqr_words_exit
+ LDO 128(%sp),%sp ; bump stack
+
+ ;
+ ; If only 1, the goto straight to cleanup
+ ;
+ CMPIB,= 1,num,bn_sqr_words_single_top
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+
+bn_sqr_words_unroll2
+ FLDD 0(a_ptr),t_float_0 ; a[0]
+ FLDD 8(a_ptr),t_float_1 ; a[1]
+ XMPYU fht_0,flt_0,fm ; m[0]
+ XMPYU fht_1,flt_1,fm_1 ; m[1]
+
+ FSTD fm,-24(%sp) ; store m[0]
+ FSTD fm_1,-56(%sp) ; store m[1]
+ XMPYU flt_0,flt_0,lt_temp ; lt[0]
+ XMPYU flt_1,flt_1,lt_temp_1 ; lt[1]
+
+ FSTD lt_temp,-16(%sp) ; store lt[0]
+ FSTD lt_temp_1,-48(%sp) ; store lt[1]
+ XMPYU fht_0,fht_0,ht_temp ; ht[0]
+ XMPYU fht_1,fht_1,ht_temp_1 ; ht[1]
+
+ FSTD ht_temp,-8(%sp) ; store ht[0]
+ FSTD ht_temp_1,-40(%sp) ; store ht[1]
+ LDD -24(%sp),m_0
+ LDD -56(%sp),m_1
+
+ AND m_0,high_mask,tmp_0 ; m[0] & Mask
+ AND m_1,high_mask,tmp_1 ; m[1] & Mask
+ DEPD,Z m_0,30,31,m_0 ; m[0] << 32+1
+ DEPD,Z m_1,30,31,m_1 ; m[1] << 32+1
+
+ LDD -16(%sp),lt_0
+ LDD -48(%sp),lt_1
+ EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m[0]&Mask >> 32-1
+ EXTRD,U tmp_1,32,33,tmp_1 ; tmp_1 = m[1]&Mask >> 32-1
+
+ LDD -8(%sp),ht_0
+ LDD -40(%sp),ht_1
+ ADD,L ht_0,tmp_0,ht_0 ; ht[0] += tmp_0
+ ADD,L ht_1,tmp_1,ht_1 ; ht[1] += tmp_1
+
+ ADD lt_0,m_0,lt_0 ; lt = lt+m
+ ADD,DC ht_0,%r0,ht_0 ; ht[0]++
+ STD lt_0,0(r_ptr) ; rp[0] = lt[0]
+ STD ht_0,8(r_ptr) ; rp[1] = ht[1]
+
+ ADD lt_1,m_1,lt_1 ; lt = lt+m
+ ADD,DC ht_1,%r0,ht_1 ; ht[1]++
+ STD lt_1,16(r_ptr) ; rp[2] = lt[1]
+ STD ht_1,24(r_ptr) ; rp[3] = ht[1]
+
+ LDO -2(num),num ; num = num - 2;
+ LDO 16(a_ptr),a_ptr ; ap += 2
+ CMPIB,<= 2,num,bn_sqr_words_unroll2
+ LDO 32(r_ptr),r_ptr ; rp += 4
+
+ CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+ ;
+ ; Top of loop aligned on 64-byte boundary
+ ;
+bn_sqr_words_single_top
+ FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+ XMPYU fht_0,flt_0,fm ; m
+ FSTD fm,-24(%sp) ; store m
+
+ XMPYU flt_0,flt_0,lt_temp ; lt
+ FSTD lt_temp,-16(%sp) ; store lt
+
+ XMPYU fht_0,fht_0,ht_temp ; ht
+ FSTD ht_temp,-8(%sp) ; store ht
+
+ LDD -24(%sp),m_0 ; load m
+ AND m_0,high_mask,tmp_0 ; m & Mask
+ DEPD,Z m_0,30,31,m_0 ; m << 32+1
+ LDD -16(%sp),lt_0 ; lt
+
+ LDD -8(%sp),ht_0 ; ht
+ EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m&Mask >> 32-1
+ ADD m_0,lt_0,lt_0 ; lt = lt+m
+ ADD,L ht_0,tmp_0,ht_0 ; ht += tmp_0
+ ADD,DC ht_0,%r0,ht_0 ; ht++
+
+ STD lt_0,0(r_ptr) ; rp[0] = lt
+ STD ht_0,8(r_ptr) ; rp[1] = ht
+
+bn_sqr_words_exit
+ .EXIT
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = bp
+; arg3 = n
+
+t .reg %r22
+b .reg %r21
+l .reg %r20
+
+bn_add_words
+ .proc
+ .entry
+ .callinfo
+ .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .align 64
+
+ CMPIB,>= 0,n,bn_add_words_exit
+ COPY %r0,%ret0 ; return 0 by default
+
+ ;
+ ; If 2 or more numbers do the loop
+ ;
+ CMPIB,= 1,n,bn_add_words_single_top
+ NOP
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+bn_add_words_unroll2
+ LDD 0(a_ptr),t
+ LDD 0(b_ptr),b
+ ADD t,%ret0,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret0 ; set c to carry
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret0,%r0,%ret0 ; c+= carry
+ STD l,0(r_ptr)
+
+ LDD 8(a_ptr),t
+ LDD 8(b_ptr),b
+ ADD t,%ret0,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret0 ; set c to carry
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret0,%r0,%ret0 ; c+= carry
+ STD l,8(r_ptr)
+
+ LDO -2(n),n
+ LDO 16(a_ptr),a_ptr
+ LDO 16(b_ptr),b_ptr
+
+ CMPIB,<= 2,n,bn_add_words_unroll2
+ LDO 16(r_ptr),r_ptr
+
+ CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+ LDD 0(a_ptr),t
+ LDD 0(b_ptr),b
+
+ ADD t,%ret0,t ; t = t+c;
+ ADD,DC %r0,%r0,%ret0 ; set c to carry (could use CMPCLR??)
+ ADD t,b,l ; l = t + b[0]
+ ADD,DC %ret0,%r0,%ret0 ; c+= carry
+ STD l,0(r_ptr)
+
+bn_add_words_exit
+ .EXIT
+ BVE (%rp)
+ NOP
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = bp
+; arg3 = n
+
+t1 .reg %r22
+t2 .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+ .proc
+ .callinfo
+ .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ CMPIB,>= 0,n,bn_sub_words_exit
+ COPY %r0,%ret0 ; return 0 by default
+
+ ;
+ ; If 2 or more numbers do the loop
+ ;
+ CMPIB,= 1,n,bn_sub_words_single_top
+ NOP
+
+ ;
+ ; This loop is unrolled 2 times (64-byte aligned as well)
+ ;
+bn_sub_words_unroll2
+ LDD 0(a_ptr),t1
+ LDD 0(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c;
+
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret0
+ STD sub_tmp1,0(r_ptr)
+
+ LDD 8(a_ptr),t1
+ LDD 8(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c;
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret0
+ STD sub_tmp1,8(r_ptr)
+
+ LDO -2(n),n
+ LDO 16(a_ptr),a_ptr
+ LDO 16(b_ptr),b_ptr
+
+ CMPIB,<= 2,n,bn_sub_words_unroll2
+ LDO 16(r_ptr),r_ptr
+
+ CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+ LDD 0(a_ptr),t1
+ LDD 0(b_ptr),t2
+ SUB t1,t2,sub_tmp1 ; t3 = t1-t2;
+ SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c;
+ CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2
+ LDO 1(%r0),sub_tmp2
+
+ CMPCLR,*= t1,t2,%r0
+ COPY sub_tmp2,%ret0
+
+ STD sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+ .EXIT
+ BVE (%rp)
+ NOP
+ .PROCEND ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just modified assembly from the compiler, thus the
+; lack of variable names.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+ .proc
+ .callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .IMPORT BN_num_bits_word,CODE,NO_RELOCATION
+ .IMPORT __iob,DATA
+ .IMPORT fprintf,CODE,NO_RELOCATION
+ .IMPORT abort,CODE,NO_RELOCATION
+ .IMPORT $$div2U,MILLICODE
+ .entry
+ STD %r2,-16(%r30)
+ STD,MA %r3,352(%r30)
+ STD %r4,-344(%r30)
+ STD %r5,-336(%r30)
+ STD %r6,-328(%r30)
+ STD %r7,-320(%r30)
+ STD %r8,-312(%r30)
+ STD %r9,-304(%r30)
+ STD %r10,-296(%r30)
+
+ STD %r27,-288(%r30) ; save gp
+
+ COPY %r24,%r3 ; save d
+ COPY %r26,%r4 ; save h (high 64-bits)
+ LDO -1(%r0),%ret0 ; return -1 by default
+
+ CMPB,*= %r0,%arg2,$D3 ; if (d == 0)
+ COPY %r25,%r5 ; save l (low 64-bits)
+
+ LDO -48(%r30),%r29 ; create ap
+ .CALL ;in=26,29;out=28;
+ B,L BN_num_bits_word,%r2
+ COPY %r3,%r26
+ LDD -288(%r30),%r27 ; restore gp
+ LDI 64,%r21
+
+ CMPB,= %r21,%ret0,$00000012 ;if (i == 64) (forward)
+ COPY %ret0,%r24 ; i
+ MTSARCM %r24
+ DEPDI,Z -1,%sar,1,%r29
+ CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward)
+
+$00000012
+ SUBI 64,%r24,%r31 ; i = 64 - i;
+ CMPCLR,*<< %r4,%r3,%r0 ; if (h >= d)
+ SUB %r4,%r3,%r4 ; h -= d
+ CMPB,= %r31,%r0,$0000001A ; if (i)
+ COPY %r0,%r10 ; ret = 0
+ MTSARCM %r31 ; i to shift
+ DEPD,Z %r3,%sar,64,%r3 ; d <<= i;
+ SUBI 64,%r31,%r19 ; 64 - i; redundent
+ MTSAR %r19 ; (64 -i) to shift
+ SHRPD %r4,%r5,%sar,%r4 ; l>> (64-i)
+ MTSARCM %r31 ; i to shift
+ DEPD,Z %r5,%sar,64,%r5 ; l <<= i;
+
+$0000001A
+ DEPDI,Z -1,31,32,%r19
+ EXTRD,U %r3,31,32,%r6 ; dh=(d&0xfff)>>32
+ EXTRD,U %r3,63,32,%r8 ; dl = d&0xffffff
+ LDO 2(%r0),%r9
+ STD %r3,-280(%r30) ; "d" to stack
+
+$0000001C
+ DEPDI,Z -1,63,32,%r29 ;
+ EXTRD,U %r4,31,32,%r31 ; h >> 32
+ CMPB,*=,N %r31,%r6,$D2 ; if ((h>>32) != dh)(forward) div
+ COPY %r4,%r26
+ EXTRD,U %r4,31,32,%r25
+ COPY %r6,%r24
+ .CALL ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+ B,L $$div2U,%r2
+ EXTRD,U %r6,31,32,%r23
+ DEPD %r28,31,32,%r29
+$D2
+ STD %r29,-272(%r30) ; q
+ AND %r5,%r19,%r24 ; t & 0xffffffff00000000;
+ EXTRD,U %r24,31,32,%r24 ; ???
+ FLDD -272(%r30),%fr7 ; q
+ FLDD -280(%r30),%fr8 ; d
+ XMPYU %fr8L,%fr7L,%fr10
+ FSTD %fr10,-256(%r30)
+ XMPYU %fr8L,%fr7R,%fr22
+ FSTD %fr22,-264(%r30)
+ XMPYU %fr8R,%fr7L,%fr11
+ XMPYU %fr8R,%fr7R,%fr23
+ FSTD %fr11,-232(%r30)
+ FSTD %fr23,-240(%r30)
+ LDD -256(%r30),%r28
+ DEPD,Z %r28,31,32,%r2
+ LDD -264(%r30),%r20
+ ADD,L %r20,%r2,%r31
+ LDD -232(%r30),%r22
+ DEPD,Z %r22,31,32,%r22
+ LDD -240(%r30),%r21
+ B $00000024 ; enter loop
+ ADD,L %r21,%r22,%r23
+
+$0000002A
+ LDO -1(%r29),%r29
+ SUB %r23,%r8,%r23
+$00000024
+ SUB %r4,%r31,%r25
+ AND %r25,%r19,%r26
+ CMPB,*<>,N %r0,%r26,$00000046 ; (forward)
+ DEPD,Z %r25,31,32,%r20
+ OR %r20,%r24,%r21
+ CMPB,*<<,N %r21,%r23,$0000002A ;(backward)
+ SUB %r31,%r6,%r31
+;-------------Break path---------------------
+
+$00000046
+ DEPD,Z %r23,31,32,%r25 ;tl
+ EXTRD,U %r23,31,32,%r26 ;t
+ AND %r25,%r19,%r24 ;tl = (tl<<32)&0xfffffff0000000L
+ ADD,L %r31,%r26,%r31 ;th += t;
+ CMPCLR,*>>= %r5,%r24,%r0 ;if (l<tl)
+ LDO 1(%r31),%r31 ; th++;
+ CMPB,*<<=,N %r31,%r4,$00000036 ;if (n < th) (forward)
+ LDO -1(%r29),%r29 ;q--;
+ ADD,L %r4,%r3,%r4 ;h += d;
+$00000036
+ ADDIB,=,N -1,%r9,$D1 ;if (--count == 0) break (forward)
+ SUB %r5,%r24,%r28 ; l -= tl;
+ SUB %r4,%r31,%r24 ; h -= th;
+ SHRPD %r24,%r28,32,%r4 ; h = ((h<<32)|(l>>32));
+ DEPD,Z %r29,31,32,%r10 ; ret = q<<32
+ b $0000001C
+ DEPD,Z %r28,31,32,%r5 ; l = l << 32
+
+$D1
+ OR %r10,%r29,%r28 ; ret |= q
+$D3
+ LDD -368(%r30),%r2
+$D0
+ LDD -296(%r30),%r10
+ LDD -304(%r30),%r9
+ LDD -312(%r30),%r8
+ LDD -320(%r30),%r7
+ LDD -328(%r30),%r6
+ LDD -336(%r30),%r5
+ LDD -344(%r30),%r4
+ BVE (%r2)
+ .EXIT
+ LDD,MB -352(%r30),%r3
+
+bn_div_err_case
+ MFIA %r6
+ ADDIL L'bn_div_words-bn_div_err_case,%r6,%r1
+ LDO R'bn_div_words-bn_div_err_case(%r1),%r6
+ ADDIL LT'__iob,%r27,%r1
+ LDD RT'__iob(%r1),%r26
+ ADDIL L'C$4-bn_div_words,%r6,%r1
+ LDO R'C$4-bn_div_words(%r1),%r25
+ LDO 64(%r26),%r26
+ .CALL ;in=24,25,26,29;out=28;
+ B,L fprintf,%r2
+ LDO -48(%r30),%r29
+ LDD -288(%r30),%r27
+ .CALL ;in=29;
+ B,L abort,%r2
+ LDO -48(%r30),%r29
+ LDD -288(%r30),%r27
+ B $D0
+ LDD -368(%r30),%r2
+ .PROCEND ;in=24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate. The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+;
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers
+;
+;
+; Floating point registers to use to save values that
+; are manipulated. These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0 .reg %fr22
+a0L .reg %fr22L
+a0R .reg %fr22R
+
+a1 .reg %fr23
+a1L .reg %fr23L
+a1R .reg %fr23R
+
+a2 .reg %fr24
+a2L .reg %fr24L
+a2R .reg %fr24R
+
+a3 .reg %fr25
+a3L .reg %fr25L
+a3R .reg %fr25R
+
+a4 .reg %fr26
+a4L .reg %fr26L
+a4R .reg %fr26R
+
+a5 .reg %fr27
+a5L .reg %fr27L
+a5R .reg %fr27R
+
+a6 .reg %fr28
+a6L .reg %fr28L
+a6R .reg %fr28R
+
+a7 .reg %fr29
+a7L .reg %fr29L
+a7R .reg %fr29R
+
+b0 .reg %fr30
+b0L .reg %fr30L
+b0R .reg %fr30R
+
+b1 .reg %fr31
+b1L .reg %fr31L
+b1R .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1 .reg %fr4
+ftemp2 .reg %fr5
+ftemp3 .reg %fr6
+ftemp4 .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2 .reg %fr8
+b2L .reg %fr8L
+b2R .reg %fr8R
+
+b3 .reg %fr9
+b3L .reg %fr9L
+b3R .reg %fr9R
+
+b4 .reg %fr10
+b4L .reg %fr10L
+b4R .reg %fr10R
+
+b5 .reg %fr11
+b5L .reg %fr11L
+b5R .reg %fr11R
+
+b6 .reg %fr12
+b6L .reg %fr12L
+b6R .reg %fr12R
+
+b7 .reg %fr13
+b7L .reg %fr13L
+b7R .reg %fr13R
+
+c1 .reg %r21 ; only reg
+temp1 .reg %r20 ; only reg
+temp2 .reg %r19 ; only reg
+temp3 .reg %r31 ; only reg
+
+m1 .reg %r28
+c2 .reg %r23
+high_one .reg %r1
+ht .reg %r6
+lt .reg %r5
+m .reg %r4
+c3 .reg %r3
+
+SQR_ADD_C .macro A0L,A0R,C1,C2,C3
+ XMPYU A0L,A0R,ftemp1 ; m
+ FSTD ftemp1,-24(%sp) ; store m
+
+ XMPYU A0R,A0R,ftemp2 ; lt
+ FSTD ftemp2,-16(%sp) ; store lt
+
+ XMPYU A0L,A0L,ftemp3 ; ht
+ FSTD ftemp3,-8(%sp) ; store ht
+
+ LDD -24(%sp),m ; load m
+ AND m,high_mask,temp2 ; m & Mask
+ DEPD,Z m,30,31,temp3 ; m << 32+1
+ LDD -16(%sp),lt ; lt
+
+ LDD -8(%sp),ht ; ht
+ EXTRD,U temp2,32,33,temp1 ; temp1 = m&Mask >> 32-1
+ ADD temp3,lt,lt ; lt = lt+m
+ ADD,L ht,temp1,ht ; ht += temp1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C2,ht,C2 ; c2=c2+ht
+ ADD,DC C3,%r0,C3 ; c3++
+.endm
+
+SQR_ADD_C2 .macro A0L,A0R,A1L,A1R,C1,C2,C3
+ XMPYU A0L,A1R,ftemp1 ; m1 = bl*ht
+ FSTD ftemp1,-16(%sp) ;
+ XMPYU A0R,A1L,ftemp2 ; m = bh*lt
+ FSTD ftemp2,-8(%sp) ;
+ XMPYU A0R,A1R,ftemp3 ; lt = bl*lt
+ FSTD ftemp3,-32(%sp)
+ XMPYU A0L,A1L,ftemp4 ; ht = bh*ht
+ FSTD ftemp4,-24(%sp) ;
+
+ LDD -8(%sp),m ; r21 = m
+ LDD -16(%sp),m1 ; r19 = m1
+ ADD,L m,m1,m ; m+m1
+
+ DEPD,Z m,31,32,temp3 ; (m+m1<<32)
+ LDD -24(%sp),ht ; r24 = ht
+
+ CMPCLR,*>>= m,m1,%r0 ; if (m < m1)
+ ADD,L ht,high_one,ht ; ht+=high_one
+
+ EXTRD,U m,31,32,temp1 ; m >> 32
+ LDD -32(%sp),lt ; lt
+ ADD,L ht,temp1,ht ; ht+= m>>32
+ ADD lt,temp3,lt ; lt = lt+m1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD ht,ht,ht ; ht=ht+ht;
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+
+ ADD lt,lt,lt ; lt=lt+lt;
+ ADD,DC ht,%r0,ht ; add in carry (ht++)
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC,*NUV ht,%r0,ht ; add in carry (ht++)
+ LDO 1(C3),C3 ; bump c3 if overflow,nullify otherwise
+
+ ADD C2,ht,C2 ; c2 = c2 + ht
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+ .PROC
+ .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .ENTRY
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ SQR_ADD_C a0L,a0R,c1,c2,c3
+ STD c1,0(r_ptr) ; r[0] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+ STD c2,8(r_ptr) ; r[1] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+ STD c3,16(r_ptr) ; r[2] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+ SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+ STD c1,24(r_ptr) ; r[3] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+ SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+ STD c2,32(r_ptr) ; r[4] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+ SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+ STD c3,40(r_ptr) ; r[5] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a3L,a3R,c1,c2,c3
+ SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+ SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+ SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+ STD c1,48(r_ptr) ; r[6] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+ SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+ SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+ STD c2,56(r_ptr) ; r[7] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a4L,a4R,c3,c1,c2
+ SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+ SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+ SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+ STD c3,64(r_ptr) ; r[8] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+ SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+ SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+ STD c1,72(r_ptr) ; r[9] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a5L,a5R,c2,c3,c1
+ SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+ SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+ STD c2,80(r_ptr) ; r[10] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+ SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+ STD c3,88(r_ptr) ; r[11] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a6L,a6R,c1,c2,c3
+ SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+ STD c1,96(r_ptr) ; r[12] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+ STD c2,104(r_ptr) ; r[13] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a7L,a7R,c3,c1,c2
+ STD c3, 112(r_ptr) ; r[14] = c3
+ STD c1, 120(r_ptr) ; r[15] = c1
+
+ .EXIT
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ SQR_ADD_C a0L,a0R,c1,c2,c3
+
+ STD c1,0(r_ptr) ; r[0] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+ STD c2,8(r_ptr) ; r[1] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C a1L,a1R,c3,c1,c2
+ SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+ STD c3,16(r_ptr) ; r[2] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+ SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+ STD c1,24(r_ptr) ; r[3] = c1;
+ COPY %r0,c1
+
+ SQR_ADD_C a2L,a2R,c2,c3,c1
+ SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+ STD c2,32(r_ptr) ; r[4] = c2;
+ COPY %r0,c2
+
+ SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+ STD c3,40(r_ptr) ; r[5] = c3;
+ COPY %r0,c3
+
+ SQR_ADD_C a3L,a3R,c1,c2,c3
+ STD c1,48(r_ptr) ; r[6] = c1;
+ STD c2,56(r_ptr) ; r[7] = c2;
+
+ .EXIT
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C .macro A0L,A0R,B0L,B0R,C1,C2,C3
+ XMPYU A0L,B0R,ftemp1 ; m1 = bl*ht
+ FSTD ftemp1,-16(%sp) ;
+ XMPYU A0R,B0L,ftemp2 ; m = bh*lt
+ FSTD ftemp2,-8(%sp) ;
+ XMPYU A0R,B0R,ftemp3 ; lt = bl*lt
+ FSTD ftemp3,-32(%sp)
+ XMPYU A0L,B0L,ftemp4 ; ht = bh*ht
+ FSTD ftemp4,-24(%sp) ;
+
+ LDD -8(%sp),m ; r21 = m
+ LDD -16(%sp),m1 ; r19 = m1
+ ADD,L m,m1,m ; m+m1
+
+ DEPD,Z m,31,32,temp3 ; (m+m1<<32)
+ LDD -24(%sp),ht ; r24 = ht
+
+ CMPCLR,*>>= m,m1,%r0 ; if (m < m1)
+ ADD,L ht,high_one,ht ; ht+=high_one
+
+ EXTRD,U m,31,32,temp1 ; m >> 32
+ LDD -32(%sp),lt ; lt
+ ADD,L ht,temp1,ht ; ht+= m>>32
+ ADD lt,temp3,lt ; lt = lt+m1
+ ADD,DC ht,%r0,ht ; ht++
+
+ ADD C1,lt,C1 ; c1=c1+lt
+ ADD,DC ht,%r0,ht ; bump c3 if overflow,nullify otherwise
+
+ ADD C2,ht,C2 ; c2 = c2 + ht
+ ADD,DC C3,%r0,C3 ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+ FSTD %fr12,32(%sp) ; save r6
+ FSTD %fr13,40(%sp) ; save r7
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+ FLDD 32(a_ptr),a4
+ FLDD 40(a_ptr),a5
+ FLDD 48(a_ptr),a6
+ FLDD 56(a_ptr),a7
+
+ FLDD 0(b_ptr),b0
+ FLDD 8(b_ptr),b1
+ FLDD 16(b_ptr),b2
+ FLDD 24(b_ptr),b3
+ FLDD 32(b_ptr),b4
+ FLDD 40(b_ptr),b5
+ FLDD 48(b_ptr),b6
+ FLDD 56(b_ptr),b7
+
+ MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+ STD c1,0(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+ STD c2,8(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+ STD c3,16(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+ STD c1,24(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+ STD c2,32(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+ MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+ MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+ STD c3,40(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+ STD c1,48(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+ MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+ STD c2,56(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+ STD c3,64(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+ MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+ MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+ STD c1,72(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+ MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+ MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+ MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+ MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+ STD c2,80(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+ MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+ MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+ MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+ STD c3,88(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+ MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+ MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+ STD c1,96(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+ MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+ STD c2,104(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+ STD c3,112(r_ptr)
+ STD c1,120(r_ptr)
+
+ .EXIT
+ FLDD -88(%sp),%fr13
+ FLDD -96(%sp),%fr12
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+ .proc
+ .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+ .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+ .entry
+ .align 64
+
+ STD %r3,0(%sp) ; save r3
+ STD %r4,8(%sp) ; save r4
+ STD %r5,16(%sp) ; save r5
+ STD %r6,24(%sp) ; save r6
+ FSTD %fr12,32(%sp) ; save r6
+ FSTD %fr13,40(%sp) ; save r7
+
+ ;
+ ; Zero out carries
+ ;
+ COPY %r0,c1
+ COPY %r0,c2
+ COPY %r0,c3
+
+ LDO 128(%sp),%sp ; bump stack
+ DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32
+
+ ;
+ ; Load up all of the values we are going to use
+ ;
+ FLDD 0(a_ptr),a0
+ FLDD 8(a_ptr),a1
+ FLDD 16(a_ptr),a2
+ FLDD 24(a_ptr),a3
+
+ FLDD 0(b_ptr),b0
+ FLDD 8(b_ptr),b1
+ FLDD 16(b_ptr),b2
+ FLDD 24(b_ptr),b3
+
+ MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+ STD c1,0(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+ STD c2,8(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+ MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+ MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+ STD c3,16(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+ MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+ MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+ MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+ STD c1,24(r_ptr)
+ COPY %r0,c1
+
+ MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+ MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+ MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+ STD c2,32(r_ptr)
+ COPY %r0,c2
+
+ MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+ MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+ STD c3,40(r_ptr)
+ COPY %r0,c3
+
+ MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+ STD c1,48(r_ptr)
+ STD c2,56(r_ptr)
+
+ .EXIT
+ FLDD -88(%sp),%fr13
+ FLDD -96(%sp),%fr12
+ LDD -104(%sp),%r6 ; restore r6
+ LDD -112(%sp),%r5 ; restore r5
+ LDD -120(%sp),%r4 ; restore r4
+ BVE (%rp)
+ LDD,MB -128(%sp),%r3
+
+ .PROCEND
+
+
+ .SPACE $TEXT$
+ .SUBSPA $CODE$
+ .SPACE $PRIVATE$,SORT=16
+ .IMPORT $global$,DATA
+ .SPACE $TEXT$
+ .SUBSPA $CODE$
+ .SUBSPA $LIT$,ACCESS=0x2c
+C$4
+ .ALIGN 8
+ .STRINGZ "Division would overflow (%d)\n"
+ .END
Added: vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2080 @@
+#!/usr/bin/env perl
+#
+# Implemented as a Perl wrapper as we want to support several different
+# architectures with single file. We pick up the target based on the
+# file name we are asked to generate.
+#
+# It should be noted though that this perl code is nothing like
+# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
+# as pre-processor to cover for platform differences in name decoration,
+# linker tables, 32-/64-bit instruction sets...
+#
+# As you might know there're several PowerPC ABI in use. Most notably
+# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
+# are similar enough to implement leaf(!) functions, which would be ABI
+# neutral. And that's what you find here: ABI neutral leaf functions.
+# In case you wonder what that is...
+#
+# AIX performance
+#
+# MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
+#
+# The following is the performance of 32-bit compiler
+# generated code:
+#
+# OpenSSL 0.9.6c 21 dec 2001
+# built on: Tue Jun 11 11:06:51 EDT 2002
+# options:bn(64,32) ...
+#compiler: cc -DTHREADS -DAIX -DB_ENDIAN -DBN_LLONG -O3
+# sign verify sign/s verify/s
+#rsa 512 bits 0.0098s 0.0009s 102.0 1170.6
+#rsa 1024 bits 0.0507s 0.0026s 19.7 387.5
+#rsa 2048 bits 0.3036s 0.0085s 3.3 117.1
+#rsa 4096 bits 2.0040s 0.0299s 0.5 33.4
+#dsa 512 bits 0.0087s 0.0106s 114.3 94.5
+#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0
+#
+# Same bechmark with this assembler code:
+#
+#rsa 512 bits 0.0056s 0.0005s 178.6 2049.2
+#rsa 1024 bits 0.0283s 0.0015s 35.3 674.1
+#rsa 2048 bits 0.1744s 0.0050s 5.7 201.2
+#rsa 4096 bits 1.1644s 0.0179s 0.9 55.7
+#dsa 512 bits 0.0052s 0.0062s 191.6 162.0
+#dsa 1024 bits 0.0149s 0.0180s 67.0 55.5
+#
+# Number of operations increases by at almost 75%
+#
+# Here are performance numbers for 64-bit compiler
+# generated code:
+#
+# OpenSSL 0.9.6g [engine] 9 Aug 2002
+# built on: Fri Apr 18 16:59:20 EDT 2003
+# options:bn(64,64) ...
+# compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
+# sign verify sign/s verify/s
+#rsa 512 bits 0.0028s 0.0003s 357.1 3844.4
+#rsa 1024 bits 0.0148s 0.0008s 67.5 1239.7
+#rsa 2048 bits 0.0963s 0.0028s 10.4 353.0
+#rsa 4096 bits 0.6538s 0.0102s 1.5 98.1
+#dsa 512 bits 0.0026s 0.0032s 382.5 313.7
+#dsa 1024 bits 0.0081s 0.0099s 122.8 100.6
+#
+# Same benchmark with this assembler code:
+#
+#rsa 512 bits 0.0020s 0.0002s 510.4 6273.7
+#rsa 1024 bits 0.0088s 0.0005s 114.1 2128.3
+#rsa 2048 bits 0.0540s 0.0016s 18.5 622.5
+#rsa 4096 bits 0.3700s 0.0058s 2.7 171.0
+#dsa 512 bits 0.0016s 0.0020s 610.7 507.1
+#dsa 1024 bits 0.0047s 0.0058s 212.5 173.2
+#
+# Again, performance increases by at about 75%
+#
+# Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
+# OpenSSL 0.9.7c 30 Sep 2003
+#
+# Original code.
+#
+#rsa 512 bits 0.0011s 0.0001s 906.1 11012.5
+#rsa 1024 bits 0.0060s 0.0003s 166.6 3363.1
+#rsa 2048 bits 0.0370s 0.0010s 27.1 982.4
+#rsa 4096 bits 0.2426s 0.0036s 4.1 280.4
+#dsa 512 bits 0.0010s 0.0012s 1038.1 841.5
+#dsa 1024 bits 0.0030s 0.0037s 329.6 269.7
+#dsa 2048 bits 0.0101s 0.0127s 98.9 78.6
+#
+# Same benchmark with this assembler code:
+#
+#rsa 512 bits 0.0007s 0.0001s 1416.2 16645.9
+#rsa 1024 bits 0.0036s 0.0002s 274.4 5380.6
+#rsa 2048 bits 0.0222s 0.0006s 45.1 1589.5
+#rsa 4096 bits 0.1469s 0.0022s 6.8 449.6
+#dsa 512 bits 0.0006s 0.0007s 1664.2 1376.2
+#dsa 1024 bits 0.0018s 0.0023s 545.0 442.2
+#dsa 2048 bits 0.0061s 0.0075s 163.5 132.8
+#
+# Performance increase of ~60%
+#
+# If you have comments or suggestions to improve code send
+# me a note at schari at us.ibm.com
+#
+
+$opf = shift;
+
+if ($opf =~ /32\.s/) {
+ $BITS= 32;
+ $BNSZ= $BITS/8;
+ $ISA= "\"ppc\"";
+
+ $LD= "lwz"; # load
+ $LDU= "lwzu"; # load and update
+ $ST= "stw"; # store
+ $STU= "stwu"; # store and update
+ $UMULL= "mullw"; # unsigned multiply low
+ $UMULH= "mulhwu"; # unsigned multiply high
+ $UDIV= "divwu"; # unsigned divide
+ $UCMPI= "cmplwi"; # unsigned compare with immediate
+ $UCMP= "cmplw"; # unsigned compare
+ $CNTLZ= "cntlzw"; # count leading zeros
+ $SHL= "slw"; # shift left
+ $SHR= "srw"; # unsigned shift right
+ $SHRI= "srwi"; # unsigned shift right by immediate
+ $SHLI= "slwi"; # shift left by immediate
+ $CLRU= "clrlwi"; # clear upper bits
+ $INSR= "insrwi"; # insert right
+ $ROTL= "rotlwi"; # rotate left by immediate
+ $TR= "tw"; # conditional trap
+} elsif ($opf =~ /64\.s/) {
+ $BITS= 64;
+ $BNSZ= $BITS/8;
+ $ISA= "\"ppc64\"";
+
+ # same as above, but 64-bit mnemonics...
+ $LD= "ld"; # load
+ $LDU= "ldu"; # load and update
+ $ST= "std"; # store
+ $STU= "stdu"; # store and update
+ $UMULL= "mulld"; # unsigned multiply low
+ $UMULH= "mulhdu"; # unsigned multiply high
+ $UDIV= "divdu"; # unsigned divide
+ $UCMPI= "cmpldi"; # unsigned compare with immediate
+ $UCMP= "cmpld"; # unsigned compare
+ $CNTLZ= "cntlzd"; # count leading zeros
+ $SHL= "sld"; # shift left
+ $SHR= "srd"; # unsigned shift right
+ $SHRI= "srdi"; # unsigned shift right by immediate
+ $SHLI= "sldi"; # shift left by immediate
+ $CLRU= "clrldi"; # clear upper bits
+ $INSR= "insrdi"; # insert right
+ $ROTL= "rotldi"; # rotate left by immediate
+ $TR= "td"; # conditional trap
+} else { die "nonsense $opf"; }
+
+( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
+
+# function entry points from the AIX code
+#
+# There are other, more elegant, ways to handle this. We (IBM) chose
+# this approach as it plays well with scripts we run to 'namespace'
+# OpenSSL .i.e. we add a prefix to all the public symbols so we can
+# co-exist in the same process with other implementations of OpenSSL.
+# 'cleverer' ways of doing these substitutions tend to hide data we
+# need to be obvious.
+#
+my @items = ("bn_sqr_comba4",
+ "bn_sqr_comba8",
+ "bn_mul_comba4",
+ "bn_mul_comba8",
+ "bn_sub_words",
+ "bn_add_words",
+ "bn_div_words",
+ "bn_sqr_words",
+ "bn_mul_words",
+ "bn_mul_add_words");
+
+if ($opf =~ /linux/) { do_linux(); }
+elsif ($opf =~ /aix/) { do_aix(); }
+elsif ($opf =~ /osx/) { do_osx(); }
+else { do_bsd(); }
+
+sub do_linux {
+ $d=&data();
+
+ if ($BITS==64) {
+ foreach $t (@items) {
+ $d =~ s/\.$t:/\
+\t.section\t".opd","aw"\
+\t.align\t3\
+\t.globl\t$t\
+$t:\
+\t.quad\t.$t,.TOC.\@tocbase,0\
+\t.size\t$t,24\
+\t.previous\n\
+\t.type\t.$t,\@function\
+\t.globl\t.$t\
+.$t:/g;
+ }
+ }
+ else {
+ foreach $t (@items) {
+ $d=~s/\.$t/$t/g;
+ }
+ }
+ # hide internal labels to avoid pollution of name table...
+ $d=~s/Lppcasm_/.Lppcasm_/gm;
+ print $d;
+}
+
+sub do_aix {
+ # AIX assembler is smart enough to please the linker without
+ # making us do something special...
+ print &data();
+}
+
+# MacOSX 32 bit
+sub do_osx {
+ $d=&data();
+ # Change the bn symbol prefix from '.' to '_'
+ foreach $t (@items) {
+ $d=~s/\.$t/_$t/g;
+ }
+ # Change .machine to something OS X asm will accept
+ $d=~s/\.machine.*/.text/g;
+ $d=~s/\#/;/g; # change comment from '#' to ';'
+ print $d;
+}
+
+# BSD (Untested)
+sub do_bsd {
+ $d=&data();
+ foreach $t (@items) {
+ $d=~s/\.$t/_$t/g;
+ }
+ print $d;
+}
+
+sub data {
+ local($data)=<<EOF;
+#--------------------------------------------------------------------
+#
+#
+#
+#
+# File: ppc32.s
+#
+# Created by: Suresh Chari
+# IBM Thomas J. Watson Research Library
+# Hawthorne, NY
+#
+#
+# Description: Optimized assembly routines for OpenSSL crypto
+# on the 32 bitPowerPC platform.
+#
+#
+# Version History
+#
+# 2. Fixed bn_add,bn_sub and bn_div_words, added comments,
+# cleaned up code. Also made a single version which can
+# be used for both the AIX and Linux compilers. See NOTE
+# below.
+# 12/05/03 Suresh Chari
+# (with lots of help from) Andy Polyakov
+##
+# 1. Initial version 10/20/02 Suresh Chari
+#
+#
+# The following file works for the xlc,cc
+# and gcc compilers.
+#
+# NOTE: To get the file to link correctly with the gcc compiler
+# you have to change the names of the routines and remove
+# the first .(dot) character. This should automatically
+# be done in the build process.
+#
+# Hand optimized assembly code for the following routines
+#
+# bn_sqr_comba4
+# bn_sqr_comba8
+# bn_mul_comba4
+# bn_mul_comba8
+# bn_sub_words
+# bn_add_words
+# bn_div_words
+# bn_sqr_words
+# bn_mul_words
+# bn_mul_add_words
+#
+# NOTE: It is possible to optimize this code more for
+# specific PowerPC or Power architectures. On the Northstar
+# architecture the optimizations in this file do
+# NOT provide much improvement.
+#
+# If you have comments or suggestions to improve code send
+# me a note at schari\@us.ibm.com
+#
+#--------------------------------------------------------------------------
+#
+# Defines to be used in the assembly code.
+#
+.set r0,0 # we use it as storage for value of 0
+.set SP,1 # preserved
+.set RTOC,2 # preserved
+.set r3,3 # 1st argument/return value
+.set r4,4 # 2nd argument/volatile register
+.set r5,5 # 3rd argument/volatile register
+.set r6,6 # ...
+.set r7,7
+.set r8,8
+.set r9,9
+.set r10,10
+.set r11,11
+.set r12,12
+.set r13,13 # not used, nor any other "below" it...
+
+.set BO_IF_NOT,4
+.set BO_IF,12
+.set BO_dCTR_NZERO,16
+.set BO_dCTR_ZERO,18
+.set BO_ALWAYS,20
+.set CR0_LT,0;
+.set CR0_GT,1;
+.set CR0_EQ,2
+.set CR1_FX,4;
+.set CR1_FEX,5;
+.set CR1_VX,6
+.set LR,8
+
+# Declare function names to be global
+# NOTE: For gcc these names MUST be changed to remove
+# the first . i.e. for example change ".bn_sqr_comba4"
+# to "bn_sqr_comba4". This should be automatically done
+# in the build.
+
+ .globl .bn_sqr_comba4
+ .globl .bn_sqr_comba8
+ .globl .bn_mul_comba4
+ .globl .bn_mul_comba8
+ .globl .bn_sub_words
+ .globl .bn_add_words
+ .globl .bn_div_words
+ .globl .bn_sqr_words
+ .globl .bn_mul_words
+ .globl .bn_mul_add_words
+
+# .text section
+
+ .machine $ISA
+
+#
+# NOTE: The following label name should be changed to
+# "bn_sqr_comba4" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_sqr_comba4:
+#
+# Optimized version of bn_sqr_comba4.
+#
+# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+# Here's the assembly
+#
+#
+ xor r0,r0,r0 # set r0 = 0. Used in the addze
+ # instructions below
+
+ #sqr_add_c(a,0,c1,c2,c3)
+ $LD r5,`0*$BNSZ`(r4)
+ $UMULL r9,r5,r5
+ $UMULH r10,r5,r5 #in first iteration. No need
+ #to add since c1=c2=c3=0.
+ # Note c3(r11) is NOT set to 0
+ # but will be.
+
+ $ST r9,`0*$BNSZ`(r3) # r[0]=c1;
+ # sqr_add_c2(a,1,0,c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r7,r7,r7 # compute (r7,r8)=2*(r7,r8)
+ adde r8,r8,r8
+ addze r9,r0 # catch carry if any.
+ # r9= r0(=0) and carry
+
+ addc r10,r7,r10 # now add to temp result.
+ addze r11,r8 # r8 added to r11 which is 0
+ addze r9,r9
+
+ $ST r10,`1*$BNSZ`(r3) #r[1]=c2;
+ #sqr_add_c(a,1,c3,c1,c2)
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r0
+ #sqr_add_c2(a,2,0,c3,c1,c2)
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r7,r7,r7
+ adde r8,r8,r8
+ addze r10,r10
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ $ST r11,`2*$BNSZ`(r3) #r[2]=c3
+ #sqr_add_c2(a,3,0,c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r7,r7,r7
+ adde r8,r8,r8
+ addze r11,r0
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,2,1,c1,c2,c3);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r7,r7,r7
+ adde r8,r8,r8
+ addze r11,r11
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ $ST r9,`3*$BNSZ`(r3) #r[3]=c1
+ #sqr_add_c(a,2,c2,c3,c1);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r0
+ #sqr_add_c2(a,3,1,c2,c3,c1);
+ $LD r6,`3*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r7,r7,r7
+ adde r8,r8,r8
+ addze r9,r9
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ $ST r10,`4*$BNSZ`(r3) #r[4]=c2
+ #sqr_add_c2(a,3,2,c3,c1,c2);
+ $LD r5,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r7,r7,r7
+ adde r8,r8,r8
+ addze r10,r0
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ $ST r11,`5*$BNSZ`(r3) #r[5] = c3
+ #sqr_add_c(a,3,c1,c2,c3);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+
+ $ST r9,`6*$BNSZ`(r3) #r[6]=c1
+ $ST r10,`7*$BNSZ`(r3) #r[7]=c2
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_sqr_comba8" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_sqr_comba8:
+#
+# This is an optimized version of the bn_sqr_comba8 routine.
+# Tightly uses the adde instruction
+#
+#
+# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+#
+# Possible optimization of loading all 8 longs of a into registers
+# doesnt provide any speedup
+#
+
+ xor r0,r0,r0 #set r0 = 0.Used in addze
+ #instructions below.
+
+ #sqr_add_c(a,0,c1,c2,c3);
+ $LD r5,`0*$BNSZ`(r4)
+ $UMULL r9,r5,r5 #1st iteration: no carries.
+ $UMULH r10,r5,r5
+ $ST r9,`0*$BNSZ`(r3) # r[0]=c1;
+ #sqr_add_c2(a,1,0,c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10 #add the two register number
+ adde r11,r8,r0 # (r8,r7) to the three register
+ addze r9,r0 # number (r9,r11,r10).NOTE:r0=0
+
+ addc r10,r7,r10 #add the two register number
+ adde r11,r8,r11 # (r8,r7) to the three register
+ addze r9,r9 # number (r9,r11,r10).
+
+ $ST r10,`1*$BNSZ`(r3) # r[1]=c2
+
+ #sqr_add_c(a,1,c3,c1,c2);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r0
+ #sqr_add_c2(a,2,0,c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+
+ $ST r11,`2*$BNSZ`(r3) #r[2]=c3
+ #sqr_add_c2(a,3,0,c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4) #r6 = a[3]. r5 is already a[0].
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r0
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,2,1,c1,c2,c3);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+
+ $ST r9,`3*$BNSZ`(r3) #r[3]=c1;
+ #sqr_add_c(a,2,c2,c3,c1);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r0
+ #sqr_add_c2(a,3,1,c2,c3,c1);
+ $LD r6,`3*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ #sqr_add_c2(a,4,0,c2,c3,c1);
+ $LD r5,`0*$BNSZ`(r4)
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ $ST r10,`4*$BNSZ`(r3) #r[4]=c2;
+ #sqr_add_c2(a,5,0,c3,c1,c2);
+ $LD r6,`5*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r0
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ #sqr_add_c2(a,4,1,c3,c1,c2);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ #sqr_add_c2(a,3,2,c3,c1,c2);
+ $LD r5,`2*$BNSZ`(r4)
+ $LD r6,`3*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ $ST r11,`5*$BNSZ`(r3) #r[5]=c3;
+ #sqr_add_c(a,3,c1,c2,c3);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r0
+ #sqr_add_c2(a,4,2,c1,c2,c3);
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,5,1,c1,c2,c3);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`5*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,6,0,c1,c2,c3);
+ $LD r5,`0*$BNSZ`(r4)
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ $ST r9,`6*$BNSZ`(r3) #r[6]=c1;
+ #sqr_add_c2(a,7,0,c2,c3,c1);
+ $LD r6,`7*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r0
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ #sqr_add_c2(a,6,1,c2,c3,c1);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ #sqr_add_c2(a,5,2,c2,c3,c1);
+ $LD r5,`2*$BNSZ`(r4)
+ $LD r6,`5*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ #sqr_add_c2(a,4,3,c2,c3,c1);
+ $LD r5,`3*$BNSZ`(r4)
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ $ST r10,`7*$BNSZ`(r3) #r[7]=c2;
+ #sqr_add_c(a,4,c3,c1,c2);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r0
+ #sqr_add_c2(a,5,3,c3,c1,c2);
+ $LD r6,`5*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ #sqr_add_c2(a,6,2,c3,c1,c2);
+ $LD r5,`2*$BNSZ`(r4)
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ #sqr_add_c2(a,7,1,c3,c1,c2);
+ $LD r5,`1*$BNSZ`(r4)
+ $LD r6,`7*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ $ST r11,`8*$BNSZ`(r3) #r[8]=c3;
+ #sqr_add_c2(a,7,2,c1,c2,c3);
+ $LD r5,`2*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r0
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,6,3,c1,c2,c3);
+ $LD r5,`3*$BNSZ`(r4)
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ #sqr_add_c2(a,5,4,c1,c2,c3);
+ $LD r5,`4*$BNSZ`(r4)
+ $LD r6,`5*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ $ST r9,`9*$BNSZ`(r3) #r[9]=c1;
+ #sqr_add_c(a,5,c2,c3,c1);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r0
+ #sqr_add_c2(a,6,4,c2,c3,c1);
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ #sqr_add_c2(a,7,3,c2,c3,c1);
+ $LD r5,`3*$BNSZ`(r4)
+ $LD r6,`7*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ $ST r10,`10*$BNSZ`(r3) #r[10]=c2;
+ #sqr_add_c2(a,7,4,c3,c1,c2);
+ $LD r5,`4*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r0
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ #sqr_add_c2(a,6,5,c3,c1,c2);
+ $LD r5,`5*$BNSZ`(r4)
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ addc r11,r7,r11
+ adde r9,r8,r9
+ addze r10,r10
+ $ST r11,`11*$BNSZ`(r3) #r[11]=c3;
+ #sqr_add_c(a,6,c1,c2,c3);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r0
+ #sqr_add_c2(a,7,5,c1,c2,c3)
+ $LD r6,`7*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ addc r9,r7,r9
+ adde r10,r8,r10
+ addze r11,r11
+ $ST r9,`12*$BNSZ`(r3) #r[12]=c1;
+
+ #sqr_add_c2(a,7,6,c2,c3,c1)
+ $LD r5,`6*$BNSZ`(r4)
+ $UMULL r7,r5,r6
+ $UMULH r8,r5,r6
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r0
+ addc r10,r7,r10
+ adde r11,r8,r11
+ addze r9,r9
+ $ST r10,`13*$BNSZ`(r3) #r[13]=c2;
+ #sqr_add_c(a,7,c3,c1,c2);
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ addc r11,r7,r11
+ adde r9,r8,r9
+ $ST r11,`14*$BNSZ`(r3) #r[14]=c3;
+ $ST r9, `15*$BNSZ`(r3) #r[15]=c1;
+
+
+ bclr BO_ALWAYS,CR0_LT
+
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_mul_comba4" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_mul_comba4:
+#
+# This is an optimized version of the bn_mul_comba4 routine.
+#
+# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+ xor r0,r0,r0 #r0=0. Used in addze below.
+ #mul_add_c(a[0],b[0],c1,c2,c3);
+ $LD r6,`0*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r10,r6,r7
+ $UMULH r11,r6,r7
+ $ST r10,`0*$BNSZ`(r3) #r[0]=c1
+ #mul_add_c(a[0],b[1],c2,c3,c1);
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r8,r11
+ adde r12,r9,r0
+ addze r10,r0
+ #mul_add_c(a[1],b[0],c2,c3,c1);
+ $LD r6, `1*$BNSZ`(r4)
+ $LD r7, `0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r8,r11
+ adde r12,r9,r12
+ addze r10,r10
+ $ST r11,`1*$BNSZ`(r3) #r[1]=c2
+ #mul_add_c(a[2],b[0],c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+ adde r10,r9,r10
+ addze r11,r0
+ #mul_add_c(a[1],b[1],c3,c1,c2);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+ adde r10,r9,r10
+ addze r11,r11
+ #mul_add_c(a[0],b[2],c3,c1,c2);
+ $LD r6,`0*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+ adde r10,r9,r10
+ addze r11,r11
+ $ST r12,`2*$BNSZ`(r3) #r[2]=c3
+ #mul_add_c(a[0],b[3],c1,c2,c3);
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r8,r10
+ adde r11,r9,r11
+ addze r12,r0
+ #mul_add_c(a[1],b[2],c1,c2,c3);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r8,r10
+ adde r11,r9,r11
+ addze r12,r12
+ #mul_add_c(a[2],b[1],c1,c2,c3);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r8,r10
+ adde r11,r9,r11
+ addze r12,r12
+ #mul_add_c(a[3],b[0],c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r8,r10
+ adde r11,r9,r11
+ addze r12,r12
+ $ST r10,`3*$BNSZ`(r3) #r[3]=c1
+ #mul_add_c(a[3],b[1],c2,c3,c1);
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r8,r11
+ adde r12,r9,r12
+ addze r10,r0
+ #mul_add_c(a[2],b[2],c2,c3,c1);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r8,r11
+ adde r12,r9,r12
+ addze r10,r10
+ #mul_add_c(a[1],b[3],c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r8,r11
+ adde r12,r9,r12
+ addze r10,r10
+ $ST r11,`4*$BNSZ`(r3) #r[4]=c2
+ #mul_add_c(a[2],b[3],c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+ adde r10,r9,r10
+ addze r11,r0
+ #mul_add_c(a[3],b[2],c3,c1,c2);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+ adde r10,r9,r10
+ addze r11,r11
+ $ST r12,`5*$BNSZ`(r3) #r[5]=c3
+ #mul_add_c(a[3],b[3],c1,c2,c3);
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r8,r10
+ adde r11,r9,r11
+
+ $ST r10,`6*$BNSZ`(r3) #r[6]=c1
+ $ST r11,`7*$BNSZ`(r3) #r[7]=c2
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_mul_comba8" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_mul_comba8:
+#
+# Optimized version of the bn_mul_comba8 routine.
+#
+# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+ xor r0,r0,r0 #r0=0. Used in addze below.
+
+ #mul_add_c(a[0],b[0],c1,c2,c3);
+ $LD r6,`0*$BNSZ`(r4) #a[0]
+ $LD r7,`0*$BNSZ`(r5) #b[0]
+ $UMULL r10,r6,r7
+ $UMULH r11,r6,r7
+ $ST r10,`0*$BNSZ`(r3) #r[0]=c1;
+ #mul_add_c(a[0],b[1],c2,c3,c1);
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ addze r12,r9 # since we didnt set r12 to zero before.
+ addze r10,r0
+ #mul_add_c(a[1],b[0],c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ $ST r11,`1*$BNSZ`(r3) #r[1]=c2;
+ #mul_add_c(a[2],b[0],c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r0
+ #mul_add_c(a[1],b[1],c3,c1,c2);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[0],b[2],c3,c1,c2);
+ $LD r6,`0*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ $ST r12,`2*$BNSZ`(r3) #r[2]=c3;
+ #mul_add_c(a[0],b[3],c1,c2,c3);
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r0
+ #mul_add_c(a[1],b[2],c1,c2,c3);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+
+ #mul_add_c(a[2],b[1],c1,c2,c3);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[3],b[0],c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ $ST r10,`3*$BNSZ`(r3) #r[3]=c1;
+ #mul_add_c(a[4],b[0],c2,c3,c1);
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r0
+ #mul_add_c(a[3],b[1],c2,c3,c1);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[2],b[2],c2,c3,c1);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[1],b[3],c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[0],b[4],c2,c3,c1);
+ $LD r6,`0*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ $ST r11,`4*$BNSZ`(r3) #r[4]=c2;
+ #mul_add_c(a[0],b[5],c3,c1,c2);
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r0
+ #mul_add_c(a[1],b[4],c3,c1,c2);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[2],b[3],c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[3],b[2],c3,c1,c2);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[4],b[1],c3,c1,c2);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[5],b[0],c3,c1,c2);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ $ST r12,`5*$BNSZ`(r3) #r[5]=c3;
+ #mul_add_c(a[6],b[0],c1,c2,c3);
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r0
+ #mul_add_c(a[5],b[1],c1,c2,c3);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[4],b[2],c1,c2,c3);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[3],b[3],c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[2],b[4],c1,c2,c3);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[1],b[5],c1,c2,c3);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[0],b[6],c1,c2,c3);
+ $LD r6,`0*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ $ST r10,`6*$BNSZ`(r3) #r[6]=c1;
+ #mul_add_c(a[0],b[7],c2,c3,c1);
+ $LD r7,`7*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r0
+ #mul_add_c(a[1],b[6],c2,c3,c1);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[2],b[5],c2,c3,c1);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[3],b[4],c2,c3,c1);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[4],b[3],c2,c3,c1);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[5],b[2],c2,c3,c1);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[6],b[1],c2,c3,c1);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[7],b[0],c2,c3,c1);
+ $LD r6,`7*$BNSZ`(r4)
+ $LD r7,`0*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ $ST r11,`7*$BNSZ`(r3) #r[7]=c2;
+ #mul_add_c(a[7],b[1],c3,c1,c2);
+ $LD r7,`1*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r0
+ #mul_add_c(a[6],b[2],c3,c1,c2);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[5],b[3],c3,c1,c2);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[4],b[4],c3,c1,c2);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[3],b[5],c3,c1,c2);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[2],b[6],c3,c1,c2);
+ $LD r6,`2*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[1],b[7],c3,c1,c2);
+ $LD r6,`1*$BNSZ`(r4)
+ $LD r7,`7*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ $ST r12,`8*$BNSZ`(r3) #r[8]=c3;
+ #mul_add_c(a[2],b[7],c1,c2,c3);
+ $LD r6,`2*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r0
+ #mul_add_c(a[3],b[6],c1,c2,c3);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[4],b[5],c1,c2,c3);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[5],b[4],c1,c2,c3);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[6],b[3],c1,c2,c3);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[7],b[2],c1,c2,c3);
+ $LD r6,`7*$BNSZ`(r4)
+ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ $ST r10,`9*$BNSZ`(r3) #r[9]=c1;
+ #mul_add_c(a[7],b[3],c2,c3,c1);
+ $LD r7,`3*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r0
+ #mul_add_c(a[6],b[4],c2,c3,c1);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[5],b[5],c2,c3,c1);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[4],b[6],c2,c3,c1);
+ $LD r6,`4*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ #mul_add_c(a[3],b[7],c2,c3,c1);
+ $LD r6,`3*$BNSZ`(r4)
+ $LD r7,`7*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ $ST r11,`10*$BNSZ`(r3) #r[10]=c2;
+ #mul_add_c(a[4],b[7],c3,c1,c2);
+ $LD r6,`4*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r0
+ #mul_add_c(a[5],b[6],c3,c1,c2);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[6],b[5],c3,c1,c2);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ #mul_add_c(a[7],b[4],c3,c1,c2);
+ $LD r6,`7*$BNSZ`(r4)
+ $LD r7,`4*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ addze r11,r11
+ $ST r12,`11*$BNSZ`(r3) #r[11]=c3;
+ #mul_add_c(a[7],b[5],c1,c2,c3);
+ $LD r7,`5*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r0
+ #mul_add_c(a[6],b[6],c1,c2,c3);
+ $LD r6,`6*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ #mul_add_c(a[5],b[7],c1,c2,c3);
+ $LD r6,`5*$BNSZ`(r4)
+ $LD r7,`7*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r10,r10,r8
+ adde r11,r11,r9
+ addze r12,r12
+ $ST r10,`12*$BNSZ`(r3) #r[12]=c1;
+ #mul_add_c(a[6],b[7],c2,c3,c1);
+ $LD r6,`6*$BNSZ`(r4)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r0
+ #mul_add_c(a[7],b[6],c2,c3,c1);
+ $LD r6,`7*$BNSZ`(r4)
+ $LD r7,`6*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r11,r11,r8
+ adde r12,r12,r9
+ addze r10,r10
+ $ST r11,`13*$BNSZ`(r3) #r[13]=c2;
+ #mul_add_c(a[7],b[7],c3,c1,c2);
+ $LD r7,`7*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r12,r8
+ adde r10,r10,r9
+ $ST r12,`14*$BNSZ`(r3) #r[14]=c3;
+ $ST r10,`15*$BNSZ`(r3) #r[15]=c1;
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_sub_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+#
+.align 4
+.bn_sub_words:
+#
+# Handcoded version of bn_sub_words
+#
+#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+# r3 = r
+# r4 = a
+# r5 = b
+# r6 = n
+#
+# Note: No loop unrolling done since this is not a performance
+# critical loop.
+
+ xor r0,r0,r0 #set r0 = 0
+#
+# check for r6 = 0 AND set carry bit.
+#
+ subfc. r7,r0,r6 # If r6 is 0 then result is 0.
+ # if r6 > 0 then result !=0
+ # In either case carry bit is set.
+ bc BO_IF,CR0_EQ,Lppcasm_sub_adios
+ addi r4,r4,-$BNSZ
+ addi r3,r3,-$BNSZ
+ addi r5,r5,-$BNSZ
+ mtctr r6
+Lppcasm_sub_mainloop:
+ $LDU r7,$BNSZ(r4)
+ $LDU r8,$BNSZ(r5)
+ subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8)
+ # if carry = 1 this is r7-r8. Else it
+ # is r7-r8 -1 as we need.
+ $STU r6,$BNSZ(r3)
+ bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
+Lppcasm_sub_adios:
+ subfze r3,r0 # if carry bit is set then r3 = 0 else -1
+ andi. r3,r3,1 # keep only last bit.
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+
+#
+# NOTE: The following label name should be changed to
+# "bn_add_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_add_words:
+#
+# Handcoded version of bn_add_words
+#
+#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+# r3 = r
+# r4 = a
+# r5 = b
+# r6 = n
+#
+# Note: No loop unrolling done since this is not a performance
+# critical loop.
+
+ xor r0,r0,r0
+#
+# check for r6 = 0. Is this needed?
+#
+ addic. r6,r6,0 #test r6 and clear carry bit.
+ bc BO_IF,CR0_EQ,Lppcasm_add_adios
+ addi r4,r4,-$BNSZ
+ addi r3,r3,-$BNSZ
+ addi r5,r5,-$BNSZ
+ mtctr r6
+Lppcasm_add_mainloop:
+ $LDU r7,$BNSZ(r4)
+ $LDU r8,$BNSZ(r5)
+ adde r8,r7,r8
+ $STU r8,$BNSZ(r3)
+ bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
+Lppcasm_add_adios:
+ addze r3,r0 #return carry bit.
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_div_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_div_words:
+#
+# This is a cleaned up version of code generated by
+# the AIX compiler. The only optimization is to use
+# the PPC instruction to count leading zeros instead
+# of call to num_bits_word. Since this was compiled
+# only at level -O2 we can possibly squeeze it more?
+#
+# r3 = h
+# r4 = l
+# r5 = d
+
+ $UCMPI 0,r5,0 # compare r5 and 0
+ bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0
+ li r3,-1 # d=0 return -1
+ bclr BO_ALWAYS,CR0_LT
+Lppcasm_div1:
+ xor r0,r0,r0 #r0=0
+ li r8,$BITS
+ $CNTLZ. r7,r5 #r7 = num leading 0s in d.
+ bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros
+ subf r8,r7,r8 #r8 = BN_num_bits_word(d)
+ $SHR. r9,r3,r8 #are there any bits above r8'th?
+ $TR 16,r9,r0 #if there're, signal to dump core...
+Lppcasm_div2:
+ $UCMP 0,r3,r5 #h>=d?
+ bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not
+ subf r3,r5,r3 #h-=d ;
+Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i
+ cmpi 0,0,r7,0 # is (i == 0)?
+ bc BO_IF,CR0_EQ,Lppcasm_div4
+ $SHL r3,r3,r7 # h = (h<< i)
+ $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i)
+ $SHL r5,r5,r7 # d<<=i
+ or r3,r3,r8 # h = (h<<i)|(l>>(BN_BITS2-i))
+ $SHL r4,r4,r7 # l <<=i
+Lppcasm_div4:
+ $SHRI r9,r5,`$BITS/2` # r9 = dh
+ # dl will be computed when needed
+ # as it saves registers.
+ li r6,2 #r6=2
+ mtctr r6 #counter will be in count.
+Lppcasm_divouterloop:
+ $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4)
+ $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4
+ # compute here for innerloop.
+ $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh
+ bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not
+
+ li r8,-1
+ $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l
+ b Lppcasm_div6
+Lppcasm_div5:
+ $UDIV r8,r3,r9 #q = h/dh
+Lppcasm_div6:
+ $UMULL r12,r9,r8 #th = q*dh
+ $CLRU r10,r5,`$BITS/2` #r10=dl
+ $UMULL r6,r8,r10 #tl = q*dl
+
+Lppcasm_divinnerloop:
+ subf r10,r12,r3 #t = h -th
+ $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of...
+ addic. r7,r7,0 #test if r7 == 0. used below.
+ # now want to compute
+ # r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
+ # the following 2 instructions do that
+ $SHLI r7,r10,`$BITS/2` # r7 = (t<<BN_BITS4)
+ or r7,r7,r11 # r7|=((l&BN_MASK2h)>>BN_BITS4)
+ $UCMP 1,r6,r7 # compare (tl <= r7)
+ bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
+ bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
+ addi r8,r8,-1 #q--
+ subf r12,r9,r12 #th -=dh
+ $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop.
+ subf r6,r10,r6 #tl -=dl
+ b Lppcasm_divinnerloop
+Lppcasm_divinnerexit:
+ $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4)
+ $SHLI r11,r6,`$BITS/2` #tl=(tl<<BN_BITS4)&BN_MASK2h;
+ $UCMP 1,r4,r11 # compare l and tl
+ add r12,r12,r10 # th+=t
+ bc BO_IF_NOT,CR1_FX,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7
+ addi r12,r12,1 # th++
+Lppcasm_div7:
+ subf r11,r11,r4 #r11=l-tl
+ $UCMP 1,r3,r12 #compare h and th
+ bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8
+ addi r8,r8,-1 # q--
+ add r3,r5,r3 # h+=d
+Lppcasm_div8:
+ subf r12,r12,r3 #r12 = h-th
+ $SHLI r4,r11,`$BITS/2` #l=(l&BN_MASK2l)<<BN_BITS4
+ # want to compute
+ # h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
+ # the following 2 instructions will do this.
+ $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2.
+ $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3
+ bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
+ $SHLI r0,r8,`$BITS/2` #ret =q<<BN_BITS4
+ b Lppcasm_divouterloop
+Lppcasm_div9:
+ or r3,r8,r0
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_sqr_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+.align 4
+.bn_sqr_words:
+#
+# Optimized version of bn_sqr_words
+#
+# void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+#
+# r3 = r
+# r4 = a
+# r5 = n
+#
+# r6 = a[i].
+# r7,r8 = product.
+#
+# No unrolling done here. Not performance critical.
+
+ addic. r5,r5,0 #test r5.
+ bc BO_IF,CR0_EQ,Lppcasm_sqr_adios
+ addi r4,r4,-$BNSZ
+ addi r3,r3,-$BNSZ
+ mtctr r5
+Lppcasm_sqr_mainloop:
+ #sqr(r[0],r[1],a[0]);
+ $LDU r6,$BNSZ(r4)
+ $UMULL r7,r6,r6
+ $UMULH r8,r6,r6
+ $STU r7,$BNSZ(r3)
+ $STU r8,$BNSZ(r3)
+ bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
+Lppcasm_sqr_adios:
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+
+#
+# NOTE: The following label name should be changed to
+# "bn_mul_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_mul_words:
+#
+# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+ xor r0,r0,r0
+ xor r12,r12,r12 # used for carry
+ rlwinm. r7,r5,30,2,31 # num >> 2
+ bc BO_IF,CR0_EQ,Lppcasm_mw_REM
+ mtctr r7
+Lppcasm_mw_LOOP:
+ #mul(rp[0],ap[0],w,c1);
+ $LD r8,`0*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ addc r9,r9,r12
+ #addze r10,r10 #carry is NOT ignored.
+ #will be taken care of
+ #in second spin below
+ #using adde.
+ $ST r9,`0*$BNSZ`(r3)
+ #mul(rp[1],ap[1],w,c1);
+ $LD r8,`1*$BNSZ`(r4)
+ $UMULL r11,r6,r8
+ $UMULH r12,r6,r8
+ adde r11,r11,r10
+ #addze r12,r12
+ $ST r11,`1*$BNSZ`(r3)
+ #mul(rp[2],ap[2],w,c1);
+ $LD r8,`2*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ adde r9,r9,r12
+ #addze r10,r10
+ $ST r9,`2*$BNSZ`(r3)
+ #mul_add(rp[3],ap[3],w,c1);
+ $LD r8,`3*$BNSZ`(r4)
+ $UMULL r11,r6,r8
+ $UMULH r12,r6,r8
+ adde r11,r11,r10
+ addze r12,r12 #this spin we collect carry into
+ #r12
+ $ST r11,`3*$BNSZ`(r3)
+
+ addi r3,r3,`4*$BNSZ`
+ addi r4,r4,`4*$BNSZ`
+ bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
+
+Lppcasm_mw_REM:
+ andi. r5,r5,0x3
+ bc BO_IF,CR0_EQ,Lppcasm_mw_OVER
+ #mul(rp[0],ap[0],w,c1);
+ $LD r8,`0*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ addc r9,r9,r12
+ addze r10,r10
+ $ST r9,`0*$BNSZ`(r3)
+ addi r12,r10,0
+
+ addi r5,r5,-1
+ cmpli 0,0,r5,0
+ bc BO_IF,CR0_EQ,Lppcasm_mw_OVER
+
+
+ #mul(rp[1],ap[1],w,c1);
+ $LD r8,`1*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ addc r9,r9,r12
+ addze r10,r10
+ $ST r9,`1*$BNSZ`(r3)
+ addi r12,r10,0
+
+ addi r5,r5,-1
+ cmpli 0,0,r5,0
+ bc BO_IF,CR0_EQ,Lppcasm_mw_OVER
+
+ #mul_add(rp[2],ap[2],w,c1);
+ $LD r8,`2*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ addc r9,r9,r12
+ addze r10,r10
+ $ST r9,`2*$BNSZ`(r3)
+ addi r12,r10,0
+
+Lppcasm_mw_OVER:
+ addi r3,r12,0
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+
+#
+# NOTE: The following label name should be changed to
+# "bn_mul_add_words" i.e. remove the first dot
+# for the gcc compiler. This should be automatically
+# done in the build
+#
+
+.align 4
+.bn_mul_add_words:
+#
+# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+#
+# empirical evidence suggests that unrolled version performs best!!
+#
+ xor r0,r0,r0 #r0 = 0
+ xor r12,r12,r12 #r12 = 0 . used for carry
+ rlwinm. r7,r5,30,2,31 # num >> 2
+ bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover
+ mtctr r7
+Lppcasm_maw_mainloop:
+ #mul_add(rp[0],ap[0],w,c1);
+ $LD r8,`0*$BNSZ`(r4)
+ $LD r11,`0*$BNSZ`(r3)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ addc r9,r9,r12 #r12 is carry.
+ addze r10,r10
+ addc r9,r9,r11
+ #addze r10,r10
+ #the above instruction addze
+ #is NOT needed. Carry will NOT
+ #be ignored. It's not affected
+ #by multiply and will be collected
+ #in the next spin
+ $ST r9,`0*$BNSZ`(r3)
+
+ #mul_add(rp[1],ap[1],w,c1);
+ $LD r8,`1*$BNSZ`(r4)
+ $LD r9,`1*$BNSZ`(r3)
+ $UMULL r11,r6,r8
+ $UMULH r12,r6,r8
+ adde r11,r11,r10 #r10 is carry.
+ addze r12,r12
+ addc r11,r11,r9
+ #addze r12,r12
+ $ST r11,`1*$BNSZ`(r3)
+
+ #mul_add(rp[2],ap[2],w,c1);
+ $LD r8,`2*$BNSZ`(r4)
+ $UMULL r9,r6,r8
+ $LD r11,`2*$BNSZ`(r3)
+ $UMULH r10,r6,r8
+ adde r9,r9,r12
+ addze r10,r10
+ addc r9,r9,r11
+ #addze r10,r10
+ $ST r9,`2*$BNSZ`(r3)
+
+ #mul_add(rp[3],ap[3],w,c1);
+ $LD r8,`3*$BNSZ`(r4)
+ $UMULL r11,r6,r8
+ $LD r9,`3*$BNSZ`(r3)
+ $UMULH r12,r6,r8
+ adde r11,r11,r10
+ addze r12,r12
+ addc r11,r11,r9
+ addze r12,r12
+ $ST r11,`3*$BNSZ`(r3)
+ addi r3,r3,`4*$BNSZ`
+ addi r4,r4,`4*$BNSZ`
+ bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
+
+Lppcasm_maw_leftover:
+ andi. r5,r5,0x3
+ bc BO_IF,CR0_EQ,Lppcasm_maw_adios
+ addi r3,r3,-$BNSZ
+ addi r4,r4,-$BNSZ
+ #mul_add(rp[0],ap[0],w,c1);
+ mtctr r5
+ $LDU r8,$BNSZ(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ $LDU r11,$BNSZ(r3)
+ addc r9,r9,r11
+ addze r10,r10
+ addc r9,r9,r12
+ addze r12,r10
+ $ST r9,0(r3)
+
+ bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+ #mul_add(rp[1],ap[1],w,c1);
+ $LDU r8,$BNSZ(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ $LDU r11,$BNSZ(r3)
+ addc r9,r9,r11
+ addze r10,r10
+ addc r9,r9,r12
+ addze r12,r10
+ $ST r9,0(r3)
+
+ bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+ #mul_add(rp[2],ap[2],w,c1);
+ $LDU r8,$BNSZ(r4)
+ $UMULL r9,r6,r8
+ $UMULH r10,r6,r8
+ $LDU r11,$BNSZ(r3)
+ addc r9,r9,r11
+ addze r10,r10
+ addc r9,r9,r12
+ addze r12,r10
+ $ST r9,0(r3)
+
+Lppcasm_maw_adios:
+ addi r3,r12,0
+ bclr BO_ALWAYS,CR0_LT
+ .long 0x00000000
+ .align 4
+EOF
+ $data =~ s/\`([^\`]*)\`/eval $1/gem;
+
+ # if some assembler chokes on some simplified mnemonic,
+ # this is the spot to fix it up, e.g.:
+ # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
+ $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
+ # assembler X doesn't accept li, load immediate value
+ #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
+ # assembler Y chokes on apostrophes in comments
+ $data =~ s/'//gm;
+ return($data);
+}
Added: vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8.S
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8.S (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8.S 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1458 @@
+.ident "sparcv8.s, Version 1.4"
+.ident "SPARC v8 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1 - new loop unrolling model(*);
+ * 1.2 - made gas friendly;
+ * 1.3 - fixed problem with /usr/ccs/lib/cpp;
+ * 1.4 - some retunes;
+ *
+ * (*) see bn_asm.sparc.v8plus.S for details
+ */
+
+.section ".text",#alloc,#execinstr
+.file "bn_asm.sparc.v8.S"
+
+.align 32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+ cmp %o2,0
+ bg,a .L_bn_mul_add_words_proceed
+ ld [%o1],%g2
+ retl
+ clr %o0
+
+.L_bn_mul_add_words_proceed:
+ andcc %o2,-4,%g0
+ bz .L_bn_mul_add_words_tail
+ clr %o5
+
+.L_bn_mul_add_words_loop:
+ ld [%o0],%o4
+ ld [%o1+4],%g3
+ umul %o3,%g2,%g2
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g2,%o4
+ st %o4,[%o0]
+ addx %g1,0,%o5
+
+ ld [%o0+4],%o4
+ ld [%o1+8],%g2
+ umul %o3,%g3,%g3
+ dec 4,%o2
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g3,%o4
+ st %o4,[%o0+4]
+ addx %g1,0,%o5
+
+ ld [%o0+8],%o4
+ ld [%o1+12],%g3
+ umul %o3,%g2,%g2
+ inc 16,%o1
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g2,%o4
+ st %o4,[%o0+8]
+ addx %g1,0,%o5
+
+ ld [%o0+12],%o4
+ umul %o3,%g3,%g3
+ inc 16,%o0
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g3,%o4
+ st %o4,[%o0-4]
+ addx %g1,0,%o5
+ andcc %o2,-4,%g0
+ bnz,a .L_bn_mul_add_words_loop
+ ld [%o1],%g2
+
+ tst %o2
+ bnz,a .L_bn_mul_add_words_tail
+ ld [%o1],%g2
+.L_bn_mul_add_words_return:
+ retl
+ mov %o5,%o0
+ nop
+
+.L_bn_mul_add_words_tail:
+ ld [%o0],%o4
+ umul %o3,%g2,%g2
+ addcc %o4,%o5,%o4
+ rd %y,%g1
+ addx %g1,0,%g1
+ addcc %o4,%g2,%o4
+ addx %g1,0,%o5
+ deccc %o2
+ bz .L_bn_mul_add_words_return
+ st %o4,[%o0]
+
+ ld [%o1+4],%g2
+ ld [%o0+4],%o4
+ umul %o3,%g2,%g2
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g2,%o4
+ addx %g1,0,%o5
+ deccc %o2
+ bz .L_bn_mul_add_words_return
+ st %o4,[%o0+4]
+
+ ld [%o1+8],%g2
+ ld [%o0+8],%o4
+ umul %o3,%g2,%g2
+ rd %y,%g1
+ addcc %o4,%o5,%o4
+ addx %g1,0,%g1
+ addcc %o4,%g2,%o4
+ st %o4,[%o0+8]
+ retl
+ addx %g1,0,%o0
+
+.type bn_mul_add_words,#function
+.size bn_mul_add_words,(.-bn_mul_add_words)
+
+.align 32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+ cmp %o2,0
+ bg,a .L_bn_mul_words_proceeed
+ ld [%o1],%g2
+ retl
+ clr %o0
+
+.L_bn_mul_words_proceeed:
+ andcc %o2,-4,%g0
+ bz .L_bn_mul_words_tail
+ clr %o5
+
+.L_bn_mul_words_loop:
+ ld [%o1+4],%g3
+ umul %o3,%g2,%g2
+ addcc %g2,%o5,%g2
+ rd %y,%g1
+ addx %g1,0,%o5
+ st %g2,[%o0]
+
+ ld [%o1+8],%g2
+ umul %o3,%g3,%g3
+ addcc %g3,%o5,%g3
+ rd %y,%g1
+ dec 4,%o2
+ addx %g1,0,%o5
+ st %g3,[%o0+4]
+
+ ld [%o1+12],%g3
+ umul %o3,%g2,%g2
+ addcc %g2,%o5,%g2
+ rd %y,%g1
+ inc 16,%o1
+ st %g2,[%o0+8]
+ addx %g1,0,%o5
+
+ umul %o3,%g3,%g3
+ addcc %g3,%o5,%g3
+ rd %y,%g1
+ inc 16,%o0
+ addx %g1,0,%o5
+ st %g3,[%o0-4]
+ andcc %o2,-4,%g0
+ nop
+ bnz,a .L_bn_mul_words_loop
+ ld [%o1],%g2
+
+ tst %o2
+ bnz,a .L_bn_mul_words_tail
+ ld [%o1],%g2
+.L_bn_mul_words_return:
+ retl
+ mov %o5,%o0
+ nop
+
+.L_bn_mul_words_tail:
+ umul %o3,%g2,%g2
+ addcc %g2,%o5,%g2
+ rd %y,%g1
+ addx %g1,0,%o5
+ deccc %o2
+ bz .L_bn_mul_words_return
+ st %g2,[%o0]
+ nop
+
+ ld [%o1+4],%g2
+ umul %o3,%g2,%g2
+ addcc %g2,%o5,%g2
+ rd %y,%g1
+ addx %g1,0,%o5
+ deccc %o2
+ bz .L_bn_mul_words_return
+ st %g2,[%o0+4]
+
+ ld [%o1+8],%g2
+ umul %o3,%g2,%g2
+ addcc %g2,%o5,%g2
+ rd %y,%g1
+ st %g2,[%o0+8]
+ retl
+ addx %g1,0,%o0
+
+.type bn_mul_words,#function
+.size bn_mul_words,(.-bn_mul_words)
+
+.align 32
+.global bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+ cmp %o2,0
+ bg,a .L_bn_sqr_words_proceeed
+ ld [%o1],%g2
+ retl
+ clr %o0
+
+.L_bn_sqr_words_proceeed:
+ andcc %o2,-4,%g0
+ bz .L_bn_sqr_words_tail
+ clr %o5
+
+.L_bn_sqr_words_loop:
+ ld [%o1+4],%g3
+ umul %g2,%g2,%o4
+ st %o4,[%o0]
+ rd %y,%o5
+ st %o5,[%o0+4]
+
+ ld [%o1+8],%g2
+ umul %g3,%g3,%o4
+ dec 4,%o2
+ st %o4,[%o0+8]
+ rd %y,%o5
+ st %o5,[%o0+12]
+ nop
+
+ ld [%o1+12],%g3
+ umul %g2,%g2,%o4
+ st %o4,[%o0+16]
+ rd %y,%o5
+ inc 16,%o1
+ st %o5,[%o0+20]
+
+ umul %g3,%g3,%o4
+ inc 32,%o0
+ st %o4,[%o0-8]
+ rd %y,%o5
+ st %o5,[%o0-4]
+ andcc %o2,-4,%g2
+ bnz,a .L_bn_sqr_words_loop
+ ld [%o1],%g2
+
+ tst %o2
+ nop
+ bnz,a .L_bn_sqr_words_tail
+ ld [%o1],%g2
+.L_bn_sqr_words_return:
+ retl
+ clr %o0
+
+.L_bn_sqr_words_tail:
+ umul %g2,%g2,%o4
+ st %o4,[%o0]
+ deccc %o2
+ rd %y,%o5
+ bz .L_bn_sqr_words_return
+ st %o5,[%o0+4]
+
+ ld [%o1+4],%g2
+ umul %g2,%g2,%o4
+ st %o4,[%o0+8]
+ deccc %o2
+ rd %y,%o5
+ nop
+ bz .L_bn_sqr_words_return
+ st %o5,[%o0+12]
+
+ ld [%o1+8],%g2
+ umul %g2,%g2,%o4
+ st %o4,[%o0+16]
+ rd %y,%o5
+ st %o5,[%o0+20]
+ retl
+ clr %o0
+
+.type bn_sqr_words,#function
+.size bn_sqr_words,(.-bn_sqr_words)
+
+.align 32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+ wr %o0,%y
+ udiv %o1,%o2,%o0
+ retl
+ nop
+
+.type bn_div_words,#function
+.size bn_div_words,(.-bn_div_words)
+
+.align 32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+ cmp %o3,0
+ bg,a .L_bn_add_words_proceed
+ ld [%o1],%o4
+ retl
+ clr %o0
+
+.L_bn_add_words_proceed:
+ andcc %o3,-4,%g0
+ bz .L_bn_add_words_tail
+ clr %g1
+ ba .L_bn_add_words_warn_loop
+ addcc %g0,0,%g0 ! clear carry flag
+
+.L_bn_add_words_loop:
+ ld [%o1],%o4
+.L_bn_add_words_warn_loop:
+ ld [%o2],%o5
+ ld [%o1+4],%g3
+ ld [%o2+4],%g4
+ dec 4,%o3
+ addxcc %o5,%o4,%o5
+ st %o5,[%o0]
+
+ ld [%o1+8],%o4
+ ld [%o2+8],%o5
+ inc 16,%o1
+ addxcc %g3,%g4,%g3
+ st %g3,[%o0+4]
+
+ ld [%o1-4],%g3
+ ld [%o2+12],%g4
+ inc 16,%o2
+ addxcc %o5,%o4,%o5
+ st %o5,[%o0+8]
+
+ inc 16,%o0
+ addxcc %g3,%g4,%g3
+ st %g3,[%o0-4]
+ addx %g0,0,%g1
+ andcc %o3,-4,%g0
+ bnz,a .L_bn_add_words_loop
+ addcc %g1,-1,%g0
+
+ tst %o3
+ bnz,a .L_bn_add_words_tail
+ ld [%o1],%o4
+.L_bn_add_words_return:
+ retl
+ mov %g1,%o0
+
+.L_bn_add_words_tail:
+ addcc %g1,-1,%g0
+ ld [%o2],%o5
+ addxcc %o5,%o4,%o5
+ addx %g0,0,%g1
+ deccc %o3
+ bz .L_bn_add_words_return
+ st %o5,[%o0]
+
+ ld [%o1+4],%o4
+ addcc %g1,-1,%g0
+ ld [%o2+4],%o5
+ addxcc %o5,%o4,%o5
+ addx %g0,0,%g1
+ deccc %o3
+ bz .L_bn_add_words_return
+ st %o5,[%o0+4]
+
+ ld [%o1+8],%o4
+ addcc %g1,-1,%g0
+ ld [%o2+8],%o5
+ addxcc %o5,%o4,%o5
+ st %o5,[%o0+8]
+ retl
+ addx %g0,0,%o0
+
+.type bn_add_words,#function
+.size bn_add_words,(.-bn_add_words)
+
+.align 32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+ cmp %o3,0
+ bg,a .L_bn_sub_words_proceed
+ ld [%o1],%o4
+ retl
+ clr %o0
+
+.L_bn_sub_words_proceed:
+ andcc %o3,-4,%g0
+ bz .L_bn_sub_words_tail
+ clr %g1
+ ba .L_bn_sub_words_warm_loop
+ addcc %g0,0,%g0 ! clear carry flag
+
+.L_bn_sub_words_loop:
+ ld [%o1],%o4
+.L_bn_sub_words_warm_loop:
+ ld [%o2],%o5
+ ld [%o1+4],%g3
+ ld [%o2+4],%g4
+ dec 4,%o3
+ subxcc %o4,%o5,%o5
+ st %o5,[%o0]
+
+ ld [%o1+8],%o4
+ ld [%o2+8],%o5
+ inc 16,%o1
+ subxcc %g3,%g4,%g4
+ st %g4,[%o0+4]
+
+ ld [%o1-4],%g3
+ ld [%o2+12],%g4
+ inc 16,%o2
+ subxcc %o4,%o5,%o5
+ st %o5,[%o0+8]
+
+ inc 16,%o0
+ subxcc %g3,%g4,%g4
+ st %g4,[%o0-4]
+ addx %g0,0,%g1
+ andcc %o3,-4,%g0
+ bnz,a .L_bn_sub_words_loop
+ addcc %g1,-1,%g0
+
+ tst %o3
+ nop
+ bnz,a .L_bn_sub_words_tail
+ ld [%o1],%o4
+.L_bn_sub_words_return:
+ retl
+ mov %g1,%o0
+
+.L_bn_sub_words_tail:
+ addcc %g1,-1,%g0
+ ld [%o2],%o5
+ subxcc %o4,%o5,%o5
+ addx %g0,0,%g1
+ deccc %o3
+ bz .L_bn_sub_words_return
+ st %o5,[%o0]
+ nop
+
+ ld [%o1+4],%o4
+ addcc %g1,-1,%g0
+ ld [%o2+4],%o5
+ subxcc %o4,%o5,%o5
+ addx %g0,0,%g1
+ deccc %o3
+ bz .L_bn_sub_words_return
+ st %o5,[%o0+4]
+
+ ld [%o1+8],%o4
+ addcc %g1,-1,%g0
+ ld [%o2+8],%o5
+ subxcc %o4,%o5,%o5
+ st %o5,[%o0+8]
+ retl
+ addx %g0,0,%o0
+
+.type bn_sub_words,#function
+.size bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE -96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1 %o0
+#define t_2 %o1
+#define c_1 %o2
+#define c_2 %o3
+#define c_3 %o4
+
+#define ap(I) [%i1+4*I]
+#define bp(I) [%i2+4*I]
+#define rp(I) [%i0+4*I]
+
+#define a_0 %l0
+#define a_1 %l1
+#define a_2 %l2
+#define a_3 %l3
+#define a_4 %l4
+#define a_5 %l5
+#define a_6 %l6
+#define a_7 %l7
+
+#define b_0 %i3
+#define b_1 %i4
+#define b_2 %i5
+#define b_3 %o5
+#define b_4 %g1
+#define b_5 %g2
+#define b_6 %g3
+#define b_7 %g4
+
+.align 32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+ save %sp,FRAME_SIZE,%sp
+ ld ap(0),a_0
+ ld bp(0),b_0
+ umul a_0,b_0,c_1 !=!mul_add_c(a[0],b[0],c1,c2,c3);
+ ld bp(1),b_1
+ rd %y,c_2
+ st c_1,rp(0) !r[0]=c1;
+
+ umul a_0,b_1,t_1 !=!mul_add_c(a[0],b[1],c2,c3,c1);
+ ld ap(1),a_1
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc %g0,t_2,c_3 !=
+ addx %g0,%g0,c_1
+ ld ap(2),a_2
+ umul a_1,b_0,t_1 !mul_add_c(a[1],b[0],c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ st c_2,rp(1) !r[1]=c2;
+ addx c_1,%g0,c_1 !=
+
+ umul a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx %g0,%g0,c_2
+ ld bp(2),b_2
+ umul a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ ld bp(3),b_3
+ addx c_2,%g0,c_2 !=
+ umul a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ st c_3,rp(2) !r[2]=c3;
+
+ umul a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3
+ umul a_1,b_2,t_1 !=!mul_add_c(a[1],b[2],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ ld ap(3),a_3
+ umul a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ ld ap(4),a_4
+ umul a_3,b_0,t_1 !mul_add_c(a[3],b[0],c1,c2,c3);!=
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(3) !r[3]=c1;
+
+ umul a_4,b_0,t_1 !mul_add_c(a[4],b[0],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ umul a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ umul a_2,b_2,t_1 !=!mul_add_c(a[2],b[2],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ ld bp(4),b_4
+ umul a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ ld bp(5),b_5
+ umul a_0,b_4,t_1 !=!mul_add_c(a[0],b[4],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ st c_2,rp(4) !r[4]=c2;
+
+ umul a_0,b_5,t_1 !mul_add_c(a[0],b[5],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ umul a_1,b_4,t_1 !mul_add_c(a[1],b[4],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_2,b_3,t_1 !=!mul_add_c(a[2],b[3],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ umul a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ ld ap(5),a_5
+ umul a_4,b_1,t_1 !mul_add_c(a[4],b[1],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ ld ap(6),a_6
+ addx c_2,%g0,c_2 !=
+ umul a_5,b_0,t_1 !mul_add_c(a[5],b[0],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ st c_3,rp(5) !r[5]=c3;
+
+ umul a_6,b_0,t_1 !mul_add_c(a[6],b[0],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3
+ umul a_5,b_1,t_1 !=!mul_add_c(a[5],b[1],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_4,b_2,t_1 !mul_add_c(a[4],b[2],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ umul a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_2,b_4,t_1 !mul_add_c(a[2],b[4],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ ld bp(6),b_6
+ addx c_3,%g0,c_3 !=
+ umul a_1,b_5,t_1 !mul_add_c(a[1],b[5],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ ld bp(7),b_7
+ umul a_0,b_6,t_1 !mul_add_c(a[0],b[6],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ st c_1,rp(6) !r[6]=c1;
+ addx c_3,%g0,c_3 !=
+
+ umul a_0,b_7,t_1 !mul_add_c(a[0],b[7],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3 !=
+ addx %g0,%g0,c_1
+ umul a_1,b_6,t_1 !mul_add_c(a[1],b[6],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ umul a_2,b_5,t_1 !mul_add_c(a[2],b[5],c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ umul a_3,b_4,t_1 !=!mul_add_c(a[3],b[4],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ umul a_4,b_3,t_1 !mul_add_c(a[4],b[3],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_5,b_2,t_1 !mul_add_c(a[5],b[2],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ ld ap(7),a_7
+ umul a_6,b_1,t_1 !=!mul_add_c(a[6],b[1],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ umul a_7,b_0,t_1 !mul_add_c(a[7],b[0],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ st c_2,rp(7) !r[7]=c2;
+
+ umul a_7,b_1,t_1 !mul_add_c(a[7],b[1],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ umul a_6,b_2,t_1 !=!mul_add_c(a[6],b[2],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ umul a_5,b_3,t_1 !mul_add_c(a[5],b[3],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ umul a_4,b_4,t_1 !mul_add_c(a[4],b[4],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_3,b_5,t_1 !mul_add_c(a[3],b[5],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_2,b_6,t_1 !=!mul_add_c(a[2],b[6],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ umul a_1,b_7,t_1 !mul_add_c(a[1],b[7],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !
+ addx c_2,%g0,c_2
+ st c_3,rp(8) !r[8]=c3;
+
+ umul a_2,b_7,t_1 !mul_add_c(a[2],b[7],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3
+ umul a_3,b_6,t_1 !=!mul_add_c(a[3],b[6],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_4,b_5,t_1 !mul_add_c(a[4],b[5],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ umul a_5,b_4,t_1 !mul_add_c(a[5],b[4],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_6,b_3,t_1 !mul_add_c(a[6],b[3],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_7,b_2,t_1 !=!mul_add_c(a[7],b[2],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(9) !r[9]=c1;
+
+ umul a_7,b_3,t_1 !mul_add_c(a[7],b[3],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ umul a_6,b_4,t_1 !mul_add_c(a[6],b[4],c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ umul a_5,b_5,t_1 !=!mul_add_c(a[5],b[5],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ umul a_4,b_6,t_1 !mul_add_c(a[4],b[6],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_3,b_7,t_1 !mul_add_c(a[3],b[7],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ st c_2,rp(10) !r[10]=c2;
+
+ umul a_4,b_7,t_1 !=!mul_add_c(a[4],b[7],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2 !=
+ umul a_5,b_6,t_1 !mul_add_c(a[5],b[6],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ umul a_6,b_5,t_1 !mul_add_c(a[6],b[5],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_7,b_4,t_1 !mul_add_c(a[7],b[4],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ st c_3,rp(11) !r[11]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_7,b_5,t_1 !mul_add_c(a[7],b[5],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx %g0,%g0,c_3
+ umul a_6,b_6,t_1 !mul_add_c(a[6],b[6],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_5,b_7,t_1 !mul_add_c(a[5],b[7],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ st c_1,rp(12) !r[12]=c1;
+ addx c_3,%g0,c_3 !=
+
+ umul a_6,b_7,t_1 !mul_add_c(a[6],b[7],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3 !=
+ addx %g0,%g0,c_1
+ umul a_7,b_6,t_1 !mul_add_c(a[7],b[6],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ st c_2,rp(13) !r[13]=c2;
+
+ umul a_7,b_7,t_1 !=!mul_add_c(a[7],b[7],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ nop !=
+ st c_3,rp(14) !r[14]=c3;
+ st c_1,rp(15) !r[15]=c1;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_mul_comba8,#function
+.size bn_mul_comba8,(.-bn_mul_comba8)
+
+.align 32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+ save %sp,FRAME_SIZE,%sp
+ ld ap(0),a_0
+ ld bp(0),b_0
+ umul a_0,b_0,c_1 !=!mul_add_c(a[0],b[0],c1,c2,c3);
+ ld bp(1),b_1
+ rd %y,c_2
+ st c_1,rp(0) !r[0]=c1;
+
+ umul a_0,b_1,t_1 !=!mul_add_c(a[0],b[1],c2,c3,c1);
+ ld ap(1),a_1
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc %g0,t_2,c_3
+ addx %g0,%g0,c_1
+ ld ap(2),a_2
+ umul a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ st c_2,rp(1) !r[1]=c2;
+
+ umul a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ ld bp(2),b_2
+ umul a_1,b_1,t_1 !=!mul_add_c(a[1],b[1],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ ld bp(3),b_3
+ umul a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ st c_3,rp(2) !r[2]=c3;
+
+ umul a_0,b_3,t_1 !=!mul_add_c(a[0],b[3],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3 !=
+ umul a_1,b_2,t_1 !mul_add_c(a[1],b[2],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ ld ap(3),a_3
+ umul a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_3,b_0,t_1 !=!mul_add_c(a[3],b[0],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(3) !r[3]=c1;
+
+ umul a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ umul a_2,b_2,t_1 !mul_add_c(a[2],b[2],c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ umul a_1,b_3,t_1 !=!mul_add_c(a[1],b[3],c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ st c_2,rp(4) !r[4]=c2;
+
+ umul a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ umul a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ st c_3,rp(5) !r[5]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ st c_1,rp(6) !r[6]=c1;
+ st c_2,rp(7) !r[7]=c2;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_mul_comba4,#function
+.size bn_mul_comba4,(.-bn_mul_comba4)
+
+.align 32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+ save %sp,FRAME_SIZE,%sp
+ ld ap(0),a_0
+ ld ap(1),a_1
+ umul a_0,a_0,c_1 !=!sqr_add_c(a,0,c1,c2,c3);
+ rd %y,c_2
+ st c_1,rp(0) !r[0]=c1;
+
+ ld ap(2),a_2
+ umul a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc %g0,t_2,c_3
+ addx %g0,%g0,c_1 !=
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3
+ st c_2,rp(1) !r[1]=c2;
+ addx c_1,%g0,c_1 !=
+
+ umul a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx %g0,%g0,c_2
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ ld ap(3),a_3
+ umul a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ st c_3,rp(2) !r[2]=c3;
+
+ umul a_0,a_3,t_1 !=!sqr_add_c2(a,3,0,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3 !=
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ ld ap(4),a_4
+ addx c_3,%g0,c_3 !=
+ umul a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(3) !r[3]=c1;
+
+ umul a_4,a_0,t_1 !sqr_add_c2(a,4,0,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ ld ap(5),a_5
+ umul a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ st c_2,rp(4) !r[4]=c2;
+ addx c_1,%g0,c_1 !=
+
+ umul a_0,a_5,t_1 !sqr_add_c2(a,5,0,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx %g0,%g0,c_2
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ umul a_1,a_4,t_1 !sqr_add_c2(a,4,1,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ ld ap(6),a_6
+ umul a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ st c_3,rp(5) !r[5]=c3;
+
+ umul a_6,a_0,t_1 !sqr_add_c2(a,6,0,c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx %g0,%g0,c_3
+ addcc c_1,t_1,c_1 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_5,a_1,t_1 !sqr_add_c2(a,5,1,c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ umul a_4,a_2,t_1 !sqr_add_c2(a,4,2,c1,c2,c3);
+ addcc c_1,t_1,c_1 !=
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1 !=
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3
+ ld ap(7),a_7
+ umul a_3,a_3,t_1 !=!sqr_add_c(a,3,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(6) !r[6]=c1;
+
+ umul a_0,a_7,t_1 !sqr_add_c2(a,7,0,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_1,a_6,t_1 !sqr_add_c2(a,6,1,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_2,a_5,t_1 !sqr_add_c2(a,5,2,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_3,a_4,t_1 !sqr_add_c2(a,4,3,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ st c_2,rp(7) !r[7]=c2;
+
+ umul a_7,a_1,t_1 !sqr_add_c2(a,7,1,c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ addcc c_3,t_1,c_3 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_6,a_2,t_1 !sqr_add_c2(a,6,2,c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ addcc c_3,t_1,c_3 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_5,a_3,t_1 !sqr_add_c2(a,5,3,c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ addcc c_3,t_1,c_3 !=
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_4,a_4,t_1 !sqr_add_c(a,4,c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ st c_3,rp(8) !r[8]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_2,a_7,t_1 !sqr_add_c2(a,7,2,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx %g0,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_3,a_6,t_1 !sqr_add_c2(a,6,3,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_4,a_5,t_1 !sqr_add_c2(a,5,4,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(9) !r[9]=c1;
+
+ umul a_7,a_3,t_1 !sqr_add_c2(a,7,3,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_6,a_4,t_1 !sqr_add_c2(a,6,4,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_5,a_5,t_1 !sqr_add_c(a,5,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ st c_2,rp(10) !r[10]=c2;
+
+ umul a_4,a_7,t_1 !=!sqr_add_c2(a,7,4,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2 !=
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2
+ umul a_5,a_6,t_1 !=!sqr_add_c2(a,6,5,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx c_2,%g0,c_2 !=
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ st c_3,rp(11) !r[11]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_7,a_5,t_1 !sqr_add_c2(a,7,5,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx %g0,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_6,a_6,t_1 !sqr_add_c(a,6,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ st c_1,rp(12) !r[12]=c1;
+
+ umul a_6,a_7,t_1 !sqr_add_c2(a,7,6,c2,c3,c1);
+ addcc c_2,t_1,c_2 !=
+ rd %y,t_2
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ addcc c_2,t_1,c_2 !=
+ addxcc c_3,t_2,c_3
+ st c_2,rp(13) !r[13]=c2;
+ addx c_1,%g0,c_1 !=
+
+ umul a_7,a_7,t_1 !sqr_add_c(a,7,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1 !=
+ st c_3,rp(14) !r[14]=c3;
+ st c_1,rp(15) !r[15]=c1;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_sqr_comba8,#function
+.size bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align 32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+ save %sp,FRAME_SIZE,%sp
+ ld ap(0),a_0
+ umul a_0,a_0,c_1 !sqr_add_c(a,0,c1,c2,c3);
+ ld ap(1),a_1 !=
+ rd %y,c_2
+ st c_1,rp(0) !r[0]=c1;
+
+ ld ap(2),a_2
+ umul a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2
+ addxcc %g0,t_2,c_3
+ addx %g0,%g0,c_1 !=
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1 !=
+ st c_2,rp(1) !r[1]=c2;
+
+ umul a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2 !=
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1 !=
+ addx c_2,%g0,c_2
+ ld ap(3),a_3
+ umul a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2);
+ addcc c_3,t_1,c_3 !=
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ st c_3,rp(2) !r[2]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx %g0,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ umul a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ addx c_3,%g0,c_3
+ addcc c_1,t_1,c_1
+ addxcc c_2,t_2,c_2
+ addx c_3,%g0,c_3 !=
+ st c_1,rp(3) !r[3]=c1;
+
+ umul a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx %g0,%g0,c_1
+ addcc c_2,t_1,c_2
+ addxcc c_3,t_2,c_3 !=
+ addx c_1,%g0,c_1
+ umul a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1);
+ addcc c_2,t_1,c_2
+ rd %y,t_2 !=
+ addxcc c_3,t_2,c_3
+ addx c_1,%g0,c_1
+ st c_2,rp(4) !r[4]=c2;
+
+ umul a_2,a_3,t_1 !=!sqr_add_c2(a,3,2,c3,c1,c2);
+ addcc c_3,t_1,c_3
+ rd %y,t_2
+ addxcc c_1,t_2,c_1
+ addx %g0,%g0,c_2 !=
+ addcc c_3,t_1,c_3
+ addxcc c_1,t_2,c_1
+ st c_3,rp(5) !r[5]=c3;
+ addx c_2,%g0,c_2 !=
+
+ umul a_3,a_3,t_1 !sqr_add_c(a,3,c1,c2,c3);
+ addcc c_1,t_1,c_1
+ rd %y,t_2
+ addxcc c_2,t_2,c_2 !=
+ st c_1,rp(6) !r[6]=c1;
+ st c_2,rp(7) !r[7]=c2;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_sqr_comba4,#function
+.size bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align 32
Added: vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8plus.S
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8plus.S (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8plus.S 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1547 @@
+.ident "sparcv8plus.s, Version 1.4"
+.ident "SPARC v9 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ * cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ * and with gcc:
+ *
+ * gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ * or if above fails (it does if you have gas installed):
+ *
+ * gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ * Quick-n-dirty way to fuse the module into the library.
+ * Provided that the library is already configured and built
+ * (in 0.9.2 case with no-asm option):
+ *
+ * # cd crypto/bn
+ * # cp /some/place/bn_asm.sparc.v8plus.S .
+ * # cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ * # make
+ * # cd ../..
+ * # make; make test
+ *
+ * Quick-n-dirty way to get rid of it:
+ *
+ * # cd crypto/bn
+ * # touch bn_asm.c
+ * # make
+ * # cd ../..
+ * # make; make test
+ *
+ * Q. V8plus achitecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ * It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ * special conditions, namely when kernel doesn't preserve upper
+ * 32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ * version is provided along. Both version share bn_*comba[48]
+ * implementations (see comment later in code for explanation).
+ * But what's so special about this UltraSPARC implementation?
+ * Why didn't I let compiler do the job? Trouble is that most of
+ * available compilers (well, SC5.0 is the only exception) don't
+ * attempt to take advantage of UltraSPARC's 64-bitness under
+ * 32-bit kernels even though it's perfectly possible (see next
+ * question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ * doesn't work?
+ * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ * that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ * preserved if you're in a leaf function, i.e. such never calling
+ * any other functions. All functions in this module are leaf and
+ * 10 registers is a handful. And as a matter of fact none-"comba"
+ * routines don't require even that much and I could even afford to
+ * not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ * under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ * code position dependencies and it's safe to include it into
+ * shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ * experience with crypto/bn/expspeed.c test program:
+ *
+ * v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ * cc-5.0 -xarch=v8plus -xO5 -xdepend +7-12%
+ * cc-4.2 -xarch=v8plus -xO5 -xdepend +25-35%
+ * egcs-1.1.2 -mcpu=ultrasparc -O3 +35-45%
+ *
+ * v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ * cc-5.0 -xarch=v8 -xO5 -xdepend +7-10%
+ * cc-4.2 -xarch=v8 -xO5 -xdepend +10%
+ * egcs-1.1.2 -mv8 -O3 +35-45%
+ *
+ * As you can see it's damn hard to beat the new Sun C compiler
+ * and it's in first place GNU C users who will appreciate this
+ * assembler implementation:-)
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0 - initial release;
+ * 1.1 - new loop unrolling model(*);
+ * - some more fine tuning;
+ * 1.2 - made gas friendly;
+ * - updates to documentation concerning v9;
+ * - new performance comparison matrix;
+ * 1.3 - fixed problem with /usr/ccs/lib/cpp;
+ * 1.4 - native V9 bn_*_comba[48] implementation (15% more efficient)
+ * resulting in slight overall performance kick;
+ * - some retunes;
+ * - support for GNU as added;
+ *
+ * (*) Originally unrolled loop looked like this:
+ * for (;;) {
+ * op(p+0); if (--n==0) break;
+ * op(p+1); if (--n==0) break;
+ * op(p+2); if (--n==0) break;
+ * op(p+3); if (--n==0) break;
+ * p+=4;
+ * }
+ * I unroll according to following:
+ * while (n&~3) {
+ * op(p+0); op(p+1); op(p+2); op(p+3);
+ * p+=4; n=-4;
+ * }
+ * if (n) {
+ * op(p+0); if (--n==0) return;
+ * op(p+2); if (--n==0) return;
+ * op(p+3); return;
+ * }
+ */
+
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section ".text",#alloc,#execinstr
+.file "bn_asm.sparc.v8plus.S"
+
+.align 32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+ sra %o2,%g0,%o2 ! signx %o2
+ brgz,a %o2,.L_bn_mul_add_words_proceed
+ lduw [%o1],%g2
+ retl
+ clr %o0
+ nop
+ nop
+ nop
+
+.L_bn_mul_add_words_proceed:
+ srl %o3,%g0,%o3 ! clruw %o3
+ andcc %o2,-4,%g0
+ bz,pn %icc,.L_bn_mul_add_words_tail
+ clr %o5
+
+.L_bn_mul_add_words_loop: ! wow! 32 aligned!
+ lduw [%o0],%g1
+ lduw [%o1+4],%g3
+ mulx %o3,%g2,%g2
+ add %g1,%o5,%o4
+ nop
+ add %o4,%g2,%o4
+ stuw %o4,[%o0]
+ srlx %o4,32,%o5
+
+ lduw [%o0+4],%g1
+ lduw [%o1+8],%g2
+ mulx %o3,%g3,%g3
+ add %g1,%o5,%o4
+ dec 4,%o2
+ add %o4,%g3,%o4
+ stuw %o4,[%o0+4]
+ srlx %o4,32,%o5
+
+ lduw [%o0+8],%g1
+ lduw [%o1+12],%g3
+ mulx %o3,%g2,%g2
+ add %g1,%o5,%o4
+ inc 16,%o1
+ add %o4,%g2,%o4
+ stuw %o4,[%o0+8]
+ srlx %o4,32,%o5
+
+ lduw [%o0+12],%g1
+ mulx %o3,%g3,%g3
+ add %g1,%o5,%o4
+ inc 16,%o0
+ add %o4,%g3,%o4
+ andcc %o2,-4,%g0
+ stuw %o4,[%o0-4]
+ srlx %o4,32,%o5
+ bnz,a,pt %icc,.L_bn_mul_add_words_loop
+ lduw [%o1],%g2
+
+ brnz,a,pn %o2,.L_bn_mul_add_words_tail
+ lduw [%o1],%g2
+.L_bn_mul_add_words_return:
+ retl
+ mov %o5,%o0
+
+.L_bn_mul_add_words_tail:
+ lduw [%o0],%g1
+ mulx %o3,%g2,%g2
+ add %g1,%o5,%o4
+ dec %o2
+ add %o4,%g2,%o4
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_mul_add_words_return
+ stuw %o4,[%o0]
+
+ lduw [%o1+4],%g2
+ lduw [%o0+4],%g1
+ mulx %o3,%g2,%g2
+ add %g1,%o5,%o4
+ dec %o2
+ add %o4,%g2,%o4
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_mul_add_words_return
+ stuw %o4,[%o0+4]
+
+ lduw [%o1+8],%g2
+ lduw [%o0+8],%g1
+ mulx %o3,%g2,%g2
+ add %g1,%o5,%o4
+ add %o4,%g2,%o4
+ stuw %o4,[%o0+8]
+ retl
+ srlx %o4,32,%o0
+
+.type bn_mul_add_words,#function
+.size bn_mul_add_words,(.-bn_mul_add_words)
+
+.align 32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+ sra %o2,%g0,%o2 ! signx %o2
+ brgz,a %o2,.L_bn_mul_words_proceeed
+ lduw [%o1],%g2
+ retl
+ clr %o0
+ nop
+ nop
+ nop
+
+.L_bn_mul_words_proceeed:
+ srl %o3,%g0,%o3 ! clruw %o3
+ andcc %o2,-4,%g0
+ bz,pn %icc,.L_bn_mul_words_tail
+ clr %o5
+
+.L_bn_mul_words_loop: ! wow! 32 aligned!
+ lduw [%o1+4],%g3
+ mulx %o3,%g2,%g2
+ add %g2,%o5,%o4
+ nop
+ stuw %o4,[%o0]
+ srlx %o4,32,%o5
+
+ lduw [%o1+8],%g2
+ mulx %o3,%g3,%g3
+ add %g3,%o5,%o4
+ dec 4,%o2
+ stuw %o4,[%o0+4]
+ srlx %o4,32,%o5
+
+ lduw [%o1+12],%g3
+ mulx %o3,%g2,%g2
+ add %g2,%o5,%o4
+ inc 16,%o1
+ stuw %o4,[%o0+8]
+ srlx %o4,32,%o5
+
+ mulx %o3,%g3,%g3
+ add %g3,%o5,%o4
+ inc 16,%o0
+ stuw %o4,[%o0-4]
+ srlx %o4,32,%o5
+ andcc %o2,-4,%g0
+ bnz,a,pt %icc,.L_bn_mul_words_loop
+ lduw [%o1],%g2
+ nop
+ nop
+
+ brnz,a,pn %o2,.L_bn_mul_words_tail
+ lduw [%o1],%g2
+.L_bn_mul_words_return:
+ retl
+ mov %o5,%o0
+
+.L_bn_mul_words_tail:
+ mulx %o3,%g2,%g2
+ add %g2,%o5,%o4
+ dec %o2
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_mul_words_return
+ stuw %o4,[%o0]
+
+ lduw [%o1+4],%g2
+ mulx %o3,%g2,%g2
+ add %g2,%o5,%o4
+ dec %o2
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_mul_words_return
+ stuw %o4,[%o0+4]
+
+ lduw [%o1+8],%g2
+ mulx %o3,%g2,%g2
+ add %g2,%o5,%o4
+ stuw %o4,[%o0+8]
+ retl
+ srlx %o4,32,%o0
+
+.type bn_mul_words,#function
+.size bn_mul_words,(.-bn_mul_words)
+
+.align 32
+.global bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+ sra %o2,%g0,%o2 ! signx %o2
+ brgz,a %o2,.L_bn_sqr_words_proceeed
+ lduw [%o1],%g2
+ retl
+ clr %o0
+ nop
+ nop
+ nop
+
+.L_bn_sqr_words_proceeed:
+ andcc %o2,-4,%g0
+ nop
+ bz,pn %icc,.L_bn_sqr_words_tail
+ nop
+
+.L_bn_sqr_words_loop: ! wow! 32 aligned!
+ lduw [%o1+4],%g3
+ mulx %g2,%g2,%o4
+ stuw %o4,[%o0]
+ srlx %o4,32,%o5
+ stuw %o5,[%o0+4]
+ nop
+
+ lduw [%o1+8],%g2
+ mulx %g3,%g3,%o4
+ dec 4,%o2
+ stuw %o4,[%o0+8]
+ srlx %o4,32,%o5
+ stuw %o5,[%o0+12]
+
+ lduw [%o1+12],%g3
+ mulx %g2,%g2,%o4
+ srlx %o4,32,%o5
+ stuw %o4,[%o0+16]
+ inc 16,%o1
+ stuw %o5,[%o0+20]
+
+ mulx %g3,%g3,%o4
+ inc 32,%o0
+ stuw %o4,[%o0-8]
+ srlx %o4,32,%o5
+ andcc %o2,-4,%g2
+ stuw %o5,[%o0-4]
+ bnz,a,pt %icc,.L_bn_sqr_words_loop
+ lduw [%o1],%g2
+ nop
+
+ brnz,a,pn %o2,.L_bn_sqr_words_tail
+ lduw [%o1],%g2
+.L_bn_sqr_words_return:
+ retl
+ clr %o0
+
+.L_bn_sqr_words_tail:
+ mulx %g2,%g2,%o4
+ dec %o2
+ stuw %o4,[%o0]
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_sqr_words_return
+ stuw %o5,[%o0+4]
+
+ lduw [%o1+4],%g2
+ mulx %g2,%g2,%o4
+ dec %o2
+ stuw %o4,[%o0+8]
+ srlx %o4,32,%o5
+ brz,pt %o2,.L_bn_sqr_words_return
+ stuw %o5,[%o0+12]
+
+ lduw [%o1+8],%g2
+ mulx %g2,%g2,%o4
+ srlx %o4,32,%o5
+ stuw %o4,[%o0+16]
+ stuw %o5,[%o0+20]
+ retl
+ clr %o0
+
+.type bn_sqr_words,#function
+.size bn_sqr_words,(.-bn_sqr_words)
+
+.align 32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+ sllx %o0,32,%o0
+ or %o0,%o1,%o0
+ udivx %o0,%o2,%o0
+ retl
+ srl %o0,%g0,%o0 ! clruw %o0
+
+.type bn_div_words,#function
+.size bn_div_words,(.-bn_div_words)
+
+.align 32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+ sra %o3,%g0,%o3 ! signx %o3
+ brgz,a %o3,.L_bn_add_words_proceed
+ lduw [%o1],%o4
+ retl
+ clr %o0
+
+.L_bn_add_words_proceed:
+ andcc %o3,-4,%g0
+ bz,pn %icc,.L_bn_add_words_tail
+ addcc %g0,0,%g0 ! clear carry flag
+
+.L_bn_add_words_loop: ! wow! 32 aligned!
+ dec 4,%o3
+ lduw [%o2],%o5
+ lduw [%o1+4],%g1
+ lduw [%o2+4],%g2
+ lduw [%o1+8],%g3
+ lduw [%o2+8],%g4
+ addccc %o5,%o4,%o5
+ stuw %o5,[%o0]
+
+ lduw [%o1+12],%o4
+ lduw [%o2+12],%o5
+ inc 16,%o1
+ addccc %g1,%g2,%g1
+ stuw %g1,[%o0+4]
+
+ inc 16,%o2
+ addccc %g3,%g4,%g3
+ stuw %g3,[%o0+8]
+
+ inc 16,%o0
+ addccc %o5,%o4,%o5
+ stuw %o5,[%o0-4]
+ and %o3,-4,%g1
+ brnz,a,pt %g1,.L_bn_add_words_loop
+ lduw [%o1],%o4
+
+ brnz,a,pn %o3,.L_bn_add_words_tail
+ lduw [%o1],%o4
+.L_bn_add_words_return:
+ clr %o0
+ retl
+ movcs %icc,1,%o0
+ nop
+
+.L_bn_add_words_tail:
+ lduw [%o2],%o5
+ dec %o3
+ addccc %o5,%o4,%o5
+ brz,pt %o3,.L_bn_add_words_return
+ stuw %o5,[%o0]
+
+ lduw [%o1+4],%o4
+ lduw [%o2+4],%o5
+ dec %o3
+ addccc %o5,%o4,%o5
+ brz,pt %o3,.L_bn_add_words_return
+ stuw %o5,[%o0+4]
+
+ lduw [%o1+8],%o4
+ lduw [%o2+8],%o5
+ addccc %o5,%o4,%o5
+ stuw %o5,[%o0+8]
+ clr %o0
+ retl
+ movcs %icc,1,%o0
+
+.type bn_add_words,#function
+.size bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+ sra %o3,%g0,%o3 ! signx %o3
+ brgz,a %o3,.L_bn_sub_words_proceed
+ lduw [%o1],%o4
+ retl
+ clr %o0
+
+.L_bn_sub_words_proceed:
+ andcc %o3,-4,%g0
+ bz,pn %icc,.L_bn_sub_words_tail
+ addcc %g0,0,%g0 ! clear carry flag
+
+.L_bn_sub_words_loop: ! wow! 32 aligned!
+ dec 4,%o3
+ lduw [%o2],%o5
+ lduw [%o1+4],%g1
+ lduw [%o2+4],%g2
+ lduw [%o1+8],%g3
+ lduw [%o2+8],%g4
+ subccc %o4,%o5,%o5
+ stuw %o5,[%o0]
+
+ lduw [%o1+12],%o4
+ lduw [%o2+12],%o5
+ inc 16,%o1
+ subccc %g1,%g2,%g2
+ stuw %g2,[%o0+4]
+
+ inc 16,%o2
+ subccc %g3,%g4,%g4
+ stuw %g4,[%o0+8]
+
+ inc 16,%o0
+ subccc %o4,%o5,%o5
+ stuw %o5,[%o0-4]
+ and %o3,-4,%g1
+ brnz,a,pt %g1,.L_bn_sub_words_loop
+ lduw [%o1],%o4
+
+ brnz,a,pn %o3,.L_bn_sub_words_tail
+ lduw [%o1],%o4
+.L_bn_sub_words_return:
+ clr %o0
+ retl
+ movcs %icc,1,%o0
+ nop
+
+.L_bn_sub_words_tail: ! wow! 32 aligned!
+ lduw [%o2],%o5
+ dec %o3
+ subccc %o4,%o5,%o5
+ brz,pt %o3,.L_bn_sub_words_return
+ stuw %o5,[%o0]
+
+ lduw [%o1+4],%o4
+ lduw [%o2+4],%o5
+ dec %o3
+ subccc %o4,%o5,%o5
+ brz,pt %o3,.L_bn_sub_words_return
+ stuw %o5,[%o0+4]
+
+ lduw [%o1+8],%o4
+ lduw [%o2+8],%o5
+ subccc %o4,%o5,%o5
+ stuw %o5,[%o0+8]
+ clr %o0
+ retl
+ movcs %icc,1,%o0
+
+.type bn_sub_words,#function
+.size bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ * Andy.
+ */
+
+#define FRAME_SIZE -96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1 %o0
+#define t_2 %o1
+#define c_12 %o2
+#define c_3 %o3
+
+#define ap(I) [%i1+4*I]
+#define bp(I) [%i2+4*I]
+#define rp(I) [%i0+4*I]
+
+#define a_0 %l0
+#define a_1 %l1
+#define a_2 %l2
+#define a_3 %l3
+#define a_4 %l4
+#define a_5 %l5
+#define a_6 %l6
+#define a_7 %l7
+
+#define b_0 %i3
+#define b_1 %i4
+#define b_2 %i5
+#define b_3 %o4
+#define b_4 %o5
+#define b_5 %o7
+#define b_6 %g1
+#define b_7 %g4
+
+.align 32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+ save %sp,FRAME_SIZE,%sp
+ mov 1,t_2
+ lduw ap(0),a_0
+ sllx t_2,32,t_2
+ lduw bp(0),b_0 !=
+ lduw bp(1),b_1
+ mulx a_0,b_0,t_1 !mul_add_c(a[0],b[0],c1,c2,c3);
+ srlx t_1,32,c_12
+ stuw t_1,rp(0) !=!r[0]=c1;
+
+ lduw ap(1),a_1
+ mulx a_0,b_1,t_1 !mul_add_c(a[0],b[1],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(2),a_2
+ mulx a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(1) !r[1]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2);
+ addcc c_12,t_1,c_12 !=
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw bp(2),b_2 !=
+ mulx a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ lduw bp(3),b_3
+ mulx a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(2) !r[2]=c3;
+ or c_12,c_3,c_12 !=
+
+ mulx a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_1,b_2,t_1 !=!mul_add_c(a[1],b[2],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ lduw ap(3),a_3
+ mulx a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3);
+ addcc c_12,t_1,c_12 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(4),a_4
+ mulx a_3,b_0,t_1 !=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(3) !r[3]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_4,b_0,t_1 !mul_add_c(a[4],b[0],c2,c3,c1);
+ addcc c_12,t_1,c_12 !=
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,b_1,t_1 !=!mul_add_c(a[3],b[1],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_2,b_2,t_1 !=!mul_add_c(a[2],b[2],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw bp(4),b_4 !=
+ mulx a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ lduw bp(5),b_5
+ mulx a_0,b_4,t_1 !mul_add_c(a[0],b[4],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(4) !r[4]=c2;
+ or c_12,c_3,c_12 !=
+
+ mulx a_0,b_5,t_1 !mul_add_c(a[0],b[5],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_1,b_4,t_1 !mul_add_c(a[1],b[4],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ lduw ap(5),a_5
+ mulx a_4,b_1,t_1 !mul_add_c(a[4],b[1],c3,c1,c2);
+ addcc c_12,t_1,c_12 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(6),a_6
+ mulx a_5,b_0,t_1 !=!mul_add_c(a[5],b[0],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(5) !r[5]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_6,b_0,t_1 !mul_add_c(a[6],b[0],c1,c2,c3);
+ addcc c_12,t_1,c_12 !=
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_5,b_1,t_1 !=!mul_add_c(a[5],b[1],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_4,b_2,t_1 !=!mul_add_c(a[4],b[2],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,b_3,t_1 !=!mul_add_c(a[3],b[3],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_2,b_4,t_1 !=!mul_add_c(a[2],b[4],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw bp(6),b_6 !=
+ mulx a_1,b_5,t_1 !mul_add_c(a[1],b[5],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ lduw bp(7),b_7
+ mulx a_0,b_6,t_1 !mul_add_c(a[0],b[6],c1,c2,c3);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(6) !r[6]=c1;
+ or c_12,c_3,c_12 !=
+
+ mulx a_0,b_7,t_1 !mul_add_c(a[0],b[7],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_1,b_6,t_1 !mul_add_c(a[1],b[6],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_2,b_5,t_1 !mul_add_c(a[2],b[5],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_3,b_4,t_1 !mul_add_c(a[3],b[4],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_4,b_3,t_1 !mul_add_c(a[4],b[3],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_5,b_2,t_1 !mul_add_c(a[5],b[2],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ lduw ap(7),a_7
+ mulx a_6,b_1,t_1 !=!mul_add_c(a[6],b[1],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_7,b_0,t_1 !=!mul_add_c(a[7],b[0],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(7) !r[7]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_7,b_1,t_1 !=!mul_add_c(a[7],b[1],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_6,b_2,t_1 !mul_add_c(a[6],b[2],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_5,b_3,t_1 !mul_add_c(a[5],b[3],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_4,b_4,t_1 !mul_add_c(a[4],b[4],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_3,b_5,t_1 !mul_add_c(a[3],b[5],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_2,b_6,t_1 !mul_add_c(a[2],b[6],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_1,b_7,t_1 !mul_add_c(a[1],b[7],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ srlx t_1,32,c_12
+ stuw t_1,rp(8) !r[8]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_2,b_7,t_1 !=!mul_add_c(a[2],b[7],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ mulx a_3,b_6,t_1 !mul_add_c(a[3],b[6],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_4,b_5,t_1 !mul_add_c(a[4],b[5],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_5,b_4,t_1 !mul_add_c(a[5],b[4],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_6,b_3,t_1 !mul_add_c(a[6],b[3],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_7,b_2,t_1 !mul_add_c(a[7],b[2],c1,c2,c3);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(9) !r[9]=c1;
+ or c_12,c_3,c_12 !=
+
+ mulx a_7,b_3,t_1 !mul_add_c(a[7],b[3],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_6,b_4,t_1 !mul_add_c(a[6],b[4],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_5,b_5,t_1 !mul_add_c(a[5],b[5],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_4,b_6,t_1 !mul_add_c(a[4],b[6],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_3,b_7,t_1 !mul_add_c(a[3],b[7],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(10) !r[10]=c2;
+ or c_12,c_3,c_12 !=
+
+ mulx a_4,b_7,t_1 !mul_add_c(a[4],b[7],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_5,b_6,t_1 !mul_add_c(a[5],b[6],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_6,b_5,t_1 !mul_add_c(a[6],b[5],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_7,b_4,t_1 !mul_add_c(a[7],b[4],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(11) !r[11]=c3;
+ or c_12,c_3,c_12 !=
+
+ mulx a_7,b_5,t_1 !mul_add_c(a[7],b[5],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_6,b_6,t_1 !mul_add_c(a[6],b[6],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_5,b_7,t_1 !mul_add_c(a[5],b[7],c1,c2,c3);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(12) !r[12]=c1;
+ or c_12,c_3,c_12 !=
+
+ mulx a_6,b_7,t_1 !mul_add_c(a[6],b[7],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_7,b_6,t_1 !mul_add_c(a[7],b[6],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ st t_1,rp(13) !r[13]=c2;
+ or c_12,c_3,c_12 !=
+
+ mulx a_7,b_7,t_1 !mul_add_c(a[7],b[7],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(14) !r[14]=c3;
+ stuw c_12,rp(15) !r[15]=c1;
+
+ ret
+ restore %g0,%g0,%o0 !=
+
+.type bn_mul_comba8,#function
+.size bn_mul_comba8,(.-bn_mul_comba8)
+
+.align 32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+ save %sp,FRAME_SIZE,%sp
+ lduw ap(0),a_0
+ mov 1,t_2
+ lduw bp(0),b_0
+ sllx t_2,32,t_2 !=
+ lduw bp(1),b_1
+ mulx a_0,b_0,t_1 !mul_add_c(a[0],b[0],c1,c2,c3);
+ srlx t_1,32,c_12
+ stuw t_1,rp(0) !=!r[0]=c1;
+
+ lduw ap(1),a_1
+ mulx a_0,b_1,t_1 !mul_add_c(a[0],b[1],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(2),a_2
+ mulx a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(1) !r[1]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2);
+ addcc c_12,t_1,c_12 !=
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw bp(2),b_2 !=
+ mulx a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3 !=
+ lduw bp(3),b_3
+ mulx a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(2) !r[2]=c3;
+ or c_12,c_3,c_12 !=
+
+ mulx a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ mulx a_1,b_2,t_1 !mul_add_c(a[1],b[2],c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8 !=
+ add c_3,t_2,c_3
+ lduw ap(3),a_3
+ mulx a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3);
+ addcc c_12,t_1,c_12 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,b_0,t_1 !mul_add_c(a[3],b[0],c1,c2,c3);!=
+ addcc c_12,t_1,t_1 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(3) !=!r[3]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_2,b_2,t_1 !mul_add_c(a[2],b[2],c2,c3,c1);
+ addcc c_12,t_1,c_12 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1);
+ addcc c_12,t_1,t_1 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(4) !=!r[4]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2);
+ addcc c_12,t_1,t_1 !=
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(5) !=!r[5]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3);
+ addcc c_12,t_1,t_1
+ srlx t_1,32,c_12 !=
+ stuw t_1,rp(6) !r[6]=c1;
+ stuw c_12,rp(7) !r[7]=c2;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_mul_comba4,#function
+.size bn_mul_comba4,(.-bn_mul_comba4)
+
+.align 32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+ save %sp,FRAME_SIZE,%sp
+ mov 1,t_2
+ lduw ap(0),a_0
+ sllx t_2,32,t_2
+ lduw ap(1),a_1
+ mulx a_0,a_0,t_1 !sqr_add_c(a,0,c1,c2,c3);
+ srlx t_1,32,c_12
+ stuw t_1,rp(0) !r[0]=c1;
+
+ lduw ap(2),a_2
+ mulx a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(1) !r[1]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(3),a_3
+ mulx a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(2) !r[2]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(4),a_4
+ mulx a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ st t_1,rp(3) !r[3]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_4,a_0,t_1 !sqr_add_c2(a,4,0,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(5),a_5
+ mulx a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(4) !r[4]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_0,a_5,t_1 !sqr_add_c2(a,5,0,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_1,a_4,t_1 !sqr_add_c2(a,4,1,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(6),a_6
+ mulx a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(5) !r[5]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_6,a_0,t_1 !sqr_add_c2(a,6,0,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_5,a_1,t_1 !sqr_add_c2(a,5,1,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_4,a_2,t_1 !sqr_add_c2(a,4,2,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(7),a_7
+ mulx a_3,a_3,t_1 !=!sqr_add_c(a,3,c1,c2,c3);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(6) !r[6]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_0,a_7,t_1 !sqr_add_c2(a,7,0,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_1,a_6,t_1 !sqr_add_c2(a,6,1,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_2,a_5,t_1 !sqr_add_c2(a,5,2,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,a_4,t_1 !sqr_add_c2(a,4,3,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(7) !r[7]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_7,a_1,t_1 !sqr_add_c2(a,7,1,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_6,a_2,t_1 !sqr_add_c2(a,6,2,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_5,a_3,t_1 !sqr_add_c2(a,5,3,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_4,a_4,t_1 !sqr_add_c(a,4,c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(8) !r[8]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_2,a_7,t_1 !sqr_add_c2(a,7,2,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_3,a_6,t_1 !sqr_add_c2(a,6,3,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_4,a_5,t_1 !sqr_add_c2(a,5,4,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(9) !r[9]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_7,a_3,t_1 !sqr_add_c2(a,7,3,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_6,a_4,t_1 !sqr_add_c2(a,6,4,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_5,a_5,t_1 !sqr_add_c(a,5,c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(10) !r[10]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_4,a_7,t_1 !sqr_add_c2(a,7,4,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_5,a_6,t_1 !sqr_add_c2(a,6,5,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(11) !r[11]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_7,a_5,t_1 !sqr_add_c2(a,7,5,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_6,a_6,t_1 !sqr_add_c(a,6,c1,c2,c3);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(12) !r[12]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_6,a_7,t_1 !sqr_add_c2(a,7,6,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(13) !r[13]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_7,a_7,t_1 !sqr_add_c(a,7,c3,c1,c2);
+ addcc c_12,t_1,t_1
+ srlx t_1,32,c_12
+ stuw t_1,rp(14) !r[14]=c3;
+ stuw c_12,rp(15) !r[15]=c1;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_sqr_comba8,#function
+.size bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align 32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+ save %sp,FRAME_SIZE,%sp
+ mov 1,t_2
+ lduw ap(0),a_0
+ sllx t_2,32,t_2
+ lduw ap(1),a_1
+ mulx a_0,a_0,t_1 !sqr_add_c(a,0,c1,c2,c3);
+ srlx t_1,32,c_12
+ stuw t_1,rp(0) !r[0]=c1;
+
+ lduw ap(2),a_2
+ mulx a_0,a_1,t_1 !sqr_add_c2(a,1,0,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(1) !r[1]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ lduw ap(3),a_3
+ mulx a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(2) !r[2]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3);
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(3) !r[3]=c1;
+ or c_12,c_3,c_12
+
+ mulx a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,c_12
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ mulx a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1);
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(4) !r[4]=c2;
+ or c_12,c_3,c_12
+
+ mulx a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2);
+ addcc c_12,t_1,c_12
+ clr c_3
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ addcc c_12,t_1,t_1
+ bcs,a %xcc,.+8
+ add c_3,t_2,c_3
+ srlx t_1,32,c_12
+ stuw t_1,rp(5) !r[5]=c3;
+ or c_12,c_3,c_12
+
+ mulx a_3,a_3,t_1 !sqr_add_c(a,3,c1,c2,c3);
+ addcc c_12,t_1,t_1
+ srlx t_1,32,c_12
+ stuw t_1,rp(6) !r[6]=c1;
+ stuw c_12,rp(7) !r[7]=c2;
+
+ ret
+ restore %g0,%g0,%o0
+
+.type bn_sqr_comba4,#function
+.size bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align 32
Added: vendor-crypto/openssl/dist/crypto/bn/asm/vms.mar
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/vms.mar (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/vms.mar 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,6440 @@
+ .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+; ULONG c = 0;
+; int i;
+; for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+; return c;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP) n by value (input)
+w=16 ;(AP) w by value (input)
+
+
+ .psect code,nowrt
+
+.entry bn_mul_add_words,^m<r2,r3,r4,r5,r6>
+
+ moval @r(ap),r2
+ moval @a(ap),r3
+ movl n(ap),r4 ; assumed >0 by C code
+ movl w(ap),r5
+ clrl r6 ; c
+
+0$:
+ emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed
+
+ ; fixup for "negative" r[]
+ tstl (r2)
+ bgeq 10$
+ incl r1
+10$:
+
+ ; add in c
+ addl2 r6,r0
+ adwc #0,r1
+
+ ; combined fixup for "negative" w, a[]
+ tstl r5
+ bgeq 20$
+ addl2 (r3),r1
+20$:
+ tstl (r3)
+ bgeq 30$
+ addl2 r5,r1
+30$:
+
+ movl r0,(r2)+ ; store lo result in r[] & advance
+ addl #4,r3 ; advance a[]
+ movl r1,r6 ; store hi result => c
+
+ sobgtr r4,0$
+
+ movl r6,r0 ; return c
+ ret
+
+ .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+; ULONG c = 0;
+; int i;
+; for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+; return(c);
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP) n by value (input)
+w=16 ;(AP) w by value (input)
+
+
+ .psect code,nowrt
+
+.entry bn_mul_words,^m<r2,r3,r4,r5,r6>
+
+ moval @r(ap),r2 ; r2 -> r[]
+ moval @a(ap),r3 ; r3 -> a[]
+ movl n(ap),r4 ; r4 = loop count (assumed >0 by C code)
+ movl w(ap),r5 ; r5 = w
+ clrl r6 ; r6 = c
+
+0$:
+ ; <r1,r0> := w * a[] + c
+ emul r5,(r3),r6,r0 ; w, a[], c considered signed
+
+ ; fixup for "negative" c
+ tstl r6 ; c
+ bgeq 10$
+ incl r1
+10$:
+
+ ; combined fixup for "negative" w, a[]
+ tstl r5 ; w
+ bgeq 20$
+ addl2 (r3),r1 ; a[]
+20$:
+ tstl (r3) ; a[]
+ bgeq 30$
+ addl2 r5,r1 ; w
+30$:
+
+ movl r0,(r2)+ ; store lo result in r[] & advance
+ addl #4,r3 ; advance a[]
+ movl r1,r6 ; store hi result => c
+
+ sobgtr r4,0$
+
+ movl r6,r0 ; return c
+ ret
+
+ .title vax_bn_sqr_words unsigned square, 32*32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+; int i;
+; for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP) n by value (input)
+
+
+ .psect code,nowrt
+
+.entry bn_sqr_words,^m<r2,r3,r4,r5>
+
+ moval @r(ap),r2 ; r2 -> r[]
+ moval @a(ap),r3 ; r3 -> a[]
+ movl n(ap),r4 ; r4 = n (assumed >0 by C code)
+
+0$:
+ movl (r3)+,r5 ; r5 = a[] & advance
+
+ ; <r1,r0> := a[] * a[]
+ emul r5,r5,#0,r0 ; a[] considered signed
+
+ ; fixup for "negative" a[]
+ tstl r5 ; a[]
+ bgeq 30$
+ addl2 r5,r1 ; a[]
+ addl2 r5,r1 ; a[]
+30$:
+
+ movl r0,(r2)+ ; store lo result in r[] & advance
+ movl r1,(r2)+ ; store hi result in r[] & advance
+
+ sobgtr r4,0$
+
+ movl #1,r0 ; return SS$_NORMAL
+ ret
+
+ .title vax_bn_div_words unsigned divide
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+; {
+; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+; }
+;
+; Using EDIV would be very easy, if it didn't do signed calculations.
+; Any time any of the input numbers are signed, there are problems,
+; usually with integer overflow, at which point it returns useless
+; data (the quotient gets the value of l, and the remainder becomes 0).
+;
+; If it was just for the dividend, it would be very easy, just divide
+; it by 2 (unsigned), do the division, multiply the resulting quotient
+; and remainder by 2, add the bit that was dropped when dividing by 2
+; to the remainder, and do some adjustment so the remainder doesn't
+; end up larger than the divisor. For some cases when the divisor is
+; negative (from EDIV's point of view, i.e. when the highest bit is set),
+; dividing the dividend by 2 isn't enough, and since some operations
+; might generate integer overflows even when the dividend is divided by
+; 4 (when the high part of the shifted down dividend ends up being exactly
+; half of the divisor, the result is the quotient 0x80000000, which is
+; negative...) it needs to be divided by 8. Furthermore, the divisor needs
+; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
+; In this case, a little extra fiddling with the remainder is required.
+;
+; So, the simplest way to handle this is always to divide the dividend
+; by 8, and to divide the divisor by 2 if it's highest bit is set.
+; After EDIV has been used, the quotient gets multiplied by 8 if the
+; original divisor was positive, otherwise 4. The remainder, oddly
+; enough, is *always* multiplied by 8.
+; NOTE: in the case mentioned above, where the high part of the shifted
+; down dividend ends up being exactly half the shifted down divisor, we
+; end up with a 33 bit quotient. That's no problem however, it usually
+; means we have ended up with a too large remainder as well, and the
+; problem is fixed by the last part of the algorithm (next paragraph).
+;
+; The routine ends with comparing the resulting remainder with the
+; original divisor and if the remainder is larger, subtract the
+; original divisor from it, and increase the quotient by 1. This is
+; done until the remainder is smaller than the divisor.
+;
+; The complete algorithm looks like this:
+;
+; d' = d
+; l' = l & 7
+; [h,l] = [h,l] >> 3
+; [q,r] = floor([h,l] / d) # This is the EDIV operation
+; if (q < 0) q = -q # I doubt this is necessary any more
+;
+; r' = r >> 29
+; if (d' >= 0)
+; q' = q >> 29
+; q = q << 3
+; else
+; q' = q >> 30
+; q = q << 2
+; r = (r << 3) + l'
+;
+; if (d' < 0)
+; {
+; [r',r] = [r',r] - q
+; while ([r',r] < 0)
+; {
+; [r',r] = [r',r] + d
+; [q',q] = [q',q] - 1
+; }
+; }
+;
+; while ([r',r] >= d')
+; {
+; [r',r] = [r',r] - d'
+; [q',q] = [q',q] + 1
+; }
+;
+; return q
+
+h=4 ;(AP) h by value (input)
+l=8 ;(AP) l by value (input)
+d=12 ;(AP) d by value (input)
+
+;r2 = l, q
+;r3 = h, r
+;r4 = d
+;r5 = l'
+;r6 = r'
+;r7 = d'
+;r8 = q'
+
+ .psect code,nowrt
+
+.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
+ movl l(ap),r2
+ movl h(ap),r3
+ movl d(ap),r4
+
+ bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7
+ bicl3 #^X00000007,r2,r2
+
+ bicl3 #^XFFFFFFF8,r3,r6
+ bicl3 #^X00000007,r3,r3
+
+ addl r6,r2
+
+ rotl #-3,r2,r2 ; l = l >> 3
+ rotl #-3,r3,r3 ; h = h >> 3
+
+ movl r4,r7 ; d' = d
+
+ movl #0,r6 ; r' = 0
+ movl #0,r8 ; q' = 0
+
+ tstl r4
+ beql 666$ ; Uh-oh, the divisor is 0...
+ bgtr 1$
+ rotl #-1,r4,r4 ; If d is negative, shift it right.
+ bicl2 #^X80000000,r4 ; Since d is then a large number, the
+ ; lowest bit is insignificant
+ ; (contradict that, and I'll fix the problem!)
+1$:
+ ediv r4,r2,r2,r3 ; Do the actual division
+
+ tstl r2
+ bgeq 3$
+ mnegl r2,r2 ; if q < 0, negate it
+3$:
+ tstl r7
+ blss 4$
+ rotl #3,r2,r2 ; q = q << 3
+ bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q
+ bicl3 #^X00000007,r2,r2
+ bsb 41$
+4$: ; else
+ rotl #2,r2,r2 ; q = q << 2
+ bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q
+ bicl3 #^X00000003,r2,r2
+41$:
+ rotl #3,r3,r3 ; r = r << 3
+ bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
+ bicl3 #^X00000007,r3,r3
+ addl r5,r3 ; r = r + l'
+
+ tstl r7
+ bgeq 5$
+ bitl #1,r7
+ beql 5$ ; if d' < 0 && d' & 1
+ subl r2,r3 ; [r',r] = [r',r] - [q',q]
+ sbwc r8,r6
+45$:
+ bgeq 5$ ; while r < 0
+ decl r2 ; [q',q] = [q',q] - 1
+ sbwc #0,r8
+ addl r7,r3 ; [r',r] = [r',r] + d'
+ adwc #0,r6
+ brb 45$
+
+; The return points are placed in the middle to keep a short distance from
+; all the branch points
+42$:
+; movl r3,r1
+ movl r2,r0
+ ret
+666$:
+ movl #^XFFFFFFFF,r0
+ ret
+
+5$:
+ tstl r6
+ bneq 6$
+ cmpl r3,r7
+ blssu 42$ ; while [r',r] >= d'
+6$:
+ subl r7,r3 ; [r',r] = [r',r] - d'
+ sbwc #0,r6
+ incl r2 ; [q',q] = [q',q] + 1
+ adwc #0,r8
+ brb 5$
+
+ .title vax_bn_add_words unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+; ULONG c = 0;
+; int i;
+; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+; return(c);
+; }
+
+r=4 ;(AP) r by reference (output)
+a=8 ;(AP) a by reference (input)
+b=12 ;(AP) b by reference (input)
+n=16 ;(AP) n by value (input)
+
+
+ .psect code,nowrt
+
+.entry bn_add_words,^m<r2,r3,r4,r5,r6>
+
+ moval @r(ap),r2
+ moval @a(ap),r3
+ moval @b(ap),r4
+ movl n(ap),r5 ; assumed >0 by C code
+ clrl r0 ; c
+
+ tstl r5 ; carry = 0
+ bleq 666$
+
+0$:
+ movl (r3)+,r6 ; carry untouched
+ adwc (r4)+,r6 ; carry used and touched
+ movl r6,(r2)+ ; carry untouched
+ sobgtr r5,0$ ; carry untouched
+
+ adwc #0,r0
+666$:
+ ret
+
+ .title vax_bn_sub_words unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+; ULONG c = 0;
+; int i;
+; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+; return(c);
+; }
+
+r=4 ;(AP) r by reference (output)
+a=8 ;(AP) a by reference (input)
+b=12 ;(AP) b by reference (input)
+n=16 ;(AP) n by value (input)
+
+
+ .psect code,nowrt
+
+.entry bn_sub_words,^m<r2,r3,r4,r5,r6>
+
+ moval @r(ap),r2
+ moval @a(ap),r3
+ moval @b(ap),r4
+ movl n(ap),r5 ; assumed >0 by C code
+ clrl r0 ; c
+
+ tstl r5 ; carry = 0
+ bleq 666$
+
+0$:
+ movl (r3)+,r6 ; carry untouched
+ sbwc (r4)+,r6 ; carry used and touched
+ movl r6,(r2)+ ; carry untouched
+ sobgtr r5,0$ ; carry untouched
+
+ adwc #0,r0
+666$:
+ ret
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP) n by value (input)
+
+ .psect code,nowrt
+
+.entry BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+ movab -924(sp),sp
+ clrq r8
+
+ clrl r10
+
+ movl 8(ap),r6
+ movzwl 2(r6),r3
+ movl 12(ap),r7
+ bicl3 #-65536,(r7),r2
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-12(fp)
+ bicl3 #-65536,r3,-16(fp)
+ mull3 r0,-12(fp),-4(fp)
+ mull2 r2,-12(fp)
+ mull3 r2,-16(fp),-8(fp)
+ mull2 r0,-16(fp)
+ addl3 -4(fp),-8(fp),r0
+ bicl3 #0,r0,-4(fp)
+ cmpl -4(fp),-8(fp)
+ bgequ noname.45
+ addl2 #65536,-16(fp)
+noname.45:
+ movzwl -2(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-16(fp)
+ bicl3 #-65536,-4(fp),r0
+ ashl #16,r0,-8(fp)
+ addl3 -8(fp),-12(fp),r0
+ bicl3 #0,r0,-12(fp)
+ cmpl -12(fp),-8(fp)
+ bgequ noname.46
+ incl -16(fp)
+noname.46:
+ movl -12(fp),r1
+ movl -16(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.47
+ incl r2
+noname.47:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.48
+ incl r10
+noname.48:
+
+ movl 4(ap),r11
+ movl r9,(r11)
+
+ clrl r9
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-28(fp)
+ bicl3 #-65536,r2,-32(fp)
+ mull3 r0,-28(fp),-20(fp)
+ mull2 r3,-28(fp)
+ mull3 r3,-32(fp),-24(fp)
+ mull2 r0,-32(fp)
+ addl3 -20(fp),-24(fp),r0
+ bicl3 #0,r0,-20(fp)
+ cmpl -20(fp),-24(fp)
+ bgequ noname.49
+ addl2 #65536,-32(fp)
+noname.49:
+ movzwl -18(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-32(fp)
+ bicl3 #-65536,-20(fp),r0
+ ashl #16,r0,-24(fp)
+ addl3 -24(fp),-28(fp),r0
+ bicl3 #0,r0,-28(fp)
+ cmpl -28(fp),-24(fp)
+ bgequ noname.50
+ incl -32(fp)
+noname.50:
+ movl -28(fp),r1
+ movl -32(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.51
+ incl r2
+noname.51:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.52
+ incl r9
+noname.52:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-44(fp)
+ bicl3 #-65536,r2,-48(fp)
+ mull3 r0,-44(fp),-36(fp)
+ mull2 r3,-44(fp)
+ mull3 r3,-48(fp),-40(fp)
+ mull2 r0,-48(fp)
+ addl3 -36(fp),-40(fp),r0
+ bicl3 #0,r0,-36(fp)
+ cmpl -36(fp),-40(fp)
+ bgequ noname.53
+ addl2 #65536,-48(fp)
+noname.53:
+ movzwl -34(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-48(fp)
+ bicl3 #-65536,-36(fp),r0
+ ashl #16,r0,-40(fp)
+ addl3 -40(fp),-44(fp),r0
+ bicl3 #0,r0,-44(fp)
+ cmpl -44(fp),-40(fp)
+ bgequ noname.54
+ incl -48(fp)
+noname.54:
+ movl -44(fp),r1
+ movl -48(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.55
+ incl r2
+noname.55:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.56
+ incl r9
+noname.56:
+
+ movl r8,4(r11)
+
+ clrl r8
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-60(fp)
+ bicl3 #-65536,r2,-64(fp)
+ mull3 r0,-60(fp),-52(fp)
+ mull2 r3,-60(fp)
+ mull3 r3,-64(fp),-56(fp)
+ mull2 r0,-64(fp)
+ addl3 -52(fp),-56(fp),r0
+ bicl3 #0,r0,-52(fp)
+ cmpl -52(fp),-56(fp)
+ bgequ noname.57
+ addl2 #65536,-64(fp)
+noname.57:
+ movzwl -50(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-64(fp)
+ bicl3 #-65536,-52(fp),r0
+ ashl #16,r0,-56(fp)
+ addl3 -56(fp),-60(fp),r0
+ bicl3 #0,r0,-60(fp)
+ cmpl -60(fp),-56(fp)
+ bgequ noname.58
+ incl -64(fp)
+noname.58:
+ movl -60(fp),r1
+ movl -64(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.59
+ incl r2
+noname.59:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.60
+ incl r8
+noname.60:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-76(fp)
+ bicl3 #-65536,r2,-80(fp)
+ mull3 r0,-76(fp),-68(fp)
+ mull2 r3,-76(fp)
+ mull3 r3,-80(fp),-72(fp)
+ mull2 r0,-80(fp)
+ addl3 -68(fp),-72(fp),r0
+ bicl3 #0,r0,-68(fp)
+ cmpl -68(fp),-72(fp)
+ bgequ noname.61
+ addl2 #65536,-80(fp)
+noname.61:
+ movzwl -66(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-80(fp)
+ bicl3 #-65536,-68(fp),r0
+ ashl #16,r0,-72(fp)
+ addl3 -72(fp),-76(fp),r0
+ bicl3 #0,r0,-76(fp)
+ cmpl -76(fp),-72(fp)
+ bgequ noname.62
+ incl -80(fp)
+noname.62:
+ movl -76(fp),r1
+ movl -80(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.63
+ incl r2
+noname.63:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.64
+ incl r8
+noname.64:
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-92(fp)
+ bicl3 #-65536,r2,-96(fp)
+ mull3 r0,-92(fp),-84(fp)
+ mull2 r3,-92(fp)
+ mull3 r3,-96(fp),-88(fp)
+ mull2 r0,-96(fp)
+ addl3 -84(fp),-88(fp),r0
+ bicl3 #0,r0,-84(fp)
+ cmpl -84(fp),-88(fp)
+ bgequ noname.65
+ addl2 #65536,-96(fp)
+noname.65:
+ movzwl -82(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-96(fp)
+ bicl3 #-65536,-84(fp),r0
+ ashl #16,r0,-88(fp)
+ addl3 -88(fp),-92(fp),r0
+ bicl3 #0,r0,-92(fp)
+ cmpl -92(fp),-88(fp)
+ bgequ noname.66
+ incl -96(fp)
+noname.66:
+ movl -92(fp),r1
+ movl -96(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.67
+ incl r2
+noname.67:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.68
+ incl r8
+noname.68:
+
+ movl r10,8(r11)
+
+ clrl r10
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-108(fp)
+ bicl3 #-65536,r2,-112(fp)
+ mull3 r0,-108(fp),-100(fp)
+ mull2 r3,-108(fp)
+ mull3 r3,-112(fp),-104(fp)
+ mull2 r0,-112(fp)
+ addl3 -100(fp),-104(fp),r0
+ bicl3 #0,r0,-100(fp)
+ cmpl -100(fp),-104(fp)
+ bgequ noname.69
+ addl2 #65536,-112(fp)
+noname.69:
+ movzwl -98(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-112(fp)
+ bicl3 #-65536,-100(fp),r0
+ ashl #16,r0,-104(fp)
+ addl3 -104(fp),-108(fp),r0
+ bicl3 #0,r0,-108(fp)
+ cmpl -108(fp),-104(fp)
+ bgequ noname.70
+ incl -112(fp)
+noname.70:
+ movl -108(fp),r1
+ movl -112(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.71
+ incl r2
+noname.71:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.72
+ incl r10
+noname.72:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-124(fp)
+ bicl3 #-65536,r2,-128(fp)
+ mull3 r0,-124(fp),-116(fp)
+ mull2 r3,-124(fp)
+ mull3 r3,-128(fp),-120(fp)
+ mull2 r0,-128(fp)
+ addl3 -116(fp),-120(fp),r0
+ bicl3 #0,r0,-116(fp)
+ cmpl -116(fp),-120(fp)
+ bgequ noname.73
+ addl2 #65536,-128(fp)
+noname.73:
+ movzwl -114(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-128(fp)
+ bicl3 #-65536,-116(fp),r0
+ ashl #16,r0,-120(fp)
+ addl3 -120(fp),-124(fp),r0
+ bicl3 #0,r0,-124(fp)
+ cmpl -124(fp),-120(fp)
+ bgequ noname.74
+ incl -128(fp)
+noname.74:
+ movl -124(fp),r1
+ movl -128(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.75
+ incl r2
+noname.75:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.76
+ incl r10
+noname.76:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-140(fp)
+ bicl3 #-65536,r2,-144(fp)
+ mull3 r0,-140(fp),-132(fp)
+ mull2 r3,-140(fp)
+ mull3 r3,-144(fp),-136(fp)
+ mull2 r0,-144(fp)
+ addl3 -132(fp),-136(fp),r0
+ bicl3 #0,r0,-132(fp)
+ cmpl -132(fp),-136(fp)
+ bgequ noname.77
+ addl2 #65536,-144(fp)
+noname.77:
+ movzwl -130(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-144(fp)
+ bicl3 #-65536,-132(fp),r0
+ ashl #16,r0,-136(fp)
+ addl3 -136(fp),-140(fp),r0
+ bicl3 #0,r0,-140(fp)
+ cmpl -140(fp),-136(fp)
+ bgequ noname.78
+ incl -144(fp)
+noname.78:
+ movl -140(fp),r1
+ movl -144(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.79
+ incl r2
+noname.79:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.80
+ incl r10
+noname.80:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-156(fp)
+ bicl3 #-65536,r2,-160(fp)
+ mull3 r0,-156(fp),-148(fp)
+ mull2 r3,-156(fp)
+ mull3 r3,-160(fp),-152(fp)
+ mull2 r0,-160(fp)
+ addl3 -148(fp),-152(fp),r0
+ bicl3 #0,r0,-148(fp)
+ cmpl -148(fp),-152(fp)
+ bgequ noname.81
+ addl2 #65536,-160(fp)
+noname.81:
+ movzwl -146(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-160(fp)
+ bicl3 #-65536,-148(fp),r0
+ ashl #16,r0,-152(fp)
+ addl3 -152(fp),-156(fp),r0
+ bicl3 #0,r0,-156(fp)
+ cmpl -156(fp),-152(fp)
+ bgequ noname.82
+ incl -160(fp)
+noname.82:
+ movl -156(fp),r1
+ movl -160(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.83
+ incl r2
+noname.83:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.84
+ incl r10
+noname.84:
+
+ movl r9,12(r11)
+
+ clrl r9
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-172(fp)
+ bicl3 #-65536,r2,-176(fp)
+ mull3 r0,-172(fp),-164(fp)
+ mull2 r3,-172(fp)
+ mull3 r3,-176(fp),-168(fp)
+ mull2 r0,-176(fp)
+ addl3 -164(fp),-168(fp),r0
+ bicl3 #0,r0,-164(fp)
+ cmpl -164(fp),-168(fp)
+ bgequ noname.85
+ addl2 #65536,-176(fp)
+noname.85:
+ movzwl -162(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-176(fp)
+ bicl3 #-65536,-164(fp),r0
+ ashl #16,r0,-168(fp)
+ addl3 -168(fp),-172(fp),r0
+ bicl3 #0,r0,-172(fp)
+ cmpl -172(fp),-168(fp)
+ bgequ noname.86
+ incl -176(fp)
+noname.86:
+ movl -172(fp),r1
+ movl -176(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.87
+ incl r2
+noname.87:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.88
+ incl r9
+noname.88:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-188(fp)
+ bicl3 #-65536,r2,-192(fp)
+ mull3 r0,-188(fp),-180(fp)
+ mull2 r3,-188(fp)
+ mull3 r3,-192(fp),-184(fp)
+ mull2 r0,-192(fp)
+ addl3 -180(fp),-184(fp),r0
+ bicl3 #0,r0,-180(fp)
+ cmpl -180(fp),-184(fp)
+ bgequ noname.89
+ addl2 #65536,-192(fp)
+noname.89:
+ movzwl -178(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-192(fp)
+ bicl3 #-65536,-180(fp),r0
+ ashl #16,r0,-184(fp)
+ addl3 -184(fp),-188(fp),r0
+ bicl3 #0,r0,-188(fp)
+ cmpl -188(fp),-184(fp)
+ bgequ noname.90
+ incl -192(fp)
+noname.90:
+ movl -188(fp),r1
+ movl -192(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.91
+ incl r2
+noname.91:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.92
+ incl r9
+noname.92:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-204(fp)
+ bicl3 #-65536,r2,-208(fp)
+ mull3 r0,-204(fp),-196(fp)
+ mull2 r3,-204(fp)
+ mull3 r3,-208(fp),-200(fp)
+ mull2 r0,-208(fp)
+ addl3 -196(fp),-200(fp),r0
+ bicl3 #0,r0,-196(fp)
+ cmpl -196(fp),-200(fp)
+ bgequ noname.93
+ addl2 #65536,-208(fp)
+noname.93:
+ movzwl -194(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-208(fp)
+ bicl3 #-65536,-196(fp),r0
+ ashl #16,r0,-200(fp)
+ addl3 -200(fp),-204(fp),r0
+ bicl3 #0,r0,-204(fp)
+ cmpl -204(fp),-200(fp)
+ bgequ noname.94
+ incl -208(fp)
+noname.94:
+ movl -204(fp),r1
+ movl -208(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.95
+ incl r2
+noname.95:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.96
+ incl r9
+noname.96:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-220(fp)
+ bicl3 #-65536,r2,-224(fp)
+ mull3 r0,-220(fp),-212(fp)
+ mull2 r3,-220(fp)
+ mull3 r3,-224(fp),-216(fp)
+ mull2 r0,-224(fp)
+ addl3 -212(fp),-216(fp),r0
+ bicl3 #0,r0,-212(fp)
+ cmpl -212(fp),-216(fp)
+ bgequ noname.97
+ addl2 #65536,-224(fp)
+noname.97:
+ movzwl -210(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-224(fp)
+ bicl3 #-65536,-212(fp),r0
+ ashl #16,r0,-216(fp)
+ addl3 -216(fp),-220(fp),r0
+ bicl3 #0,r0,-220(fp)
+ cmpl -220(fp),-216(fp)
+ bgequ noname.98
+ incl -224(fp)
+noname.98:
+ movl -220(fp),r1
+ movl -224(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.99
+ incl r2
+noname.99:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.100
+ incl r9
+noname.100:
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-236(fp)
+ bicl3 #-65536,r2,-240(fp)
+ mull3 r0,-236(fp),-228(fp)
+ mull2 r3,-236(fp)
+ mull3 r3,-240(fp),-232(fp)
+ mull2 r0,-240(fp)
+ addl3 -228(fp),-232(fp),r0
+ bicl3 #0,r0,-228(fp)
+ cmpl -228(fp),-232(fp)
+ bgequ noname.101
+ addl2 #65536,-240(fp)
+noname.101:
+ movzwl -226(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-240(fp)
+ bicl3 #-65536,-228(fp),r0
+ ashl #16,r0,-232(fp)
+ addl3 -232(fp),-236(fp),r0
+ bicl3 #0,r0,-236(fp)
+ cmpl -236(fp),-232(fp)
+ bgequ noname.102
+ incl -240(fp)
+noname.102:
+ movl -236(fp),r1
+ movl -240(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.103
+ incl r2
+noname.103:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.104
+ incl r9
+noname.104:
+
+ movl r8,16(r11)
+
+ clrl r8
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,20(r7),r3
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-252(fp)
+ bicl3 #-65536,r2,-256(fp)
+ mull3 r0,-252(fp),-244(fp)
+ mull2 r3,-252(fp)
+ mull3 r3,-256(fp),-248(fp)
+ mull2 r0,-256(fp)
+ addl3 -244(fp),-248(fp),r0
+ bicl3 #0,r0,-244(fp)
+ cmpl -244(fp),-248(fp)
+ bgequ noname.105
+ addl2 #65536,-256(fp)
+noname.105:
+ movzwl -242(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-256(fp)
+ bicl3 #-65536,-244(fp),r0
+ ashl #16,r0,-248(fp)
+ addl3 -248(fp),-252(fp),r0
+ bicl3 #0,r0,-252(fp)
+ cmpl -252(fp),-248(fp)
+ bgequ noname.106
+ incl -256(fp)
+noname.106:
+ movl -252(fp),r1
+ movl -256(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.107
+ incl r2
+noname.107:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.108
+ incl r8
+noname.108:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-268(fp)
+ bicl3 #-65536,r2,-272(fp)
+ mull3 r0,-268(fp),-260(fp)
+ mull2 r3,-268(fp)
+ mull3 r3,-272(fp),-264(fp)
+ mull2 r0,-272(fp)
+ addl3 -260(fp),-264(fp),r0
+ bicl3 #0,r0,-260(fp)
+ cmpl -260(fp),-264(fp)
+ bgequ noname.109
+ addl2 #65536,-272(fp)
+noname.109:
+ movzwl -258(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-272(fp)
+ bicl3 #-65536,-260(fp),r0
+ ashl #16,r0,-264(fp)
+ addl3 -264(fp),-268(fp),r0
+ bicl3 #0,r0,-268(fp)
+ cmpl -268(fp),-264(fp)
+ bgequ noname.110
+ incl -272(fp)
+noname.110:
+ movl -268(fp),r1
+ movl -272(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.111
+ incl r2
+noname.111:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.112
+ incl r8
+noname.112:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-284(fp)
+ bicl3 #-65536,r2,-288(fp)
+ mull3 r0,-284(fp),-276(fp)
+ mull2 r3,-284(fp)
+ mull3 r3,-288(fp),-280(fp)
+ mull2 r0,-288(fp)
+ addl3 -276(fp),-280(fp),r0
+ bicl3 #0,r0,-276(fp)
+ cmpl -276(fp),-280(fp)
+ bgequ noname.113
+ addl2 #65536,-288(fp)
+noname.113:
+ movzwl -274(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-288(fp)
+ bicl3 #-65536,-276(fp),r0
+ ashl #16,r0,-280(fp)
+ addl3 -280(fp),-284(fp),r0
+ bicl3 #0,r0,-284(fp)
+ cmpl -284(fp),-280(fp)
+ bgequ noname.114
+ incl -288(fp)
+noname.114:
+ movl -284(fp),r1
+ movl -288(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.115
+ incl r2
+noname.115:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.116
+ incl r8
+noname.116:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-300(fp)
+ bicl3 #-65536,r2,-304(fp)
+ mull3 r0,-300(fp),-292(fp)
+ mull2 r3,-300(fp)
+ mull3 r3,-304(fp),-296(fp)
+ mull2 r0,-304(fp)
+ addl3 -292(fp),-296(fp),r0
+ bicl3 #0,r0,-292(fp)
+ cmpl -292(fp),-296(fp)
+ bgequ noname.117
+ addl2 #65536,-304(fp)
+noname.117:
+ movzwl -290(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-304(fp)
+ bicl3 #-65536,-292(fp),r0
+ ashl #16,r0,-296(fp)
+ addl3 -296(fp),-300(fp),r0
+ bicl3 #0,r0,-300(fp)
+ cmpl -300(fp),-296(fp)
+ bgequ noname.118
+ incl -304(fp)
+noname.118:
+ movl -300(fp),r1
+ movl -304(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.119
+ incl r2
+noname.119:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.120
+ incl r8
+noname.120:
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-316(fp)
+ bicl3 #-65536,r2,-320(fp)
+ mull3 r0,-316(fp),-308(fp)
+ mull2 r3,-316(fp)
+ mull3 r3,-320(fp),-312(fp)
+ mull2 r0,-320(fp)
+ addl3 -308(fp),-312(fp),r0
+ bicl3 #0,r0,-308(fp)
+ cmpl -308(fp),-312(fp)
+ bgequ noname.121
+ addl2 #65536,-320(fp)
+noname.121:
+ movzwl -306(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-320(fp)
+ bicl3 #-65536,-308(fp),r0
+ ashl #16,r0,-312(fp)
+ addl3 -312(fp),-316(fp),r0
+ bicl3 #0,r0,-316(fp)
+ cmpl -316(fp),-312(fp)
+ bgequ noname.122
+ incl -320(fp)
+noname.122:
+ movl -316(fp),r1
+ movl -320(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.123
+ incl r2
+
+noname.123:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.124
+ incl r8
+noname.124:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-332(fp)
+ bicl3 #-65536,r2,-336(fp)
+ mull3 r0,-332(fp),-324(fp)
+ mull2 r3,-332(fp)
+ mull3 r3,-336(fp),-328(fp)
+ mull2 r0,-336(fp)
+ addl3 -324(fp),-328(fp),r0
+ bicl3 #0,r0,-324(fp)
+ cmpl -324(fp),-328(fp)
+ bgequ noname.125
+ addl2 #65536,-336(fp)
+noname.125:
+ movzwl -322(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-336(fp)
+ bicl3 #-65536,-324(fp),r0
+ ashl #16,r0,-328(fp)
+ addl3 -328(fp),-332(fp),r0
+ bicl3 #0,r0,-332(fp)
+ cmpl -332(fp),-328(fp)
+ bgequ noname.126
+ incl -336(fp)
+noname.126:
+ movl -332(fp),r1
+ movl -336(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.127
+ incl r2
+noname.127:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.128
+ incl r8
+noname.128:
+
+ movl r10,20(r11)
+
+ clrl r10
+
+ movzwl 26(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,24(r6),-348(fp)
+ bicl3 #-65536,r2,-352(fp)
+ mull3 r0,-348(fp),-340(fp)
+ mull2 r3,-348(fp)
+ mull3 r3,-352(fp),-344(fp)
+ mull2 r0,-352(fp)
+ addl3 -340(fp),-344(fp),r0
+ bicl3 #0,r0,-340(fp)
+ cmpl -340(fp),-344(fp)
+ bgequ noname.129
+ addl2 #65536,-352(fp)
+noname.129:
+ movzwl -338(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-352(fp)
+ bicl3 #-65536,-340(fp),r0
+ ashl #16,r0,-344(fp)
+ addl3 -344(fp),-348(fp),r0
+ bicl3 #0,r0,-348(fp)
+ cmpl -348(fp),-344(fp)
+ bgequ noname.130
+ incl -352(fp)
+noname.130:
+ movl -348(fp),r1
+ movl -352(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.131
+ incl r2
+noname.131:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.132
+ incl r10
+noname.132:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-364(fp)
+ bicl3 #-65536,r2,-368(fp)
+ mull3 r0,-364(fp),-356(fp)
+ mull2 r3,-364(fp)
+ mull3 r3,-368(fp),-360(fp)
+ mull2 r0,-368(fp)
+ addl3 -356(fp),-360(fp),r0
+ bicl3 #0,r0,-356(fp)
+ cmpl -356(fp),-360(fp)
+ bgequ noname.133
+ addl2 #65536,-368(fp)
+noname.133:
+ movzwl -354(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-368(fp)
+ bicl3 #-65536,-356(fp),r0
+ ashl #16,r0,-360(fp)
+ addl3 -360(fp),-364(fp),r0
+ bicl3 #0,r0,-364(fp)
+ cmpl -364(fp),-360(fp)
+ bgequ noname.134
+ incl -368(fp)
+noname.134:
+ movl -364(fp),r1
+ movl -368(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.135
+ incl r2
+noname.135:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.136
+ incl r10
+noname.136:
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-380(fp)
+ bicl3 #-65536,r2,-384(fp)
+ mull3 r0,-380(fp),-372(fp)
+ mull2 r3,-380(fp)
+ mull3 r3,-384(fp),-376(fp)
+ mull2 r0,-384(fp)
+ addl3 -372(fp),-376(fp),r0
+ bicl3 #0,r0,-372(fp)
+ cmpl -372(fp),-376(fp)
+ bgequ noname.137
+ addl2 #65536,-384(fp)
+noname.137:
+ movzwl -370(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-384(fp)
+ bicl3 #-65536,-372(fp),r0
+ ashl #16,r0,-376(fp)
+ addl3 -376(fp),-380(fp),r0
+ bicl3 #0,r0,-380(fp)
+ cmpl -380(fp),-376(fp)
+ bgequ noname.138
+ incl -384(fp)
+noname.138:
+ movl -380(fp),r1
+ movl -384(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.139
+ incl r2
+noname.139:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.140
+ incl r10
+noname.140:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-396(fp)
+ bicl3 #-65536,r2,-400(fp)
+ mull3 r0,-396(fp),-388(fp)
+ mull2 r3,-396(fp)
+ mull3 r3,-400(fp),-392(fp)
+ mull2 r0,-400(fp)
+ addl3 -388(fp),-392(fp),r0
+ bicl3 #0,r0,-388(fp)
+ cmpl -388(fp),-392(fp)
+ bgequ noname.141
+ addl2 #65536,-400(fp)
+noname.141:
+ movzwl -386(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-400(fp)
+ bicl3 #-65536,-388(fp),r0
+ ashl #16,r0,-392(fp)
+ addl3 -392(fp),-396(fp),r0
+ bicl3 #0,r0,-396(fp)
+ cmpl -396(fp),-392(fp)
+ bgequ noname.142
+ incl -400(fp)
+noname.142:
+ movl -396(fp),r1
+ movl -400(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.143
+ incl r2
+noname.143:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.144
+ incl r10
+noname.144:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-412(fp)
+ bicl3 #-65536,r2,-416(fp)
+ mull3 r0,-412(fp),-404(fp)
+ mull2 r3,-412(fp)
+ mull3 r3,-416(fp),-408(fp)
+ mull2 r0,-416(fp)
+ addl3 -404(fp),-408(fp),r0
+ bicl3 #0,r0,-404(fp)
+ cmpl -404(fp),-408(fp)
+ bgequ noname.145
+ addl2 #65536,-416(fp)
+noname.145:
+ movzwl -402(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-416(fp)
+ bicl3 #-65536,-404(fp),r0
+ ashl #16,r0,-408(fp)
+ addl3 -408(fp),-412(fp),r0
+ bicl3 #0,r0,-412(fp)
+ cmpl -412(fp),-408(fp)
+ bgequ noname.146
+ incl -416(fp)
+noname.146:
+ movl -412(fp),r1
+ movl -416(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.147
+ incl r2
+noname.147:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.148
+ incl r10
+noname.148:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,20(r7),r3
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-428(fp)
+ bicl3 #-65536,r2,-432(fp)
+ mull3 r0,-428(fp),-420(fp)
+ mull2 r3,-428(fp)
+ mull3 r3,-432(fp),-424(fp)
+ mull2 r0,-432(fp)
+ addl3 -420(fp),-424(fp),r0
+ bicl3 #0,r0,-420(fp)
+ cmpl -420(fp),-424(fp)
+ bgequ noname.149
+ addl2 #65536,-432(fp)
+noname.149:
+ movzwl -418(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-432(fp)
+ bicl3 #-65536,-420(fp),r0
+ ashl #16,r0,-424(fp)
+ addl3 -424(fp),-428(fp),r0
+ bicl3 #0,r0,-428(fp)
+ cmpl -428(fp),-424(fp)
+ bgequ noname.150
+ incl -432(fp)
+noname.150:
+ movl -428(fp),r1
+ movl -432(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.151
+ incl r2
+noname.151:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.152
+ incl r10
+noname.152:
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-444(fp)
+ bicl3 #-65536,r2,-448(fp)
+ mull3 r0,-444(fp),-436(fp)
+ mull2 r3,-444(fp)
+ mull3 r3,-448(fp),-440(fp)
+ mull2 r0,-448(fp)
+ addl3 -436(fp),-440(fp),r0
+ bicl3 #0,r0,-436(fp)
+ cmpl -436(fp),-440(fp)
+ bgequ noname.153
+ addl2 #65536,-448(fp)
+noname.153:
+ movzwl -434(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-448(fp)
+ bicl3 #-65536,-436(fp),r0
+ ashl #16,r0,-440(fp)
+ addl3 -440(fp),-444(fp),r0
+ bicl3 #0,r0,-444(fp)
+ cmpl -444(fp),-440(fp)
+ bgequ noname.154
+ incl -448(fp)
+noname.154:
+ movl -444(fp),r1
+ movl -448(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.155
+ incl r2
+noname.155:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.156
+ incl r10
+noname.156:
+
+ movl r9,24(r11)
+
+ clrl r9
+
+ movzwl 2(r6),r2
+ bicl3 #-65536,28(r7),r3
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,(r6),-460(fp)
+ bicl3 #-65536,r2,-464(fp)
+ mull3 r0,-460(fp),-452(fp)
+ mull2 r3,-460(fp)
+ mull3 r3,-464(fp),-456(fp)
+ mull2 r0,-464(fp)
+ addl3 -452(fp),-456(fp),r0
+ bicl3 #0,r0,-452(fp)
+ cmpl -452(fp),-456(fp)
+ bgequ noname.157
+ addl2 #65536,-464(fp)
+noname.157:
+ movzwl -450(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-464(fp)
+ bicl3 #-65536,-452(fp),r0
+ ashl #16,r0,-456(fp)
+ addl3 -456(fp),-460(fp),r0
+ bicl3 #0,r0,-460(fp)
+ cmpl -460(fp),-456(fp)
+ bgequ noname.158
+ incl -464(fp)
+noname.158:
+ movl -460(fp),r1
+ movl -464(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.159
+ incl r2
+noname.159:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.160
+ incl r9
+noname.160:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-476(fp)
+ bicl3 #-65536,r2,-480(fp)
+ mull3 r0,-476(fp),-468(fp)
+ mull2 r3,-476(fp)
+ mull3 r3,-480(fp),-472(fp)
+ mull2 r0,-480(fp)
+ addl3 -468(fp),-472(fp),r0
+ bicl3 #0,r0,-468(fp)
+ cmpl -468(fp),-472(fp)
+ bgequ noname.161
+ addl2 #65536,-480(fp)
+noname.161:
+ movzwl -466(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-480(fp)
+ bicl3 #-65536,-468(fp),r0
+ ashl #16,r0,-472(fp)
+ addl3 -472(fp),-476(fp),r0
+ bicl3 #0,r0,-476(fp)
+ cmpl -476(fp),-472(fp)
+ bgequ noname.162
+ incl -480(fp)
+noname.162:
+ movl -476(fp),r1
+ movl -480(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.163
+ incl r2
+noname.163:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.164
+ incl r9
+noname.164:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,20(r7),r3
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-492(fp)
+ bicl3 #-65536,r2,-496(fp)
+ mull3 r0,-492(fp),-484(fp)
+ mull2 r3,-492(fp)
+ mull3 r3,-496(fp),-488(fp)
+ mull2 r0,-496(fp)
+ addl3 -484(fp),-488(fp),r0
+ bicl3 #0,r0,-484(fp)
+ cmpl -484(fp),-488(fp)
+ bgequ noname.165
+ addl2 #65536,-496(fp)
+noname.165:
+ movzwl -482(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-496(fp)
+ bicl3 #-65536,-484(fp),r0
+ ashl #16,r0,-488(fp)
+ addl3 -488(fp),-492(fp),r0
+ bicl3 #0,r0,-492(fp)
+ cmpl -492(fp),-488(fp)
+ bgequ noname.166
+ incl -496(fp)
+noname.166:
+ movl -492(fp),r1
+ movl -496(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.167
+ incl r2
+noname.167:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.168
+ incl r9
+noname.168:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-508(fp)
+ bicl3 #-65536,r2,-512(fp)
+ mull3 r0,-508(fp),-500(fp)
+ mull2 r3,-508(fp)
+ mull3 r3,-512(fp),-504(fp)
+ mull2 r0,-512(fp)
+ addl3 -500(fp),-504(fp),r0
+ bicl3 #0,r0,-500(fp)
+ cmpl -500(fp),-504(fp)
+ bgequ noname.169
+ addl2 #65536,-512(fp)
+noname.169:
+ movzwl -498(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-512(fp)
+ bicl3 #-65536,-500(fp),r0
+ ashl #16,r0,-504(fp)
+ addl3 -504(fp),-508(fp),r0
+ bicl3 #0,r0,-508(fp)
+ cmpl -508(fp),-504(fp)
+ bgequ noname.170
+ incl -512(fp)
+noname.170:
+ movl -508(fp),r1
+ movl -512(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.171
+ incl r2
+noname.171:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.172
+ incl r9
+noname.172:
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-524(fp)
+ bicl3 #-65536,r2,-528(fp)
+ mull3 r0,-524(fp),-516(fp)
+ mull2 r3,-524(fp)
+ mull3 r3,-528(fp),-520(fp)
+ mull2 r0,-528(fp)
+ addl3 -516(fp),-520(fp),r0
+ bicl3 #0,r0,-516(fp)
+ cmpl -516(fp),-520(fp)
+ bgequ noname.173
+ addl2 #65536,-528(fp)
+noname.173:
+ movzwl -514(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-528(fp)
+ bicl3 #-65536,-516(fp),r0
+ ashl #16,r0,-520(fp)
+ addl3 -520(fp),-524(fp),r0
+ bicl3 #0,r0,-524(fp)
+ cmpl -524(fp),-520(fp)
+ bgequ noname.174
+ incl -528(fp)
+noname.174:
+ movl -524(fp),r1
+ movl -528(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.175
+ incl r2
+noname.175:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.176
+ incl r9
+noname.176:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-540(fp)
+ bicl3 #-65536,r2,-544(fp)
+ mull3 r0,-540(fp),-532(fp)
+ mull2 r3,-540(fp)
+ mull3 r3,-544(fp),-536(fp)
+ mull2 r0,-544(fp)
+ addl3 -532(fp),-536(fp),r0
+ bicl3 #0,r0,-532(fp)
+ cmpl -532(fp),-536(fp)
+ bgequ noname.177
+ addl2 #65536,-544(fp)
+noname.177:
+ movzwl -530(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-544(fp)
+ bicl3 #-65536,-532(fp),r0
+ ashl #16,r0,-536(fp)
+ addl3 -536(fp),-540(fp),r0
+ bicl3 #0,r0,-540(fp)
+ cmpl -540(fp),-536(fp)
+ bgequ noname.178
+ incl -544(fp)
+noname.178:
+ movl -540(fp),r1
+ movl -544(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.179
+ incl r2
+noname.179:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.180
+ incl r9
+noname.180:
+
+ movzwl 26(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,24(r6),-556(fp)
+ bicl3 #-65536,r2,-560(fp)
+ mull3 r0,-556(fp),-548(fp)
+ mull2 r3,-556(fp)
+ mull3 r3,-560(fp),-552(fp)
+ mull2 r0,-560(fp)
+ addl3 -548(fp),-552(fp),r0
+ bicl3 #0,r0,-548(fp)
+ cmpl -548(fp),-552(fp)
+ bgequ noname.181
+ addl2 #65536,-560(fp)
+noname.181:
+ movzwl -546(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-560(fp)
+ bicl3 #-65536,-548(fp),r0
+ ashl #16,r0,-552(fp)
+ addl3 -552(fp),-556(fp),r0
+ bicl3 #0,r0,-556(fp)
+ cmpl -556(fp),-552(fp)
+ bgequ noname.182
+ incl -560(fp)
+noname.182:
+ movl -556(fp),r1
+ movl -560(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.183
+ incl r2
+noname.183:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.184
+ incl r9
+noname.184:
+
+ movzwl 30(r6),r2
+ bicl3 #-65536,(r7),r3
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,28(r6),-572(fp)
+ bicl3 #-65536,r2,-576(fp)
+ mull3 r0,-572(fp),-564(fp)
+ mull2 r3,-572(fp)
+ mull3 r3,-576(fp),-568(fp)
+ mull2 r0,-576(fp)
+ addl3 -564(fp),-568(fp),r0
+ bicl3 #0,r0,-564(fp)
+ cmpl -564(fp),-568(fp)
+ bgequ noname.185
+ addl2 #65536,-576(fp)
+noname.185:
+ movzwl -562(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-576(fp)
+ bicl3 #-65536,-564(fp),r0
+ ashl #16,r0,-568(fp)
+ addl3 -568(fp),-572(fp),r0
+ bicl3 #0,r0,-572(fp)
+ cmpl -572(fp),-568(fp)
+ bgequ noname.186
+ incl -576(fp)
+noname.186:
+ movl -572(fp),r1
+ movl -576(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.187
+ incl r2
+noname.187:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.188
+ incl r9
+noname.188:
+
+ movl r8,28(r11)
+
+ clrl r8
+
+ movzwl 30(r6),r2
+ bicl3 #-65536,4(r7),r3
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,28(r6),-588(fp)
+ bicl3 #-65536,r2,-592(fp)
+ mull3 r0,-588(fp),-580(fp)
+ mull2 r3,-588(fp)
+ mull3 r3,-592(fp),-584(fp)
+ mull2 r0,-592(fp)
+ addl3 -580(fp),-584(fp),r0
+ bicl3 #0,r0,-580(fp)
+ cmpl -580(fp),-584(fp)
+ bgequ noname.189
+ addl2 #65536,-592(fp)
+noname.189:
+ movzwl -578(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-592(fp)
+ bicl3 #-65536,-580(fp),r0
+ ashl #16,r0,-584(fp)
+ addl3 -584(fp),-588(fp),r0
+ bicl3 #0,r0,-588(fp)
+ cmpl -588(fp),-584(fp)
+ bgequ noname.190
+ incl -592(fp)
+noname.190:
+ movl -588(fp),r1
+ movl -592(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.191
+ incl r2
+noname.191:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.192
+ incl r8
+noname.192:
+
+ movzwl 26(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,24(r6),-604(fp)
+ bicl3 #-65536,r2,-608(fp)
+ mull3 r0,-604(fp),-596(fp)
+ mull2 r3,-604(fp)
+ mull3 r3,-608(fp),-600(fp)
+ mull2 r0,-608(fp)
+ addl3 -596(fp),-600(fp),r0
+ bicl3 #0,r0,-596(fp)
+ cmpl -596(fp),-600(fp)
+ bgequ noname.193
+ addl2 #65536,-608(fp)
+noname.193:
+ movzwl -594(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-608(fp)
+ bicl3 #-65536,-596(fp),r0
+ ashl #16,r0,-600(fp)
+ addl3 -600(fp),-604(fp),r0
+ bicl3 #0,r0,-604(fp)
+ cmpl -604(fp),-600(fp)
+ bgequ noname.194
+ incl -608(fp)
+noname.194:
+ movl -604(fp),r1
+ movl -608(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.195
+ incl r2
+noname.195:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.196
+ incl r8
+noname.196:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-620(fp)
+ bicl3 #-65536,r2,-624(fp)
+ mull3 r0,-620(fp),-612(fp)
+ mull2 r3,-620(fp)
+ mull3 r3,-624(fp),-616(fp)
+ mull2 r0,-624(fp)
+ addl3 -612(fp),-616(fp),r0
+ bicl3 #0,r0,-612(fp)
+ cmpl -612(fp),-616(fp)
+ bgequ noname.197
+ addl2 #65536,-624(fp)
+noname.197:
+ movzwl -610(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-624(fp)
+ bicl3 #-65536,-612(fp),r0
+ ashl #16,r0,-616(fp)
+ addl3 -616(fp),-620(fp),r0
+ bicl3 #0,r0,-620(fp)
+ cmpl -620(fp),-616(fp)
+ bgequ noname.198
+ incl -624(fp)
+noname.198:
+ movl -620(fp),r1
+ movl -624(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.199
+ incl r2
+noname.199:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.200
+ incl r8
+noname.200:
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-636(fp)
+ bicl3 #-65536,r2,-640(fp)
+ mull3 r0,-636(fp),-628(fp)
+ mull2 r3,-636(fp)
+ mull3 r3,-640(fp),-632(fp)
+ mull2 r0,-640(fp)
+ addl3 -628(fp),-632(fp),r0
+ bicl3 #0,r0,-628(fp)
+ cmpl -628(fp),-632(fp)
+ bgequ noname.201
+ addl2 #65536,-640(fp)
+noname.201:
+ movzwl -626(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-640(fp)
+ bicl3 #-65536,-628(fp),r0
+ ashl #16,r0,-632(fp)
+ addl3 -632(fp),-636(fp),r0
+ bicl3 #0,r0,-636(fp)
+ cmpl -636(fp),-632(fp)
+ bgequ noname.202
+ incl -640(fp)
+noname.202:
+ movl -636(fp),r1
+ movl -640(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.203
+ incl r2
+noname.203:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.204
+ incl r8
+noname.204:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,20(r7),r3
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-652(fp)
+ bicl3 #-65536,r2,-656(fp)
+ mull3 r0,-652(fp),-644(fp)
+ mull2 r3,-652(fp)
+ mull3 r3,-656(fp),-648(fp)
+ mull2 r0,-656(fp)
+ addl3 -644(fp),-648(fp),r0
+ bicl3 #0,r0,-644(fp)
+ cmpl -644(fp),-648(fp)
+ bgequ noname.205
+ addl2 #65536,-656(fp)
+noname.205:
+ movzwl -642(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-656(fp)
+ bicl3 #-65536,-644(fp),r0
+ ashl #16,r0,-648(fp)
+ addl3 -648(fp),-652(fp),r0
+ bicl3 #0,r0,-652(fp)
+ cmpl -652(fp),-648(fp)
+ bgequ noname.206
+ incl -656(fp)
+noname.206:
+ movl -652(fp),r1
+ movl -656(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.207
+ incl r2
+noname.207:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.208
+ incl r8
+noname.208:
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-668(fp)
+ bicl3 #-65536,r2,-672(fp)
+ mull3 r0,-668(fp),-660(fp)
+ mull2 r3,-668(fp)
+ mull3 r3,-672(fp),-664(fp)
+ mull2 r0,-672(fp)
+ addl3 -660(fp),-664(fp),r0
+ bicl3 #0,r0,-660(fp)
+ cmpl -660(fp),-664(fp)
+ bgequ noname.209
+ addl2 #65536,-672(fp)
+noname.209:
+ movzwl -658(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-672(fp)
+ bicl3 #-65536,-660(fp),r0
+ ashl #16,r0,-664(fp)
+ addl3 -664(fp),-668(fp),r0
+ bicl3 #0,r0,-668(fp)
+ cmpl -668(fp),-664(fp)
+ bgequ noname.210
+ incl -672(fp)
+noname.210:
+ movl -668(fp),r1
+ movl -672(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.211
+ incl r2
+noname.211:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.212
+ incl r8
+noname.212:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,28(r7),r3
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-684(fp)
+ bicl3 #-65536,r2,-688(fp)
+ mull3 r0,-684(fp),-676(fp)
+ mull2 r3,-684(fp)
+ mull3 r3,-688(fp),-680(fp)
+ mull2 r0,-688(fp)
+ addl3 -676(fp),-680(fp),r0
+ bicl3 #0,r0,-676(fp)
+ cmpl -676(fp),-680(fp)
+ bgequ noname.213
+ addl2 #65536,-688(fp)
+noname.213:
+ movzwl -674(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-688(fp)
+ bicl3 #-65536,-676(fp),r0
+ ashl #16,r0,-680(fp)
+ addl3 -680(fp),-684(fp),r0
+ bicl3 #0,r0,-684(fp)
+ cmpl -684(fp),-680(fp)
+ bgequ noname.214
+ incl -688(fp)
+noname.214:
+ movl -684(fp),r1
+ movl -688(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.215
+ incl r2
+noname.215:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.216
+ incl r8
+noname.216:
+
+ movl r10,32(r11)
+
+ clrl r10
+
+ movzwl 10(r6),r2
+ bicl3 #-65536,28(r7),r3
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r6),-700(fp)
+ bicl3 #-65536,r2,-704(fp)
+ mull3 r0,-700(fp),-692(fp)
+ mull2 r3,-700(fp)
+ mull3 r3,-704(fp),-696(fp)
+ mull2 r0,-704(fp)
+ addl3 -692(fp),-696(fp),r0
+ bicl3 #0,r0,-692(fp)
+ cmpl -692(fp),-696(fp)
+ bgequ noname.217
+ addl2 #65536,-704(fp)
+noname.217:
+ movzwl -690(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-704(fp)
+ bicl3 #-65536,-692(fp),r0
+ ashl #16,r0,-696(fp)
+ addl3 -696(fp),-700(fp),r0
+ bicl3 #0,r0,-700(fp)
+ cmpl -700(fp),-696(fp)
+ bgequ noname.218
+ incl -704(fp)
+noname.218:
+ movl -700(fp),r1
+ movl -704(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.219
+ incl r2
+noname.219:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.220
+ incl r10
+noname.220:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-716(fp)
+ bicl3 #-65536,r2,-720(fp)
+ mull3 r0,-716(fp),-708(fp)
+ mull2 r3,-716(fp)
+ mull3 r3,-720(fp),-712(fp)
+ mull2 r0,-720(fp)
+ addl3 -708(fp),-712(fp),r0
+ bicl3 #0,r0,-708(fp)
+ cmpl -708(fp),-712(fp)
+ bgequ noname.221
+ addl2 #65536,-720(fp)
+noname.221:
+ movzwl -706(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-720(fp)
+ bicl3 #-65536,-708(fp),r0
+ ashl #16,r0,-712(fp)
+ addl3 -712(fp),-716(fp),r0
+ bicl3 #0,r0,-716(fp)
+ cmpl -716(fp),-712(fp)
+ bgequ noname.222
+ incl -720(fp)
+noname.222:
+ movl -716(fp),r1
+ movl -720(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.223
+ incl r2
+noname.223:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.224
+ incl r10
+noname.224:
+
+ movzwl 18(r6),r2
+ bicl3 #-65536,20(r7),r3
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r6),-732(fp)
+ bicl3 #-65536,r2,-736(fp)
+ mull3 r0,-732(fp),-724(fp)
+ mull2 r3,-732(fp)
+ mull3 r3,-736(fp),-728(fp)
+ mull2 r0,-736(fp)
+ addl3 -724(fp),-728(fp),r0
+ bicl3 #0,r0,-724(fp)
+ cmpl -724(fp),-728(fp)
+ bgequ noname.225
+ addl2 #65536,-736(fp)
+noname.225:
+ movzwl -722(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-736(fp)
+ bicl3 #-65536,-724(fp),r0
+ ashl #16,r0,-728(fp)
+ addl3 -728(fp),-732(fp),r0
+ bicl3 #0,r0,-732(fp)
+ cmpl -732(fp),-728(fp)
+ bgequ noname.226
+ incl -736(fp)
+noname.226:
+ movl -732(fp),r1
+ movl -736(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.227
+ incl r2
+noname.227:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.228
+ incl r10
+noname.228:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,16(r7),r3
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-748(fp)
+ bicl3 #-65536,r2,-752(fp)
+ mull3 r0,-748(fp),-740(fp)
+ mull2 r3,-748(fp)
+ mull3 r3,-752(fp),-744(fp)
+ mull2 r0,-752(fp)
+ addl3 -740(fp),-744(fp),r0
+ bicl3 #0,r0,-740(fp)
+ cmpl -740(fp),-744(fp)
+ bgequ noname.229
+ addl2 #65536,-752(fp)
+noname.229:
+ movzwl -738(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-752(fp)
+ bicl3 #-65536,-740(fp),r0
+ ashl #16,r0,-744(fp)
+ addl3 -744(fp),-748(fp),r0
+ bicl3 #0,r0,-748(fp)
+ cmpl -748(fp),-744(fp)
+ bgequ noname.230
+ incl -752(fp)
+noname.230:
+ movl -748(fp),r1
+ movl -752(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.231
+ incl r2
+noname.231:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.232
+ incl r10
+noname.232:
+
+ movzwl 26(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,24(r6),-764(fp)
+ bicl3 #-65536,r2,-768(fp)
+ mull3 r0,-764(fp),-756(fp)
+ mull2 r3,-764(fp)
+ mull3 r3,-768(fp),-760(fp)
+ mull2 r0,-768(fp)
+ addl3 -756(fp),-760(fp),r0
+ bicl3 #0,r0,-756(fp)
+ cmpl -756(fp),-760(fp)
+ bgequ noname.233
+ addl2 #65536,-768(fp)
+noname.233:
+ movzwl -754(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-768(fp)
+ bicl3 #-65536,-756(fp),r0
+ ashl #16,r0,-760(fp)
+ addl3 -760(fp),-764(fp),r0
+ bicl3 #0,r0,-764(fp)
+ cmpl -764(fp),-760(fp)
+ bgequ noname.234
+ incl -768(fp)
+noname.234:
+ movl -764(fp),r1
+ movl -768(fp),r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.235
+ incl r2
+noname.235:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.236
+ incl r10
+noname.236:
+
+ bicl3 #-65536,28(r6),r3
+ movzwl 30(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r7),r2
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-772(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-776(fp)
+ mull2 r0,r4
+ addl3 -772(fp),-776(fp),r0
+ bicl3 #0,r0,-772(fp)
+ cmpl -772(fp),-776(fp)
+ bgequ noname.237
+ addl2 #65536,r4
+noname.237:
+ movzwl -770(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-772(fp),r0
+ ashl #16,r0,-776(fp)
+ addl2 -776(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-776(fp)
+ bgequ noname.238
+ incl r4
+noname.238:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.239
+ incl r2
+noname.239:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.240
+ incl r10
+noname.240:
+
+ movl r9,36(r11)
+
+ clrl r9
+
+ bicl3 #-65536,28(r6),r3
+ movzwl 30(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r7),r2
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-780(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-784(fp)
+ mull2 r0,r4
+ addl3 -780(fp),-784(fp),r0
+ bicl3 #0,r0,-780(fp)
+ cmpl -780(fp),-784(fp)
+ bgequ noname.241
+ addl2 #65536,r4
+noname.241:
+ movzwl -778(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-780(fp),r0
+ ashl #16,r0,-784(fp)
+ addl2 -784(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-784(fp)
+ bgequ noname.242
+ incl r4
+noname.242:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.243
+ incl r2
+noname.243:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.244
+ incl r9
+noname.244:
+
+ bicl3 #-65536,24(r6),r3
+ movzwl 26(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r7),r2
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-788(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-792(fp)
+ mull2 r0,r4
+ addl3 -788(fp),-792(fp),r0
+ bicl3 #0,r0,-788(fp)
+ cmpl -788(fp),-792(fp)
+ bgequ noname.245
+ addl2 #65536,r4
+noname.245:
+ movzwl -786(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-788(fp),r0
+ ashl #16,r0,-792(fp)
+ addl2 -792(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-792(fp)
+ bgequ noname.246
+ incl r4
+noname.246:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.247
+ incl r2
+noname.247:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.248
+ incl r9
+noname.248:
+
+ bicl3 #-65536,20(r6),r3
+ movzwl 22(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r7),r2
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-796(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-800(fp)
+ mull2 r0,r4
+ addl3 -796(fp),-800(fp),r0
+ bicl3 #0,r0,-796(fp)
+ cmpl -796(fp),-800(fp)
+ bgequ noname.249
+ addl2 #65536,r4
+noname.249:
+ movzwl -794(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-796(fp),r0
+ ashl #16,r0,-800(fp)
+ addl2 -800(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-800(fp)
+ bgequ noname.250
+ incl r4
+noname.250:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.251
+ incl r2
+noname.251:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.252
+ incl r9
+noname.252:
+
+ bicl3 #-65536,16(r6),r3
+ movzwl 18(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,24(r7),r2
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-804(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-808(fp)
+ mull2 r0,r4
+ addl3 -804(fp),-808(fp),r0
+ bicl3 #0,r0,-804(fp)
+ cmpl -804(fp),-808(fp)
+ bgequ noname.253
+ addl2 #65536,r4
+noname.253:
+ movzwl -802(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-804(fp),r0
+ ashl #16,r0,-808(fp)
+ addl2 -808(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-808(fp)
+ bgequ noname.254
+ incl r4
+noname.254:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.255
+ incl r2
+noname.255:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.256
+ incl r9
+noname.256:
+
+ bicl3 #-65536,12(r6),r3
+ movzwl 14(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,28(r7),r2
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-812(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-816(fp)
+ mull2 r0,r4
+ addl3 -812(fp),-816(fp),r0
+ bicl3 #0,r0,-812(fp)
+ cmpl -812(fp),-816(fp)
+ bgequ noname.257
+ addl2 #65536,r4
+noname.257:
+ movzwl -810(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-812(fp),r0
+ ashl #16,r0,-816(fp)
+ addl2 -816(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-816(fp)
+ bgequ noname.258
+ incl r4
+noname.258:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.259
+ incl r2
+noname.259:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.260
+ incl r9
+noname.260:
+
+ movl r8,40(r11)
+
+ clrl r8
+
+ bicl3 #-65536,16(r6),r3
+ movzwl 18(r6),r2
+ bicl3 #-65536,28(r7),r1
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r4
+ bicl3 #-65536,r2,-828(fp)
+ mull3 r0,r4,-820(fp)
+ mull2 r1,r4
+ mull3 r1,-828(fp),-824(fp)
+ mull2 r0,-828(fp)
+ addl3 -820(fp),-824(fp),r0
+ bicl3 #0,r0,-820(fp)
+ cmpl -820(fp),-824(fp)
+ bgequ noname.261
+ addl2 #65536,-828(fp)
+noname.261:
+ movzwl -818(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-828(fp)
+ bicl3 #-65536,-820(fp),r0
+ ashl #16,r0,-824(fp)
+ addl2 -824(fp),r4
+ bicl2 #0,r4
+ cmpl r4,-824(fp)
+ bgequ noname.262
+ incl -828(fp)
+noname.262:
+ movl r4,r1
+ movl -828(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.263
+ incl r2
+noname.263:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.264
+ incl r8
+noname.264:
+
+ movzwl 22(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,20(r6),-840(fp)
+ bicl3 #-65536,r2,-844(fp)
+ mull3 r0,-840(fp),-832(fp)
+ mull2 r3,-840(fp)
+ mull3 r3,-844(fp),-836(fp)
+ mull2 r0,-844(fp)
+ addl3 -832(fp),-836(fp),r0
+ bicl3 #0,r0,-832(fp)
+ cmpl -832(fp),-836(fp)
+ bgequ noname.265
+ addl2 #65536,-844(fp)
+noname.265:
+ movzwl -830(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-844(fp)
+ bicl3 #-65536,-832(fp),r0
+ ashl #16,r0,-836(fp)
+ addl3 -836(fp),-840(fp),r0
+ bicl3 #0,r0,-840(fp)
+ cmpl -840(fp),-836(fp)
+ bgequ noname.266
+ incl -844(fp)
+noname.266:
+ movl -840(fp),r1
+ movl -844(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.267
+ incl r2
+noname.267:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.268
+ incl r8
+noname.268:
+
+ bicl3 #-65536,24(r6),r3
+ movzwl 26(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r7),r2
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-848(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-852(fp)
+ mull2 r0,r4
+ addl3 -848(fp),-852(fp),r0
+ bicl3 #0,r0,-848(fp)
+ cmpl -848(fp),-852(fp)
+ bgequ noname.269
+ addl2 #65536,r4
+noname.269:
+ movzwl -846(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-848(fp),r0
+ ashl #16,r0,-852(fp)
+ addl2 -852(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-852(fp)
+ bgequ noname.270
+ incl r4
+noname.270:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.271
+ incl r2
+noname.271:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.272
+ incl r8
+noname.272:
+
+ bicl3 #-65536,28(r6),r3
+ movzwl 30(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r7),r2
+ movzwl 18(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-856(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-860(fp)
+ mull2 r0,r4
+ addl3 -856(fp),-860(fp),r0
+ bicl3 #0,r0,-856(fp)
+ cmpl -856(fp),-860(fp)
+ bgequ noname.273
+ addl2 #65536,r4
+noname.273:
+ movzwl -854(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-856(fp),r0
+ ashl #16,r0,-860(fp)
+ addl2 -860(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-860(fp)
+ bgequ noname.274
+ incl r4
+noname.274:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.275
+ incl r2
+noname.275:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.276
+ incl r8
+noname.276:
+
+ movl r10,44(r11)
+
+ clrl r10
+
+ bicl3 #-65536,28(r6),r3
+ movzwl 30(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r7),r2
+ movzwl 22(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-864(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-868(fp)
+ mull2 r0,r4
+ addl3 -864(fp),-868(fp),r0
+ bicl3 #0,r0,-864(fp)
+ cmpl -864(fp),-868(fp)
+ bgequ noname.277
+ addl2 #65536,r4
+noname.277:
+ movzwl -862(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-864(fp),r0
+ ashl #16,r0,-868(fp)
+ addl2 -868(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-868(fp)
+ bgequ noname.278
+ incl r4
+noname.278:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.279
+ incl r2
+noname.279:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.280
+ incl r10
+noname.280:
+
+ bicl3 #-65536,24(r6),r3
+ movzwl 26(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,24(r7),r2
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-872(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-876(fp)
+ mull2 r0,r4
+ addl3 -872(fp),-876(fp),r0
+ bicl3 #0,r0,-872(fp)
+ cmpl -872(fp),-876(fp)
+ bgequ noname.281
+ addl2 #65536,r4
+noname.281:
+ movzwl -870(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-872(fp),r0
+ ashl #16,r0,-876(fp)
+ addl2 -876(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-876(fp)
+ bgequ noname.282
+ incl r4
+noname.282:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.283
+ incl r2
+noname.283:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.284
+ incl r10
+noname.284:
+
+ bicl3 #-65536,20(r6),r3
+ movzwl 22(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,28(r7),r2
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-880(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-884(fp)
+ mull2 r0,r4
+ addl3 -880(fp),-884(fp),r0
+ bicl3 #0,r0,-880(fp)
+ cmpl -880(fp),-884(fp)
+ bgequ noname.285
+ addl2 #65536,r4
+noname.285:
+ movzwl -878(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-880(fp),r0
+ ashl #16,r0,-884(fp)
+ addl2 -884(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-884(fp)
+ bgequ noname.286
+ incl r4
+noname.286:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.287
+ incl r2
+noname.287:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.288
+ incl r10
+noname.288:
+
+ movl r9,48(r11)
+
+ clrl r9
+
+ bicl3 #-65536,24(r6),r3
+ movzwl 26(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,28(r7),r2
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-888(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-892(fp)
+ mull2 r0,r4
+ addl3 -888(fp),-892(fp),r0
+ bicl3 #0,r0,-888(fp)
+ cmpl -888(fp),-892(fp)
+ bgequ noname.289
+ addl2 #65536,r4
+noname.289:
+ movzwl -886(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-888(fp),r0
+ ashl #16,r0,-892(fp)
+ addl2 -892(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-892(fp)
+ bgequ noname.290
+ incl r4
+noname.290:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.291
+ incl r2
+noname.291:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.292
+ incl r9
+noname.292:
+
+ movzwl 30(r6),r2
+ bicl3 #-65536,24(r7),r3
+ movzwl 26(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,28(r6),-904(fp)
+ bicl3 #-65536,r2,-908(fp)
+ mull3 r0,-904(fp),-896(fp)
+ mull2 r3,-904(fp)
+ mull3 r3,-908(fp),-900(fp)
+ mull2 r0,-908(fp)
+ addl3 -896(fp),-900(fp),r0
+ bicl3 #0,r0,-896(fp)
+ cmpl -896(fp),-900(fp)
+ bgequ noname.293
+ addl2 #65536,-908(fp)
+noname.293:
+ movzwl -894(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-908(fp)
+ bicl3 #-65536,-896(fp),r0
+ ashl #16,r0,-900(fp)
+ addl3 -900(fp),-904(fp),r0
+ bicl3 #0,r0,-904(fp)
+ cmpl -904(fp),-900(fp)
+ bgequ noname.294
+ incl -908(fp)
+noname.294:
+ movl -904(fp),r1
+ movl -908(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.295
+ incl r2
+noname.295:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.296
+ incl r9
+noname.296:
+
+ movl r8,52(r11)
+
+ clrl r8
+
+ movzwl 30(r6),r2
+ bicl3 #-65536,28(r7),r3
+ movzwl 30(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,28(r6),-920(fp)
+ bicl3 #-65536,r2,-924(fp)
+ mull3 r0,-920(fp),-912(fp)
+ mull2 r3,-920(fp)
+ mull3 r3,-924(fp),-916(fp)
+ mull2 r0,-924(fp)
+ addl3 -912(fp),-916(fp),r0
+ bicl3 #0,r0,-912(fp)
+ cmpl -912(fp),-916(fp)
+ bgequ noname.297
+ addl2 #65536,-924(fp)
+noname.297:
+ movzwl -910(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-924(fp)
+ bicl3 #-65536,-912(fp),r0
+ ashl #16,r0,-916(fp)
+ addl3 -916(fp),-920(fp),r0
+ bicl3 #0,r0,-920(fp)
+ cmpl -920(fp),-916(fp)
+ bgequ noname.298
+ incl -924(fp)
+noname.298:
+ movl -920(fp),r1
+ movl -924(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.299
+ incl r2
+noname.299:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.300
+ incl r8
+noname.300:
+
+ movl r10,56(r11)
+
+ movl r9,60(r11)
+
+ ret
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP) n by value (input)
+
+ .psect code,nowrt
+
+.entry BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+ movab -156(sp),sp
+
+ clrq r9
+
+ clrl r8
+
+ movl 8(ap),r6
+ bicl3 #-65536,(r6),r3
+ movzwl 2(r6),r2
+ bicl2 #-65536,r2
+ movl 12(ap),r7
+ bicl3 #-65536,(r7),r1
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r2,r4
+ mull3 r0,r5,-4(fp)
+ mull2 r1,r5
+ mull3 r1,r4,-8(fp)
+ mull2 r0,r4
+ addl3 -4(fp),-8(fp),r0
+ bicl3 #0,r0,-4(fp)
+ cmpl -4(fp),-8(fp)
+ bgequ noname.303
+ addl2 #65536,r4
+noname.303:
+ movzwl -2(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-4(fp),r0
+ ashl #16,r0,-8(fp)
+ addl2 -8(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-8(fp)
+ bgequ noname.304
+ incl r4
+noname.304:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.305
+ incl r2
+noname.305:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.306
+ incl r8
+noname.306:
+
+ movl 4(ap),r11
+ movl r10,(r11)
+
+ clrl r10
+
+ bicl3 #-65536,(r6),r3
+ movzwl 2(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r7),r2
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-12(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-16(fp)
+ mull2 r0,r4
+ addl3 -12(fp),-16(fp),r0
+ bicl3 #0,r0,-12(fp)
+ cmpl -12(fp),-16(fp)
+ bgequ noname.307
+ addl2 #65536,r4
+noname.307:
+ movzwl -10(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-12(fp),r0
+ ashl #16,r0,-16(fp)
+ addl2 -16(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-16(fp)
+ bgequ noname.308
+ incl r4
+noname.308:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.309
+ incl r2
+noname.309:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.310
+ incl r10
+noname.310:
+
+ bicl3 #-65536,4(r6),r3
+ movzwl 6(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r7),r2
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-20(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-24(fp)
+ mull2 r0,r4
+ addl3 -20(fp),-24(fp),r0
+ bicl3 #0,r0,-20(fp)
+ cmpl -20(fp),-24(fp)
+ bgequ noname.311
+ addl2 #65536,r4
+noname.311:
+ movzwl -18(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-20(fp),r0
+ ashl #16,r0,-24(fp)
+ addl2 -24(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-24(fp)
+ bgequ noname.312
+ incl r4
+noname.312:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.313
+ incl r2
+noname.313:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.314
+ incl r10
+noname.314:
+
+ movl r9,4(r11)
+
+ clrl r9
+
+ bicl3 #-65536,8(r6),r3
+ movzwl 10(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r7),r2
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-28(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-32(fp)
+ mull2 r0,r4
+ addl3 -28(fp),-32(fp),r0
+ bicl3 #0,r0,-28(fp)
+ cmpl -28(fp),-32(fp)
+ bgequ noname.315
+ addl2 #65536,r4
+noname.315:
+ movzwl -26(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-28(fp),r0
+ ashl #16,r0,-32(fp)
+ addl2 -32(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-32(fp)
+ bgequ noname.316
+ incl r4
+noname.316:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.317
+ incl r2
+noname.317:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.318
+ incl r9
+noname.318:
+
+ bicl3 #-65536,4(r6),r3
+ movzwl 6(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r7),r2
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-36(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-40(fp)
+ mull2 r0,r4
+ addl3 -36(fp),-40(fp),r0
+ bicl3 #0,r0,-36(fp)
+ cmpl -36(fp),-40(fp)
+ bgequ noname.319
+ addl2 #65536,r4
+noname.319:
+ movzwl -34(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-36(fp),r0
+ ashl #16,r0,-40(fp)
+ addl2 -40(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-40(fp)
+ bgequ noname.320
+ incl r4
+noname.320:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.321
+ incl r2
+noname.321:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.322
+ incl r9
+noname.322:
+
+ bicl3 #-65536,(r6),r3
+ movzwl 2(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r7),r2
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-44(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-48(fp)
+ mull2 r0,r4
+ addl3 -44(fp),-48(fp),r0
+ bicl3 #0,r0,-44(fp)
+ cmpl -44(fp),-48(fp)
+ bgequ noname.323
+ addl2 #65536,r4
+noname.323:
+ movzwl -42(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-44(fp),r0
+ ashl #16,r0,-48(fp)
+ addl2 -48(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-48(fp)
+ bgequ noname.324
+ incl r4
+noname.324:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.325
+ incl r2
+noname.325:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.326
+ incl r9
+noname.326:
+
+ movl r8,8(r11)
+
+ clrl r8
+
+ bicl3 #-65536,(r6),r3
+ movzwl 2(r6),r2
+ bicl3 #-65536,12(r7),r1
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r4
+ bicl3 #-65536,r2,-60(fp)
+ mull3 r0,r4,-52(fp)
+ mull2 r1,r4
+ mull3 r1,-60(fp),-56(fp)
+ mull2 r0,-60(fp)
+ addl3 -52(fp),-56(fp),r0
+ bicl3 #0,r0,-52(fp)
+ cmpl -52(fp),-56(fp)
+ bgequ noname.327
+ addl2 #65536,-60(fp)
+noname.327:
+ movzwl -50(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-60(fp)
+ bicl3 #-65536,-52(fp),r0
+ ashl #16,r0,-56(fp)
+ addl2 -56(fp),r4
+ bicl2 #0,r4
+ cmpl r4,-56(fp)
+ bgequ noname.328
+ incl -60(fp)
+noname.328:
+ movl r4,r1
+ movl -60(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.329
+ incl r2
+noname.329:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.330
+ incl r8
+noname.330:
+
+ movzwl 6(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r6),-72(fp)
+ bicl3 #-65536,r2,-76(fp)
+ mull3 r0,-72(fp),-64(fp)
+ mull2 r3,-72(fp)
+ mull3 r3,-76(fp),-68(fp)
+ mull2 r0,-76(fp)
+ addl3 -64(fp),-68(fp),r0
+ bicl3 #0,r0,-64(fp)
+ cmpl -64(fp),-68(fp)
+ bgequ noname.331
+ addl2 #65536,-76(fp)
+noname.331:
+ movzwl -62(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-76(fp)
+ bicl3 #-65536,-64(fp),r0
+ ashl #16,r0,-68(fp)
+ addl3 -68(fp),-72(fp),r0
+ bicl3 #0,r0,-72(fp)
+ cmpl -72(fp),-68(fp)
+ bgequ noname.332
+ incl -76(fp)
+noname.332:
+ movl -72(fp),r1
+ movl -76(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.333
+ incl r2
+noname.333:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.334
+ incl r8
+noname.334:
+
+ bicl3 #-65536,8(r6),r3
+ movzwl 10(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r7),r2
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-80(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-84(fp)
+ mull2 r0,r4
+ addl3 -80(fp),-84(fp),r0
+ bicl3 #0,r0,-80(fp)
+ cmpl -80(fp),-84(fp)
+ bgequ noname.335
+ addl2 #65536,r4
+noname.335:
+ movzwl -78(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-80(fp),r0
+ ashl #16,r0,-84(fp)
+ addl2 -84(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-84(fp)
+ bgequ noname.336
+ incl r4
+noname.336:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.337
+ incl r2
+noname.337:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.338
+ incl r8
+noname.338:
+
+ bicl3 #-65536,12(r6),r3
+ movzwl 14(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r7),r2
+ movzwl 2(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-88(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-92(fp)
+ mull2 r0,r4
+ addl3 -88(fp),-92(fp),r0
+ bicl3 #0,r0,-88(fp)
+ cmpl -88(fp),-92(fp)
+ bgequ noname.339
+ addl2 #65536,r4
+noname.339:
+ movzwl -86(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-88(fp),r0
+ ashl #16,r0,-92(fp)
+ addl2 -92(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-92(fp)
+ bgequ noname.340
+ incl r4
+noname.340:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.341
+ incl r2
+noname.341:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.342
+ incl r8
+noname.342:
+
+ movl r10,12(r11)
+
+ clrl r10
+
+ bicl3 #-65536,12(r6),r3
+ movzwl 14(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r7),r2
+ movzwl 6(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-96(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-100(fp)
+ mull2 r0,r4
+ addl3 -96(fp),-100(fp),r0
+ bicl3 #0,r0,-96(fp)
+ cmpl -96(fp),-100(fp)
+ bgequ noname.343
+ addl2 #65536,r4
+noname.343:
+ movzwl -94(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-96(fp),r0
+ ashl #16,r0,-100(fp)
+ addl2 -100(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-100(fp)
+ bgequ noname.344
+ incl r4
+noname.344:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.345
+ incl r2
+noname.345:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.346
+ incl r10
+noname.346:
+
+ bicl3 #-65536,8(r6),r3
+ movzwl 10(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r7),r2
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-104(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-108(fp)
+ mull2 r0,r4
+ addl3 -104(fp),-108(fp),r0
+ bicl3 #0,r0,-104(fp)
+ cmpl -104(fp),-108(fp)
+ bgequ noname.347
+ addl2 #65536,r4
+noname.347:
+ movzwl -102(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-104(fp),r0
+ ashl #16,r0,-108(fp)
+ addl2 -108(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-108(fp)
+ bgequ noname.348
+ incl r4
+noname.348:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.349
+ incl r2
+noname.349:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.350
+ incl r10
+noname.350:
+
+ bicl3 #-65536,4(r6),r3
+ movzwl 6(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r7),r2
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-112(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-116(fp)
+ mull2 r0,r4
+ addl3 -112(fp),-116(fp),r0
+ bicl3 #0,r0,-112(fp)
+ cmpl -112(fp),-116(fp)
+ bgequ noname.351
+ addl2 #65536,r4
+noname.351:
+ movzwl -110(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-112(fp),r0
+ ashl #16,r0,-116(fp)
+ addl2 -116(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-116(fp)
+ bgequ noname.352
+ incl r4
+noname.352:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.353
+ incl r2
+noname.353:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.354
+ incl r10
+noname.354:
+
+ movl r9,16(r11)
+
+ clrl r9
+
+ bicl3 #-65536,8(r6),r3
+ movzwl 10(r6),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r7),r2
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-120(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-124(fp)
+ mull2 r0,r4
+ addl3 -120(fp),-124(fp),r0
+ bicl3 #0,r0,-120(fp)
+ cmpl -120(fp),-124(fp)
+ bgequ noname.355
+ addl2 #65536,r4
+noname.355:
+ movzwl -118(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-120(fp),r0
+ ashl #16,r0,-124(fp)
+ addl2 -124(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-124(fp)
+ bgequ noname.356
+ incl r4
+noname.356:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.357
+ incl r2
+noname.357:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.358
+ incl r9
+noname.358:
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,8(r7),r3
+ movzwl 10(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-136(fp)
+ bicl3 #-65536,r2,-140(fp)
+ mull3 r0,-136(fp),-128(fp)
+ mull2 r3,-136(fp)
+ mull3 r3,-140(fp),-132(fp)
+ mull2 r0,-140(fp)
+ addl3 -128(fp),-132(fp),r0
+ bicl3 #0,r0,-128(fp)
+ cmpl -128(fp),-132(fp)
+ bgequ noname.359
+ addl2 #65536,-140(fp)
+noname.359:
+ movzwl -126(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-140(fp)
+ bicl3 #-65536,-128(fp),r0
+ ashl #16,r0,-132(fp)
+ addl3 -132(fp),-136(fp),r0
+ bicl3 #0,r0,-136(fp)
+ cmpl -136(fp),-132(fp)
+ bgequ noname.360
+ incl -140(fp)
+noname.360:
+ movl -136(fp),r1
+ movl -140(fp),r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.361
+ incl r2
+noname.361:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.362
+ incl r9
+noname.362:
+
+ movl r8,20(r11)
+
+ clrl r8
+
+ movzwl 14(r6),r2
+ bicl3 #-65536,12(r7),r3
+ movzwl 14(r7),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r6),-152(fp)
+ bicl3 #-65536,r2,-156(fp)
+ mull3 r0,-152(fp),-144(fp)
+ mull2 r3,-152(fp)
+ mull3 r3,-156(fp),-148(fp)
+ mull2 r0,-156(fp)
+ addl3 -144(fp),-148(fp),r0
+ bicl3 #0,r0,-144(fp)
+ cmpl -144(fp),-148(fp)
+ bgequ noname.363
+ addl2 #65536,-156(fp)
+noname.363:
+ movzwl -142(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-156(fp)
+ bicl3 #-65536,-144(fp),r0
+ ashl #16,r0,-148(fp)
+ addl3 -148(fp),-152(fp),r0
+ bicl3 #0,r0,-152(fp)
+ cmpl -152(fp),-148(fp)
+ bgequ noname.364
+ incl -156(fp)
+noname.364:
+ movl -152(fp),r1
+ movl -156(fp),r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.365
+ incl r2
+noname.365:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.366
+ incl r8
+noname.366:
+
+ movl r10,24(r11)
+
+ movl r9,28(r11)
+
+ ret
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP) n by value (input)
+
+ .psect code,nowrt
+
+.entry BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+ movab -444(sp),sp
+
+ clrq r8
+
+ clrl r7
+
+ movl 8(ap),r4
+ movl (r4),r3
+ bicl3 #-65536,r3,-4(fp)
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ movl -4(fp),r0
+ mull3 r0,r3,-8(fp)
+ mull3 r0,r0,-4(fp)
+ mull2 r3,r3
+ bicl3 #32767,-8(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl3 #-65536,-8(fp),r0
+ ashl #17,r0,-8(fp)
+ addl3 -4(fp),-8(fp),r0
+ bicl3 #0,r0,-4(fp)
+ cmpl -4(fp),-8(fp)
+ bgequ noname.369
+ incl r3
+noname.369:
+ movl -4(fp),r1
+ movl r3,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.370
+ incl r2
+noname.370:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.371
+ incl r7
+noname.371:
+
+ movl r9, at 4(ap)
+
+ clrl r9
+
+ movzwl 6(r4),r2
+ bicl3 #-65536,(r4),r3
+ movzwl 2(r4),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,4(r4),-20(fp)
+ bicl3 #-65536,r2,-24(fp)
+ mull3 r0,-20(fp),-12(fp)
+ mull2 r3,-20(fp)
+ mull3 r3,-24(fp),-16(fp)
+ mull2 r0,-24(fp)
+ addl3 -12(fp),-16(fp),r0
+ bicl3 #0,r0,-12(fp)
+ cmpl -12(fp),-16(fp)
+ bgequ noname.372
+ addl2 #65536,-24(fp)
+noname.372:
+ movzwl -10(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-24(fp)
+ bicl3 #-65536,-12(fp),r0
+ ashl #16,r0,-16(fp)
+ addl3 -16(fp),-20(fp),r0
+ bicl3 #0,r0,-20(fp)
+ cmpl -20(fp),-16(fp)
+ bgequ noname.373
+ incl -24(fp)
+noname.373:
+ movl -20(fp),r3
+ movl -24(fp),r2
+ bbc #31,r2,noname.374
+ incl r9
+noname.374:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.375
+ incl r2
+noname.375:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.376
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.376
+ incl r9
+noname.376:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.377
+ incl r9
+noname.377:
+
+ movl 4(ap),r0
+ movl r8,4(r0)
+
+ clrl r8
+
+ movl 8(ap),r4
+ movl 4(r4),r3
+ bicl3 #-65536,r3,-28(fp)
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ movl -28(fp),r0
+ mull3 r0,r3,-32(fp)
+ mull3 r0,r0,-28(fp)
+ mull2 r3,r3
+ bicl3 #32767,-32(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl3 #-65536,-32(fp),r0
+ ashl #17,r0,-32(fp)
+ addl3 -28(fp),-32(fp),r0
+ bicl3 #0,r0,-28(fp)
+ cmpl -28(fp),-32(fp)
+ bgequ noname.378
+ incl r3
+noname.378:
+ movl -28(fp),r1
+ movl r3,r2
+ addl2 r1,r7
+ bicl2 #0,r7
+ cmpl r7,r1
+ bgequ noname.379
+ incl r2
+noname.379:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.380
+ incl r8
+noname.380:
+
+ movzwl 10(r4),r2
+ bicl3 #-65536,(r4),r3
+ movzwl 2(r4),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,8(r4),-44(fp)
+ bicl3 #-65536,r2,-48(fp)
+ mull3 r0,-44(fp),-36(fp)
+ mull2 r3,-44(fp)
+ mull3 r3,-48(fp),-40(fp)
+ mull2 r0,-48(fp)
+ addl3 -36(fp),-40(fp),r0
+ bicl3 #0,r0,-36(fp)
+ cmpl -36(fp),-40(fp)
+ bgequ noname.381
+ addl2 #65536,-48(fp)
+noname.381:
+ movzwl -34(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-48(fp)
+ bicl3 #-65536,-36(fp),r0
+ ashl #16,r0,-40(fp)
+ addl3 -40(fp),-44(fp),r0
+ bicl3 #0,r0,-44(fp)
+ cmpl -44(fp),-40(fp)
+ bgequ noname.382
+ incl -48(fp)
+noname.382:
+ movl -44(fp),r3
+ movl -48(fp),r2
+ bbc #31,r2,noname.383
+ incl r8
+noname.383:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.384
+ incl r2
+noname.384:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.385
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.385
+ incl r8
+noname.385:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.386
+ incl r8
+noname.386:
+
+ movl 4(ap),r0
+ movl r7,8(r0)
+
+ clrl r7
+
+ movl 8(ap),r0
+ movzwl 14(r0),r2
+ bicl3 #-65536,(r0),r3
+ movzwl 2(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r0),-60(fp)
+ bicl3 #-65536,r2,-64(fp)
+ mull3 r1,-60(fp),-52(fp)
+ mull2 r3,-60(fp)
+ mull3 r3,-64(fp),-56(fp)
+ mull2 r1,-64(fp)
+ addl3 -52(fp),-56(fp),r0
+ bicl3 #0,r0,-52(fp)
+ cmpl -52(fp),-56(fp)
+ bgequ noname.387
+ addl2 #65536,-64(fp)
+noname.387:
+ movzwl -50(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-64(fp)
+ bicl3 #-65536,-52(fp),r0
+ ashl #16,r0,-56(fp)
+ addl3 -56(fp),-60(fp),r0
+ bicl3 #0,r0,-60(fp)
+ cmpl -60(fp),-56(fp)
+ bgequ noname.388
+ incl -64(fp)
+noname.388:
+ movl -60(fp),r3
+ movl -64(fp),r2
+ bbc #31,r2,noname.389
+ incl r7
+noname.389:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.390
+ incl r2
+noname.390:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.391
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.391
+ incl r7
+noname.391:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.392
+ incl r7
+noname.392:
+
+ movl 8(ap),r0
+ movzwl 10(r0),r2
+ bicl3 #-65536,4(r0),r3
+ movzwl 6(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r0),-76(fp)
+ bicl3 #-65536,r2,-80(fp)
+ mull3 r1,-76(fp),-68(fp)
+ mull2 r3,-76(fp)
+ mull3 r3,-80(fp),-72(fp)
+ mull2 r1,-80(fp)
+ addl3 -68(fp),-72(fp),r0
+ bicl3 #0,r0,-68(fp)
+ cmpl -68(fp),-72(fp)
+ bgequ noname.393
+ addl2 #65536,-80(fp)
+noname.393:
+ movzwl -66(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-80(fp)
+ bicl3 #-65536,-68(fp),r0
+ ashl #16,r0,-72(fp)
+ addl3 -72(fp),-76(fp),r0
+ bicl3 #0,r0,-76(fp)
+ cmpl -76(fp),-72(fp)
+ bgequ noname.394
+ incl -80(fp)
+noname.394:
+ movl -76(fp),r3
+ movl -80(fp),r2
+ bbc #31,r2,noname.395
+ incl r7
+noname.395:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.396
+ incl r2
+noname.396:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.397
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.397
+ incl r7
+noname.397:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.398
+ incl r7
+noname.398:
+
+ movl 4(ap),r0
+ movl r9,12(r0)
+
+ clrl r9
+
+ movl 8(ap),r2
+ movl 8(r2),r4
+ bicl3 #-65536,r4,-84(fp)
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ movl -84(fp),r0
+ mull3 r0,r4,-88(fp)
+ mull3 r0,r0,-84(fp)
+ mull2 r4,r4
+ bicl3 #32767,-88(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-88(fp),r0
+ ashl #17,r0,-88(fp)
+ addl3 -84(fp),-88(fp),r0
+ bicl3 #0,r0,-84(fp)
+ cmpl -84(fp),-88(fp)
+ bgequ noname.399
+ incl r4
+noname.399:
+ movl -84(fp),r1
+ movl r4,r3
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.400
+ incl r3
+noname.400:
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.401
+ incl r9
+noname.401:
+
+ movzwl 14(r2),r3
+ bicl3 #-65536,4(r2),r1
+ movzwl 6(r2),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,12(r2),-100(fp)
+ bicl3 #-65536,r3,-104(fp)
+ mull3 r0,-100(fp),-92(fp)
+ mull2 r1,-100(fp)
+ mull3 r1,-104(fp),-96(fp)
+ mull2 r0,-104(fp)
+ addl3 -92(fp),-96(fp),r0
+ bicl3 #0,r0,-92(fp)
+ cmpl -92(fp),-96(fp)
+ bgequ noname.402
+ addl2 #65536,-104(fp)
+noname.402:
+ movzwl -90(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-104(fp)
+ bicl3 #-65536,-92(fp),r0
+ ashl #16,r0,-96(fp)
+ addl3 -96(fp),-100(fp),r0
+ bicl3 #0,r0,-100(fp)
+ cmpl -100(fp),-96(fp)
+ bgequ noname.403
+ incl -104(fp)
+noname.403:
+ movl -100(fp),r3
+ movl -104(fp),r2
+ bbc #31,r2,noname.404
+ incl r9
+noname.404:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.405
+ incl r2
+noname.405:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.406
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.406
+ incl r9
+noname.406:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.407
+ incl r9
+noname.407:
+
+ movl 8(ap),r0
+ movzwl 18(r0),r2
+ bicl3 #-65536,(r0),r3
+ movzwl 2(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r0),-116(fp)
+ bicl3 #-65536,r2,-120(fp)
+ mull3 r1,-116(fp),-108(fp)
+ mull2 r3,-116(fp)
+ mull3 r3,-120(fp),-112(fp)
+ mull2 r1,-120(fp)
+ addl3 -108(fp),-112(fp),r0
+ bicl3 #0,r0,-108(fp)
+ cmpl -108(fp),-112(fp)
+ bgequ noname.408
+ addl2 #65536,-120(fp)
+noname.408:
+ movzwl -106(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-120(fp)
+ bicl3 #-65536,-108(fp),r0
+ ashl #16,r0,-112(fp)
+ addl3 -112(fp),-116(fp),r0
+ bicl3 #0,r0,-116(fp)
+ cmpl -116(fp),-112(fp)
+ bgequ noname.409
+ incl -120(fp)
+noname.409:
+ movl -116(fp),r3
+ movl -120(fp),r2
+ bbc #31,r2,noname.410
+ incl r9
+noname.410:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.411
+ incl r2
+noname.411:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.412
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.412
+ incl r9
+noname.412:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.413
+ incl r9
+noname.413:
+
+ movl 4(ap),r0
+ movl r8,16(r0)
+
+ clrl r8
+
+ movl 8(ap),r0
+ movzwl 22(r0),r2
+ bicl3 #-65536,(r0),r3
+ movzwl 2(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r0),-132(fp)
+ bicl3 #-65536,r2,-136(fp)
+ mull3 r1,-132(fp),-124(fp)
+ mull2 r3,-132(fp)
+ mull3 r3,-136(fp),-128(fp)
+ mull2 r1,-136(fp)
+ addl3 -124(fp),-128(fp),r0
+ bicl3 #0,r0,-124(fp)
+ cmpl -124(fp),-128(fp)
+ bgequ noname.414
+ addl2 #65536,-136(fp)
+noname.414:
+ movzwl -122(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-136(fp)
+ bicl3 #-65536,-124(fp),r0
+ ashl #16,r0,-128(fp)
+ addl3 -128(fp),-132(fp),r0
+ bicl3 #0,r0,-132(fp)
+ cmpl -132(fp),-128(fp)
+ bgequ noname.415
+ incl -136(fp)
+noname.415:
+ movl -132(fp),r3
+ movl -136(fp),r2
+ bbc #31,r2,noname.416
+ incl r8
+noname.416:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.417
+ incl r2
+noname.417:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.418
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.418
+ incl r8
+noname.418:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.419
+ incl r8
+noname.419:
+
+ movl 8(ap),r0
+ movzwl 18(r0),r2
+ bicl3 #-65536,4(r0),r3
+ movzwl 6(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r0),-148(fp)
+ bicl3 #-65536,r2,-152(fp)
+ mull3 r1,-148(fp),-140(fp)
+ mull2 r3,-148(fp)
+ mull3 r3,-152(fp),-144(fp)
+ mull2 r1,-152(fp)
+ addl3 -140(fp),-144(fp),r0
+ bicl3 #0,r0,-140(fp)
+ cmpl -140(fp),-144(fp)
+ bgequ noname.420
+ addl2 #65536,-152(fp)
+noname.420:
+ movzwl -138(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-152(fp)
+ bicl3 #-65536,-140(fp),r0
+ ashl #16,r0,-144(fp)
+ addl3 -144(fp),-148(fp),r0
+ bicl3 #0,r0,-148(fp)
+ cmpl -148(fp),-144(fp)
+ bgequ noname.421
+ incl -152(fp)
+noname.421:
+ movl -148(fp),r3
+ movl -152(fp),r2
+ bbc #31,r2,noname.422
+ incl r8
+noname.422:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.423
+ incl r2
+noname.423:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.424
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.424
+ incl r8
+noname.424:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.425
+ incl r8
+noname.425:
+
+ movl 8(ap),r0
+ movzwl 14(r0),r2
+ bicl3 #-65536,8(r0),r3
+ movzwl 10(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r0),-164(fp)
+ bicl3 #-65536,r2,-168(fp)
+ mull3 r1,-164(fp),-156(fp)
+ mull2 r3,-164(fp)
+ mull3 r3,-168(fp),-160(fp)
+ mull2 r1,-168(fp)
+ addl3 -156(fp),-160(fp),r0
+ bicl3 #0,r0,-156(fp)
+ cmpl -156(fp),-160(fp)
+ bgequ noname.426
+ addl2 #65536,-168(fp)
+noname.426:
+ movzwl -154(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-168(fp)
+ bicl3 #-65536,-156(fp),r0
+ ashl #16,r0,-160(fp)
+ addl3 -160(fp),-164(fp),r0
+ bicl3 #0,r0,-164(fp)
+ cmpl -164(fp),-160(fp)
+ bgequ noname.427
+ incl -168(fp)
+noname.427:
+ movl -164(fp),r3
+ movl -168(fp),r2
+ bbc #31,r2,noname.428
+ incl r8
+noname.428:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.429
+ incl r2
+noname.429:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.430
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.430
+ incl r8
+noname.430:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.431
+ incl r8
+noname.431:
+
+ movl 4(ap),r0
+ movl r7,20(r0)
+
+ clrl r7
+
+ movl 8(ap),r2
+ movl 12(r2),r4
+ bicl3 #-65536,r4,-172(fp)
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ movl -172(fp),r0
+ mull3 r0,r4,-176(fp)
+ mull3 r0,r0,-172(fp)
+ mull2 r4,r4
+ bicl3 #32767,-176(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-176(fp),r0
+ ashl #17,r0,-176(fp)
+ addl3 -172(fp),-176(fp),r0
+ bicl3 #0,r0,-172(fp)
+ cmpl -172(fp),-176(fp)
+ bgequ noname.432
+ incl r4
+noname.432:
+ movl -172(fp),r1
+ movl r4,r3
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.433
+ incl r3
+noname.433:
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.434
+ incl r7
+noname.434:
+
+ movzwl 18(r2),r3
+ bicl3 #-65536,8(r2),r1
+ movzwl 10(r2),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,16(r2),-188(fp)
+ bicl3 #-65536,r3,-192(fp)
+ mull3 r0,-188(fp),-180(fp)
+ mull2 r1,-188(fp)
+ mull3 r1,-192(fp),-184(fp)
+ mull2 r0,-192(fp)
+ addl3 -180(fp),-184(fp),r0
+ bicl3 #0,r0,-180(fp)
+ cmpl -180(fp),-184(fp)
+ bgequ noname.435
+ addl2 #65536,-192(fp)
+noname.435:
+ movzwl -178(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-192(fp)
+ bicl3 #-65536,-180(fp),r0
+ ashl #16,r0,-184(fp)
+ addl3 -184(fp),-188(fp),r0
+ bicl3 #0,r0,-188(fp)
+ cmpl -188(fp),-184(fp)
+ bgequ noname.436
+ incl -192(fp)
+noname.436:
+ movl -188(fp),r3
+ movl -192(fp),r2
+ bbc #31,r2,noname.437
+ incl r7
+noname.437:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.438
+ incl r2
+noname.438:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.439
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.439
+ incl r7
+noname.439:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.440
+ incl r7
+noname.440:
+
+ movl 8(ap),r0
+ movzwl 22(r0),r2
+ bicl3 #-65536,4(r0),r3
+ movzwl 6(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r0),-204(fp)
+ bicl3 #-65536,r2,-208(fp)
+ mull3 r1,-204(fp),-196(fp)
+ mull2 r3,-204(fp)
+ mull3 r3,-208(fp),-200(fp)
+ mull2 r1,-208(fp)
+ addl3 -196(fp),-200(fp),r0
+ bicl3 #0,r0,-196(fp)
+ cmpl -196(fp),-200(fp)
+ bgequ noname.441
+ addl2 #65536,-208(fp)
+noname.441:
+ movzwl -194(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-208(fp)
+ bicl3 #-65536,-196(fp),r0
+ ashl #16,r0,-200(fp)
+ addl3 -200(fp),-204(fp),r0
+ bicl3 #0,r0,-204(fp)
+ cmpl -204(fp),-200(fp)
+ bgequ noname.442
+ incl -208(fp)
+noname.442:
+ movl -204(fp),r3
+ movl -208(fp),r2
+ bbc #31,r2,noname.443
+ incl r7
+noname.443:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.444
+ incl r2
+noname.444:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.445
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.445
+ incl r7
+noname.445:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.446
+ incl r7
+noname.446:
+
+ movl 8(ap),r0
+ movzwl 26(r0),r2
+ bicl3 #-65536,(r0),r3
+ movzwl 2(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,24(r0),-220(fp)
+ bicl3 #-65536,r2,-224(fp)
+ mull3 r1,-220(fp),-212(fp)
+ mull2 r3,-220(fp)
+ mull3 r3,-224(fp),-216(fp)
+ mull2 r1,-224(fp)
+ addl3 -212(fp),-216(fp),r0
+ bicl3 #0,r0,-212(fp)
+ cmpl -212(fp),-216(fp)
+ bgequ noname.447
+ addl2 #65536,-224(fp)
+noname.447:
+ movzwl -210(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-224(fp)
+ bicl3 #-65536,-212(fp),r0
+ ashl #16,r0,-216(fp)
+ addl3 -216(fp),-220(fp),r0
+ bicl3 #0,r0,-220(fp)
+ cmpl -220(fp),-216(fp)
+ bgequ noname.448
+ incl -224(fp)
+noname.448:
+ movl -220(fp),r3
+ movl -224(fp),r2
+ bbc #31,r2,noname.449
+ incl r7
+noname.449:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.450
+ incl r2
+noname.450:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.451
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.451
+ incl r7
+noname.451:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.452
+ incl r7
+noname.452:
+
+ movl 4(ap),r0
+ movl r9,24(r0)
+
+ clrl r9
+
+ movl 8(ap),r0
+ movzwl 30(r0),r2
+ bicl3 #-65536,(r0),r3
+ movzwl 2(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,28(r0),-236(fp)
+ bicl3 #-65536,r2,-240(fp)
+ mull3 r1,-236(fp),-228(fp)
+ mull2 r3,-236(fp)
+ mull3 r3,-240(fp),-232(fp)
+ mull2 r1,-240(fp)
+ addl3 -228(fp),-232(fp),r0
+ bicl3 #0,r0,-228(fp)
+ cmpl -228(fp),-232(fp)
+ bgequ noname.453
+ addl2 #65536,-240(fp)
+noname.453:
+ movzwl -226(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-240(fp)
+ bicl3 #-65536,-228(fp),r0
+ ashl #16,r0,-232(fp)
+ addl3 -232(fp),-236(fp),r0
+ bicl3 #0,r0,-236(fp)
+ cmpl -236(fp),-232(fp)
+ bgequ noname.454
+ incl -240(fp)
+noname.454:
+ movl -236(fp),r3
+ movl -240(fp),r2
+ bbc #31,r2,noname.455
+ incl r9
+noname.455:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.456
+ incl r2
+noname.456:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.457
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.457
+ incl r9
+noname.457:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.458
+ incl r9
+noname.458:
+
+ movl 8(ap),r0
+ movzwl 26(r0),r2
+ bicl3 #-65536,4(r0),r3
+ movzwl 6(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,24(r0),-252(fp)
+ bicl3 #-65536,r2,-256(fp)
+ mull3 r1,-252(fp),-244(fp)
+ mull2 r3,-252(fp)
+ mull3 r3,-256(fp),-248(fp)
+ mull2 r1,-256(fp)
+ addl3 -244(fp),-248(fp),r0
+ bicl3 #0,r0,-244(fp)
+ cmpl -244(fp),-248(fp)
+ bgequ noname.459
+ addl2 #65536,-256(fp)
+noname.459:
+ movzwl -242(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-256(fp)
+ bicl3 #-65536,-244(fp),r0
+ ashl #16,r0,-248(fp)
+ addl3 -248(fp),-252(fp),r0
+ bicl3 #0,r0,-252(fp)
+ cmpl -252(fp),-248(fp)
+ bgequ noname.460
+ incl -256(fp)
+noname.460:
+ movl -252(fp),r3
+ movl -256(fp),r2
+ bbc #31,r2,noname.461
+ incl r9
+noname.461:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.462
+ incl r2
+noname.462:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.463
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.463
+ incl r9
+noname.463:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.464
+ incl r9
+noname.464:
+
+ movl 8(ap),r0
+ movzwl 22(r0),r2
+ bicl3 #-65536,8(r0),r3
+ movzwl 10(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r0),-268(fp)
+ bicl3 #-65536,r2,-272(fp)
+ mull3 r1,-268(fp),-260(fp)
+ mull2 r3,-268(fp)
+ mull3 r3,-272(fp),-264(fp)
+ mull2 r1,-272(fp)
+ addl3 -260(fp),-264(fp),r0
+ bicl3 #0,r0,-260(fp)
+ cmpl -260(fp),-264(fp)
+ bgequ noname.465
+ addl2 #65536,-272(fp)
+noname.465:
+ movzwl -258(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-272(fp)
+ bicl3 #-65536,-260(fp),r0
+ ashl #16,r0,-264(fp)
+ addl3 -264(fp),-268(fp),r0
+ bicl3 #0,r0,-268(fp)
+ cmpl -268(fp),-264(fp)
+ bgequ noname.466
+ incl -272(fp)
+noname.466:
+ movl -268(fp),r3
+ movl -272(fp),r2
+ bbc #31,r2,noname.467
+ incl r9
+noname.467:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.468
+ incl r2
+noname.468:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.469
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.469
+ incl r9
+noname.469:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.470
+ incl r9
+noname.470:
+
+ movl 8(ap),r0
+ movzwl 18(r0),r2
+ bicl3 #-65536,12(r0),r3
+ movzwl 14(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r0),-284(fp)
+ bicl3 #-65536,r2,-288(fp)
+ mull3 r1,-284(fp),-276(fp)
+ mull2 r3,-284(fp)
+ mull3 r3,-288(fp),-280(fp)
+ mull2 r1,-288(fp)
+ addl3 -276(fp),-280(fp),r0
+ bicl3 #0,r0,-276(fp)
+ cmpl -276(fp),-280(fp)
+ bgequ noname.471
+ addl2 #65536,-288(fp)
+noname.471:
+ movzwl -274(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-288(fp)
+ bicl3 #-65536,-276(fp),r0
+ ashl #16,r0,-280(fp)
+ addl3 -280(fp),-284(fp),r0
+ bicl3 #0,r0,-284(fp)
+ cmpl -284(fp),-280(fp)
+ bgequ noname.472
+ incl -288(fp)
+noname.472:
+ movl -284(fp),r3
+ movl -288(fp),r2
+ bbc #31,r2,noname.473
+ incl r9
+noname.473:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.474
+ incl r2
+noname.474:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.475
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.475
+ incl r9
+noname.475:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.476
+ incl r9
+noname.476:
+
+ movl 4(ap),r0
+ movl r8,28(r0)
+
+ clrl r8
+
+ movl 8(ap),r3
+ movl 16(r3),r4
+ bicl3 #-65536,r4,r5
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ mull3 r5,r4,-292(fp)
+ mull2 r5,r5
+ mull2 r4,r4
+ bicl3 #32767,-292(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-292(fp),r0
+ ashl #17,r0,-292(fp)
+ addl2 -292(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-292(fp)
+ bgequ noname.477
+ incl r4
+noname.477:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r7
+ bicl2 #0,r7
+ cmpl r7,r1
+ bgequ noname.478
+ incl r2
+noname.478:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.479
+ incl r8
+noname.479:
+
+ bicl3 #-65536,20(r3),r4
+ movzwl 22(r3),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r3),r2
+ movzwl 14(r3),r0
+ bicl2 #-65536,r0
+ movl r4,r6
+ movl r1,r5
+ mull3 r0,r6,-296(fp)
+ mull2 r2,r6
+ mull3 r2,r5,-300(fp)
+ mull2 r0,r5
+ addl3 -296(fp),-300(fp),r0
+ bicl3 #0,r0,-296(fp)
+ cmpl -296(fp),-300(fp)
+ bgequ noname.480
+ addl2 #65536,r5
+noname.480:
+ movzwl -294(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r5
+ bicl3 #-65536,-296(fp),r0
+ ashl #16,r0,-300(fp)
+ addl2 -300(fp),r6
+ bicl2 #0,r6
+ cmpl r6,-300(fp)
+ bgequ noname.481
+ incl r5
+noname.481:
+ movl r6,r3
+ movl r5,r2
+ bbc #31,r2,noname.482
+ incl r8
+noname.482:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.483
+ incl r2
+noname.483:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.484
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.484
+ incl r8
+noname.484:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.485
+ incl r8
+noname.485:
+
+ movl 8(ap),r0
+ bicl3 #-65536,24(r0),r3
+ movzwl 26(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r0),r2
+ movzwl 10(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-304(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-308(fp)
+ mull2 r0,r4
+ addl3 -304(fp),-308(fp),r0
+ bicl3 #0,r0,-304(fp)
+ cmpl -304(fp),-308(fp)
+ bgequ noname.486
+ addl2 #65536,r4
+noname.486:
+ movzwl -302(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-304(fp),r0
+ ashl #16,r0,-308(fp)
+ addl2 -308(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-308(fp)
+ bgequ noname.487
+ incl r4
+noname.487:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.488
+ incl r8
+noname.488:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.489
+ incl r2
+noname.489:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.490
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.490
+ incl r8
+noname.490:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.491
+ incl r8
+noname.491:
+
+ movl 8(ap),r0
+ bicl3 #-65536,28(r0),r3
+ movzwl 30(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r0),r2
+ movzwl 6(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-312(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-316(fp)
+ mull2 r0,r4
+ addl3 -312(fp),-316(fp),r0
+ bicl3 #0,r0,-312(fp)
+ cmpl -312(fp),-316(fp)
+ bgequ noname.492
+ addl2 #65536,r4
+noname.492:
+ movzwl -310(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-312(fp),r0
+ ashl #16,r0,-316(fp)
+ addl2 -316(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-316(fp)
+ bgequ noname.493
+ incl r4
+noname.493:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.494
+ incl r8
+noname.494:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.495
+ incl r2
+noname.495:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.496
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.496
+ incl r8
+noname.496:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.497
+ incl r8
+noname.497:
+
+ movl 4(ap),r0
+ movl r7,32(r0)
+
+ clrl r7
+
+ movl 8(ap),r0
+ bicl3 #-65536,28(r0),r3
+ movzwl 30(r0),r2
+ bicl3 #-65536,8(r0),r1
+ movzwl 10(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r4
+ bicl3 #-65536,r2,-328(fp)
+ mull3 r0,r4,-320(fp)
+ mull2 r1,r4
+ mull3 r1,-328(fp),-324(fp)
+ mull2 r0,-328(fp)
+ addl3 -320(fp),-324(fp),r0
+ bicl3 #0,r0,-320(fp)
+ cmpl -320(fp),-324(fp)
+ bgequ noname.498
+ addl2 #65536,-328(fp)
+noname.498:
+ movzwl -318(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-328(fp)
+ bicl3 #-65536,-320(fp),r0
+ ashl #16,r0,-324(fp)
+ addl2 -324(fp),r4
+ bicl2 #0,r4
+ cmpl r4,-324(fp)
+ bgequ noname.499
+ incl -328(fp)
+noname.499:
+ movl r4,r3
+ movl -328(fp),r2
+ bbc #31,r2,noname.500
+ incl r7
+noname.500:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.501
+ incl r2
+noname.501:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.502
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.502
+ incl r7
+noname.502:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.503
+ incl r7
+noname.503:
+
+ movl 8(ap),r0
+ movzwl 26(r0),r2
+ bicl3 #-65536,12(r0),r3
+ movzwl 14(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,24(r0),-340(fp)
+ bicl3 #-65536,r2,-344(fp)
+ mull3 r1,-340(fp),-332(fp)
+ mull2 r3,-340(fp)
+ mull3 r3,-344(fp),-336(fp)
+ mull2 r1,-344(fp)
+ addl3 -332(fp),-336(fp),r0
+ bicl3 #0,r0,-332(fp)
+ cmpl -332(fp),-336(fp)
+ bgequ noname.504
+ addl2 #65536,-344(fp)
+noname.504:
+ movzwl -330(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-344(fp)
+ bicl3 #-65536,-332(fp),r0
+ ashl #16,r0,-336(fp)
+ addl3 -336(fp),-340(fp),r0
+ bicl3 #0,r0,-340(fp)
+ cmpl -340(fp),-336(fp)
+ bgequ noname.505
+ incl -344(fp)
+noname.505:
+ movl -340(fp),r3
+ movl -344(fp),r2
+ bbc #31,r2,noname.506
+ incl r7
+noname.506:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.507
+ incl r2
+noname.507:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.508
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.508
+ incl r7
+noname.508:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.509
+ incl r7
+noname.509:
+
+ movl 8(ap),r0
+ movzwl 22(r0),r2
+ bicl3 #-65536,16(r0),r3
+ movzwl 18(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r0),-356(fp)
+ bicl3 #-65536,r2,-360(fp)
+ mull3 r1,-356(fp),-348(fp)
+ mull2 r3,-356(fp)
+ mull3 r3,-360(fp),-352(fp)
+ mull2 r1,-360(fp)
+ addl3 -348(fp),-352(fp),r0
+ bicl3 #0,r0,-348(fp)
+ cmpl -348(fp),-352(fp)
+ bgequ noname.510
+ addl2 #65536,-360(fp)
+noname.510:
+ movzwl -346(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-360(fp)
+ bicl3 #-65536,-348(fp),r0
+ ashl #16,r0,-352(fp)
+ addl3 -352(fp),-356(fp),r0
+ bicl3 #0,r0,-356(fp)
+ cmpl -356(fp),-352(fp)
+ bgequ noname.511
+ incl -360(fp)
+noname.511:
+ movl -356(fp),r3
+ movl -360(fp),r2
+ bbc #31,r2,noname.512
+ incl r7
+noname.512:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.513
+ incl r2
+noname.513:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.514
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.514
+ incl r7
+noname.514:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.515
+ incl r7
+noname.515:
+
+ movl 4(ap),r0
+ movl r9,36(r0)
+
+ clrl r9
+
+ movl 8(ap),r3
+ movl 20(r3),r4
+ bicl3 #-65536,r4,-364(fp)
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ movl -364(fp),r0
+ mull3 r0,r4,-368(fp)
+ mull3 r0,r0,-364(fp)
+ mull2 r4,r4
+ bicl3 #32767,-368(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-368(fp),r0
+ ashl #17,r0,-368(fp)
+ addl3 -364(fp),-368(fp),r0
+ bicl3 #0,r0,-364(fp)
+ cmpl -364(fp),-368(fp)
+ bgequ noname.516
+ incl r4
+noname.516:
+ movl -364(fp),r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.517
+ incl r2
+noname.517:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.518
+ incl r9
+noname.518:
+
+ bicl3 #-65536,24(r3),r4
+ movzwl 26(r3),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r3),r2
+ movzwl 18(r3),r0
+ bicl2 #-65536,r0
+ movl r4,r6
+ movl r1,r5
+ mull3 r0,r6,-372(fp)
+ mull2 r2,r6
+ mull3 r2,r5,-376(fp)
+ mull2 r0,r5
+ addl3 -372(fp),-376(fp),r0
+ bicl3 #0,r0,-372(fp)
+ cmpl -372(fp),-376(fp)
+ bgequ noname.519
+ addl2 #65536,r5
+noname.519:
+ movzwl -370(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r5
+ bicl3 #-65536,-372(fp),r0
+ ashl #16,r0,-376(fp)
+ addl2 -376(fp),r6
+ bicl2 #0,r6
+ cmpl r6,-376(fp)
+ bgequ noname.520
+ incl r5
+noname.520:
+ movl r6,r3
+ movl r5,r2
+ bbc #31,r2,noname.521
+ incl r9
+noname.521:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.522
+ incl r2
+noname.522:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.523
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.523
+ incl r9
+noname.523:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.524
+ incl r9
+noname.524:
+
+ movl 8(ap),r0
+ bicl3 #-65536,28(r0),r3
+ movzwl 30(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,12(r0),r2
+ movzwl 14(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-380(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-384(fp)
+ mull2 r0,r4
+ addl3 -380(fp),-384(fp),r0
+ bicl3 #0,r0,-380(fp)
+ cmpl -380(fp),-384(fp)
+ bgequ noname.525
+ addl2 #65536,r4
+noname.525:
+ movzwl -378(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-380(fp),r0
+ ashl #16,r0,-384(fp)
+ addl2 -384(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-384(fp)
+ bgequ noname.526
+ incl r4
+noname.526:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.527
+ incl r9
+noname.527:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.528
+ incl r2
+noname.528:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.529
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.529
+ incl r9
+noname.529:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.530
+ incl r9
+noname.530:
+ movl 4(ap),r0
+ movl r8,40(r0)
+
+ clrl r8
+
+ movl 8(ap),r0
+ bicl3 #-65536,28(r0),r3
+ movzwl 30(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,16(r0),r2
+ movzwl 18(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-388(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-392(fp)
+ mull2 r0,r4
+ addl3 -388(fp),-392(fp),r0
+ bicl3 #0,r0,-388(fp)
+ cmpl -388(fp),-392(fp)
+ bgequ noname.531
+ addl2 #65536,r4
+noname.531:
+ movzwl -386(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-388(fp),r0
+ ashl #16,r0,-392(fp)
+ addl2 -392(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-392(fp)
+ bgequ noname.532
+ incl r4
+noname.532:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.533
+ incl r8
+noname.533:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.534
+ incl r2
+noname.534:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.535
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.535
+ incl r8
+noname.535:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.536
+ incl r8
+noname.536:
+
+ movl 8(ap),r0
+ bicl3 #-65536,24(r0),r3
+ movzwl 26(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,20(r0),r2
+ movzwl 22(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-396(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-400(fp)
+ mull2 r0,r4
+ addl3 -396(fp),-400(fp),r0
+ bicl3 #0,r0,-396(fp)
+ cmpl -396(fp),-400(fp)
+ bgequ noname.537
+ addl2 #65536,r4
+noname.537:
+ movzwl -394(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-396(fp),r0
+ ashl #16,r0,-400(fp)
+ addl2 -400(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-400(fp)
+ bgequ noname.538
+ incl r4
+noname.538:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.539
+ incl r8
+noname.539:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.540
+ incl r2
+noname.540:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r7
+ bicl2 #0,r7
+ cmpl r7,r3
+ bgequ noname.541
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.541
+ incl r8
+noname.541:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.542
+ incl r8
+noname.542:
+
+ movl 4(ap),r0
+ movl r7,44(r0)
+
+ clrl r7
+
+ movl 8(ap),r3
+ movl 24(r3),r4
+ bicl3 #-65536,r4,r5
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ mull3 r5,r4,-404(fp)
+ mull2 r5,r5
+ mull2 r4,r4
+ bicl3 #32767,-404(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-404(fp),r0
+ ashl #17,r0,-404(fp)
+ addl2 -404(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-404(fp)
+ bgequ noname.543
+ incl r4
+noname.543:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.544
+ incl r2
+noname.544:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.545
+ incl r7
+noname.545:
+
+ movzwl 30(r3),r2
+ bicl3 #-65536,20(r3),r1
+ movzwl 22(r3),r0
+ bicl2 #-65536,r0
+ bicl3 #-65536,28(r3),-416(fp)
+ bicl3 #-65536,r2,-420(fp)
+ mull3 r0,-416(fp),-408(fp)
+ mull2 r1,-416(fp)
+ mull3 r1,-420(fp),-412(fp)
+ mull2 r0,-420(fp)
+ addl3 -408(fp),-412(fp),r0
+ bicl3 #0,r0,-408(fp)
+ cmpl -408(fp),-412(fp)
+ bgequ noname.546
+ addl2 #65536,-420(fp)
+noname.546:
+ movzwl -406(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-420(fp)
+ bicl3 #-65536,-408(fp),r0
+ ashl #16,r0,-412(fp)
+ addl3 -412(fp),-416(fp),r0
+ bicl3 #0,r0,-416(fp)
+ cmpl -416(fp),-412(fp)
+ bgequ noname.547
+ incl -420(fp)
+noname.547:
+ movl -416(fp),r3
+ movl -420(fp),r2
+ bbc #31,r2,noname.548
+ incl r7
+noname.548:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.549
+ incl r2
+noname.549:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.550
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.550
+ incl r7
+noname.550:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.551
+ incl r7
+noname.551:
+
+ movl 4(ap),r0
+ movl r9,48(r0)
+
+ clrl r9
+
+ movl 8(ap),r0
+ movzwl 30(r0),r2
+ bicl3 #-65536,24(r0),r3
+ movzwl 26(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,28(r0),-432(fp)
+ bicl3 #-65536,r2,-436(fp)
+ mull3 r1,-432(fp),-424(fp)
+ mull2 r3,-432(fp)
+ mull3 r3,-436(fp),-428(fp)
+ mull2 r1,-436(fp)
+ addl3 -424(fp),-428(fp),r0
+ bicl3 #0,r0,-424(fp)
+ cmpl -424(fp),-428(fp)
+ bgequ noname.552
+ addl2 #65536,-436(fp)
+noname.552:
+ movzwl -422(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,-436(fp)
+ bicl3 #-65536,-424(fp),r0
+ ashl #16,r0,-428(fp)
+ addl3 -428(fp),-432(fp),r0
+ bicl3 #0,r0,-432(fp)
+ cmpl -432(fp),-428(fp)
+ bgequ noname.553
+ incl -436(fp)
+noname.553:
+ movl -432(fp),r3
+ movl -436(fp),r2
+ bbc #31,r2,noname.554
+ incl r9
+noname.554:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.555
+ incl r2
+noname.555:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.556
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.556
+ incl r9
+noname.556:
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.557
+ incl r9
+noname.557:
+
+ movl 4(ap),r4
+ movl r8,52(r4)
+
+ clrl r8
+
+ movl 8(ap),r0
+ movl 28(r0),r3
+ bicl3 #-65536,r3,-440(fp)
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ movl -440(fp),r0
+ mull3 r0,r3,-444(fp)
+ mull3 r0,r0,-440(fp)
+ mull2 r3,r3
+ bicl3 #32767,-444(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl3 #-65536,-444(fp),r0
+ ashl #17,r0,-444(fp)
+ addl3 -440(fp),-444(fp),r0
+ bicl3 #0,r0,-440(fp)
+ cmpl -440(fp),-444(fp)
+ bgequ noname.558
+ incl r3
+noname.558:
+ movl -440(fp),r1
+ movl r3,r2
+ addl2 r1,r7
+ bicl2 #0,r7
+ cmpl r7,r1
+ bgequ noname.559
+ incl r2
+noname.559:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.560
+ incl r8
+noname.560:
+
+ movl r7,56(r4)
+
+ movl r9,60(r4)
+
+ ret
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP) n by value (input)
+
+ .psect code,nowrt
+
+.entry BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+ subl2 #44,sp
+
+ clrq r8
+
+ clrl r10
+
+ movl 8(ap),r5
+ movl (r5),r3
+ bicl3 #-65536,r3,r4
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ mull3 r4,r3,-4(fp)
+ mull2 r4,r4
+ mull2 r3,r3
+ bicl3 #32767,-4(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl3 #-65536,-4(fp),r0
+ ashl #17,r0,-4(fp)
+ addl2 -4(fp),r4
+ bicl2 #0,r4
+ cmpl r4,-4(fp)
+ bgequ noname.563
+ incl r3
+noname.563:
+ movl r4,r1
+ movl r3,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.564
+ incl r2
+noname.564:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.565
+ incl r10
+noname.565:
+
+ movl r9, at 4(ap)
+
+ clrl r9
+
+ bicl3 #-65536,4(r5),r3
+ movzwl 6(r5),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r5),r2
+ movzwl 2(r5),r0
+ bicl2 #-65536,r0
+ movl r3,r6
+ movl r1,r4
+ mull3 r0,r6,-8(fp)
+ mull2 r2,r6
+ mull2 r4,r2
+ mull2 r0,r4
+ addl3 -8(fp),r2,r0
+ bicl3 #0,r0,-8(fp)
+ cmpl -8(fp),r2
+ bgequ noname.566
+ addl2 #65536,r4
+noname.566:
+ movzwl -6(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-8(fp),r0
+ ashl #16,r0,r1
+ addl2 r1,r6
+ bicl2 #0,r6
+ cmpl r6,r1
+ bgequ noname.567
+ incl r4
+noname.567:
+ movl r6,r3
+ movl r4,r2
+ bbc #31,r2,noname.568
+ incl r9
+noname.568:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.569
+ incl r2
+noname.569:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.570
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.570
+ incl r9
+noname.570:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.571
+ incl r9
+noname.571:
+
+ movl 4(ap),r0
+ movl r8,4(r0)
+
+ clrl r8
+
+ movl 8(ap),r4
+ movl 4(r4),r3
+ bicl3 #-65536,r3,r5
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ mull3 r5,r3,r1
+ mull2 r5,r5
+ mull2 r3,r3
+ bicl3 #32767,r1,r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl2 #-65536,r1
+ ashl #17,r1,r1
+ addl2 r1,r5
+ bicl2 #0,r5
+ cmpl r5,r1
+ bgequ noname.572
+ incl r3
+noname.572:
+ movl r5,r1
+ movl r3,r2
+ addl2 r1,r10
+ bicl2 #0,r10
+ cmpl r10,r1
+ bgequ noname.573
+ incl r2
+noname.573:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.574
+ incl r8
+noname.574:
+
+ bicl3 #-65536,8(r4),r3
+ movzwl 10(r4),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r4),r2
+ movzwl 2(r4),r0
+ bicl2 #-65536,r0
+ movl r3,r6
+ movl r1,r5
+ mull3 r0,r6,r7
+ mull2 r2,r6
+ mull2 r5,r2
+ mull2 r0,r5
+ addl2 r2,r7
+ bicl2 #0,r7
+ cmpl r7,r2
+ bgequ noname.575
+ addl2 #65536,r5
+noname.575:
+ extzv #16,#16,r7,r0
+ bicl2 #-65536,r0
+ addl2 r0,r5
+ bicl3 #-65536,r7,r0
+ ashl #16,r0,r1
+ addl2 r1,r6
+ bicl2 #0,r6
+ cmpl r6,r1
+ bgequ noname.576
+ incl r5
+noname.576:
+ movl r6,r3
+ movl r5,r2
+ bbc #31,r2,noname.577
+ incl r8
+noname.577:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.578
+ incl r2
+noname.578:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r10
+ bicl2 #0,r10
+ cmpl r10,r3
+ bgequ noname.579
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.579
+ incl r8
+noname.579:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.580
+ incl r8
+noname.580:
+
+ movl 4(ap),r0
+ movl r10,8(r0)
+
+ clrl r10
+
+ movl 8(ap),r0
+ bicl3 #-65536,12(r0),r3
+ movzwl 14(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,(r0),r2
+ movzwl 2(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,r6
+ mull2 r2,r5
+ mull3 r2,r4,-12(fp)
+ mull2 r0,r4
+ addl2 -12(fp),r6
+ bicl2 #0,r6
+ cmpl r6,-12(fp)
+ bgequ noname.581
+ addl2 #65536,r4
+noname.581:
+ extzv #16,#16,r6,r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,r6,r0
+ ashl #16,r0,-12(fp)
+ addl2 -12(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-12(fp)
+ bgequ noname.582
+ incl r4
+noname.582:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.583
+ incl r10
+noname.583:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.584
+ incl r2
+noname.584:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.585
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.585
+ incl r10
+noname.585:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.586
+ incl r10
+noname.586:
+
+ movl 8(ap),r0
+ bicl3 #-65536,8(r0),r3
+ movzwl 10(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r0),r2
+ movzwl 6(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-16(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-20(fp)
+ mull2 r0,r4
+ addl3 -16(fp),-20(fp),r0
+ bicl3 #0,r0,-16(fp)
+ cmpl -16(fp),-20(fp)
+ bgequ noname.587
+ addl2 #65536,r4
+noname.587:
+ movzwl -14(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-16(fp),r0
+ ashl #16,r0,-20(fp)
+ addl2 -20(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-20(fp)
+ bgequ noname.588
+ incl r4
+noname.588:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.589
+ incl r10
+noname.589:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.590
+ incl r2
+noname.590:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r9
+ bicl2 #0,r9
+ cmpl r9,r3
+ bgequ noname.591
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.591
+ incl r10
+noname.591:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.592
+ incl r10
+noname.592:
+ movl 4(ap),r0
+ movl r9,12(r0)
+
+ clrl r9
+
+ movl 8(ap),r3
+ movl 8(r3),r4
+ bicl3 #-65536,r4,r5
+ extzv #16,#16,r4,r0
+ bicl3 #-65536,r0,r4
+ mull3 r5,r4,-24(fp)
+ mull2 r5,r5
+ mull2 r4,r4
+ bicl3 #32767,-24(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r4
+ bicl3 #-65536,-24(fp),r0
+ ashl #17,r0,-24(fp)
+ addl2 -24(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-24(fp)
+ bgequ noname.593
+ incl r4
+noname.593:
+ movl r5,r1
+ movl r4,r2
+ addl2 r1,r8
+ bicl2 #0,r8
+ cmpl r8,r1
+ bgequ noname.594
+ incl r2
+noname.594:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.595
+ incl r9
+noname.595:
+
+ bicl3 #-65536,12(r3),r4
+ movzwl 14(r3),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,4(r3),r2
+ movzwl 6(r3),r0
+ bicl2 #-65536,r0
+ movl r4,r6
+ movl r1,r5
+ mull3 r0,r6,-28(fp)
+ mull2 r2,r6
+ mull3 r2,r5,-32(fp)
+ mull2 r0,r5
+ addl3 -28(fp),-32(fp),r0
+ bicl3 #0,r0,-28(fp)
+ cmpl -28(fp),-32(fp)
+ bgequ noname.596
+ addl2 #65536,r5
+noname.596:
+ movzwl -26(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r5
+ bicl3 #-65536,-28(fp),r0
+ ashl #16,r0,-32(fp)
+ addl2 -32(fp),r6
+ bicl2 #0,r6
+ cmpl r6,-32(fp)
+ bgequ noname.597
+ incl r5
+noname.597:
+ movl r6,r3
+ movl r5,r2
+ bbc #31,r2,noname.598
+ incl r9
+noname.598:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.599
+ incl r2
+noname.599:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r8
+ bicl2 #0,r8
+ cmpl r8,r3
+ bgequ noname.600
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.600
+ incl r9
+noname.600:
+ addl2 r2,r10
+ bicl2 #0,r10
+ cmpl r10,r2
+ bgequ noname.601
+ incl r9
+noname.601:
+
+ movl 4(ap),r0
+ movl r8,16(r0)
+
+ clrl r8
+
+ movl 8(ap),r0
+ bicl3 #-65536,12(r0),r3
+ movzwl 14(r0),r1
+ bicl2 #-65536,r1
+ bicl3 #-65536,8(r0),r2
+ movzwl 10(r0),r0
+ bicl2 #-65536,r0
+ movl r3,r5
+ movl r1,r4
+ mull3 r0,r5,-36(fp)
+ mull2 r2,r5
+ mull3 r2,r4,-40(fp)
+ mull2 r0,r4
+ addl3 -36(fp),-40(fp),r0
+ bicl3 #0,r0,-36(fp)
+ cmpl -36(fp),-40(fp)
+ bgequ noname.602
+ addl2 #65536,r4
+noname.602:
+ movzwl -34(fp),r0
+ bicl2 #-65536,r0
+ addl2 r0,r4
+ bicl3 #-65536,-36(fp),r0
+ ashl #16,r0,-40(fp)
+ addl2 -40(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-40(fp)
+ bgequ noname.603
+ incl r4
+noname.603:
+ movl r5,r3
+ movl r4,r2
+ bbc #31,r2,noname.604
+ incl r8
+noname.604:
+ addl2 r2,r2
+ bicl2 #0,r2
+ bbc #31,r3,noname.605
+ incl r2
+noname.605:
+ addl2 r3,r3
+ bicl2 #0,r3
+ addl2 r3,r10
+ bicl2 #0,r10
+ cmpl r10,r3
+ bgequ noname.606
+ incl r2
+ bicl3 #0,r2,r0
+ bneq noname.606
+ incl r8
+noname.606:
+ addl2 r2,r9
+ bicl2 #0,r9
+ cmpl r9,r2
+ bgequ noname.607
+ incl r8
+noname.607:
+
+ movl 4(ap),r4
+ movl r10,20(r4)
+
+ clrl r10
+
+ movl 8(ap),r0
+ movl 12(r0),r3
+ bicl3 #-65536,r3,r5
+ extzv #16,#16,r3,r0
+ bicl3 #-65536,r0,r3
+ mull3 r5,r3,-44(fp)
+ mull2 r5,r5
+ mull2 r3,r3
+ bicl3 #32767,-44(fp),r0
+ extzv #15,#17,r0,r0
+ addl2 r0,r3
+ bicl3 #-65536,-44(fp),r0
+ ashl #17,r0,-44(fp)
+ addl2 -44(fp),r5
+ bicl2 #0,r5
+ cmpl r5,-44(fp)
+ bgequ noname.608
+ incl r3
+noname.608:
+ movl r5,r1
+ movl r3,r2
+ addl2 r1,r9
+ bicl2 #0,r9
+ cmpl r9,r1
+ bgequ noname.609
+ incl r2
+noname.609:
+ addl2 r2,r8
+ bicl2 #0,r8
+ cmpl r8,r2
+ bgequ noname.610
+ incl r10
+noname.610:
+
+ movl r9,24(r4)
+
+ movl r8,28(r4)
+
+ ret
+
+; For now, the code below doesn't work, so I end this prematurely.
+.end
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/add.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/add.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/add.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_add_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $a="esi";
+ $b="edi";
+ $c="eax";
+ $r="ebx";
+ $tmp1="ecx";
+ $tmp2="edx";
+ $num="ebp";
+
+ &mov($r,&wparam(0)); # get r
+ &mov($a,&wparam(1)); # get a
+ &mov($b,&wparam(2)); # get b
+ &mov($num,&wparam(3)); # get num
+ &xor($c,$c); # clear carry
+ &and($num,0xfffffff8); # num / 8
+
+ &jz(&label("aw_finish"));
+
+ &set_label("aw_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &add($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &add($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("aw_loop"));
+
+ &set_label("aw_finish",0);
+ &mov($num,&wparam(3)); # get num
+ &and($num,7);
+ &jz(&label("aw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+ &add($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &add($tmp1,$tmp2);
+ &adc($c,0);
+ &dec($num) if ($i != 6);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
+ &jz(&label("aw_end")) if ($i != 6);
+ }
+ &set_label("aw_end",0);
+
+# &mov("eax",$c); # $c is "eax"
+
+ &function_end($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/comba.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/comba.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/comba.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,277 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub mul_add_c
+ {
+ local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("mul a[$ai]*b[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$b,"",0));
+
+ &mul("edx");
+ &add($c0,"eax");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a
+ &mov("eax",&wparam(0)) if $pos > 0; # load r[]
+ ###
+ &adc($c1,"edx");
+ &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b
+ &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b
+ ###
+ &adc($c2,0);
+ # is pos > 1, it means it is the last loop
+ &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[];
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a
+ }
+
+sub sqr_add_c
+ {
+ local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("sqr a[$ai]*a[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$b,"",0));
+
+ if ($ai == $bi)
+ { &mul("eax");}
+ else
+ { &mul("edx");}
+ &add($c0,"eax");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
+ ###
+ &adc($c1,"edx");
+ &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+ ###
+ &adc($c2,0);
+ # is pos > 1, it means it is the last loop
+ &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[];
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b
+ }
+
+sub sqr_add_c2
+ {
+ local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+ # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+ # words, and 1 if load return value
+
+ &comment("sqr a[$ai]*a[$bi]");
+
+ # "eax" and "edx" will always be pre-loaded.
+ # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+ # &mov("edx",&DWP($bi*4,$a,"",0));
+
+ if ($ai == $bi)
+ { &mul("eax");}
+ else
+ { &mul("edx");}
+ &add("eax","eax");
+ ###
+ &adc("edx","edx");
+ ###
+ &adc($c2,0);
+ &add($c0,"eax");
+ &adc($c1,"edx");
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
+ &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b
+ &adc($c2,0);
+ &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[];
+ &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+ ###
+ }
+
+sub bn_mul_comba
+ {
+ local($name,$num)=@_;
+ local($a,$b,$c0,$c1,$c2);
+ local($i,$as,$ae,$bs,$be,$ai,$bi);
+ local($tot,$end);
+
+ &function_begin_B($name,"");
+
+ $c0="ebx";
+ $c1="ecx";
+ $c2="ebp";
+ $a="esi";
+ $b="edi";
+
+ $as=0;
+ $ae=0;
+ $bs=0;
+ $be=0;
+ $tot=$num+$num-1;
+
+ &push("esi");
+ &mov($a,&wparam(1));
+ &push("edi");
+ &mov($b,&wparam(2));
+ &push("ebp");
+ &push("ebx");
+
+ &xor($c0,$c0);
+ &mov("eax",&DWP(0,$a,"",0)); # load the first word
+ &xor($c1,$c1);
+ &mov("edx",&DWP(0,$b,"",0)); # load the first second
+
+ for ($i=0; $i<$tot; $i++)
+ {
+ $ai=$as;
+ $bi=$bs;
+ $end=$be+1;
+
+ &comment("################## Calculate word $i");
+
+ for ($j=$bs; $j<$end; $j++)
+ {
+ &xor($c2,$c2) if ($j == $bs);
+ if (($j+1) == $end)
+ {
+ $v=1;
+ $v=2 if (($i+1) == $tot);
+ }
+ else
+ { $v=0; }
+ if (($j+1) != $end)
+ {
+ $na=($ai-1);
+ $nb=($bi+1);
+ }
+ else
+ {
+ $na=$as+($i < ($num-1));
+ $nb=$bs+($i >= ($num-1));
+ }
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+ &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+ if ($v)
+ {
+ &comment("saved r[$i]");
+ # &mov("eax",&wparam(0));
+ # &mov(&DWP($i*4,"eax","",0),$c0);
+ ($c0,$c1,$c2)=($c1,$c2,$c0);
+ }
+ $ai--;
+ $bi++;
+ }
+ $as++ if ($i < ($num-1));
+ $ae++ if ($i >= ($num-1));
+
+ $bs++ if ($i >= ($num-1));
+ $be++ if ($i < ($num-1));
+ }
+ &comment("save r[$i]");
+ # &mov("eax",&wparam(0));
+ &mov(&DWP($i*4,"eax","",0),$c0);
+
+ &pop("ebx");
+ &pop("ebp");
+ &pop("edi");
+ &pop("esi");
+ &ret();
+ &function_end_B($name);
+ }
+
+sub bn_sqr_comba
+ {
+ local($name,$num)=@_;
+ local($r,$a,$c0,$c1,$c2)=@_;
+ local($i,$as,$ae,$bs,$be,$ai,$bi);
+ local($b,$tot,$end,$half);
+
+ &function_begin_B($name,"");
+
+ $c0="ebx";
+ $c1="ecx";
+ $c2="ebp";
+ $a="esi";
+ $r="edi";
+
+ &push("esi");
+ &push("edi");
+ &push("ebp");
+ &push("ebx");
+ &mov($r,&wparam(0));
+ &mov($a,&wparam(1));
+ &xor($c0,$c0);
+ &xor($c1,$c1);
+ &mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+ $as=0;
+ $ae=0;
+ $bs=0;
+ $be=0;
+ $tot=$num+$num-1;
+
+ for ($i=0; $i<$tot; $i++)
+ {
+ $ai=$as;
+ $bi=$bs;
+ $end=$be+1;
+
+ &comment("############### Calculate word $i");
+ for ($j=$bs; $j<$end; $j++)
+ {
+ &xor($c2,$c2) if ($j == $bs);
+ if (($ai-1) < ($bi+1))
+ {
+ $v=1;
+ $v=2 if ($i+1) == $tot;
+ }
+ else
+ { $v=0; }
+ if (!$v)
+ {
+ $na=$ai-1;
+ $nb=$bi+1;
+ }
+ else
+ {
+ $na=$as+($i < ($num-1));
+ $nb=$bs+($i >= ($num-1));
+ }
+ if ($ai == $bi)
+ {
+ &sqr_add_c($r,$a,$ai,$bi,
+ $c0,$c1,$c2,$v,$i,$na,$nb);
+ }
+ else
+ {
+ &sqr_add_c2($r,$a,$ai,$bi,
+ $c0,$c1,$c2,$v,$i,$na,$nb);
+ }
+ if ($v)
+ {
+ &comment("saved r[$i]");
+ #&mov(&DWP($i*4,$r,"",0),$c0);
+ ($c0,$c1,$c2)=($c1,$c2,$c0);
+ last;
+ }
+ $ai--;
+ $bi++;
+ }
+ $as++ if ($i < ($num-1));
+ $ae++ if ($i >= ($num-1));
+
+ $bs++ if ($i >= ($num-1));
+ $be++ if ($i < ($num-1));
+ }
+ &mov(&DWP($i*4,$r,"",0),$c0);
+ &pop("ebx");
+ &pop("ebp");
+ &pop("edi");
+ &pop("esi");
+ &ret();
+ &function_end_B($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/div.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/div.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/div.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,15 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_div_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+ &mov("edx",&wparam(0)); #
+ &mov("eax",&wparam(1)); #
+ &mov("ebx",&wparam(2)); #
+ &div("ebx");
+ &function_end($name);
+ }
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/f
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/f (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/f 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,3 @@
+#!/usr/local/bin/perl
+# x86 assember
+
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,77 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $Low="eax";
+ $High="edx";
+ $a="ebx";
+ $w="ecx";
+ $r="edi";
+ $c="esi";
+ $num="ebp";
+
+ &xor($c,$c); # clear carry
+ &mov($r,&wparam(0)); #
+ &mov($a,&wparam(1)); #
+ &mov($num,&wparam(2)); #
+ &mov($w,&wparam(3)); #
+
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("mw_finish"));
+
+ &set_label("mw_loop",0);
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ # XXX
+
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t);
+
+ &mov($c,"edx"); # c= H(t);
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,32);
+ &sub($num,8);
+ &jz(&label("mw_finish"));
+ &jmp(&label("mw_loop"));
+
+ &set_label("mw_finish",0);
+ &mov($num,&wparam(2)); # get num
+ &and($num,7);
+ &jnz(&label("mw_finish2"));
+ &jmp(&label("mw_end"));
+
+ &set_label("mw_finish2",1);
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0));# *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ # XXX
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ &dec($num) if ($i != 7-1);
+ &jz(&label("mw_end")) if ($i != 7-1);
+ }
+ &set_label("mw_end",0);
+ &mov("eax",$c);
+
+ &function_end($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul_add.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul_add.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/mul_add.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,87 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_add_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $Low="eax";
+ $High="edx";
+ $a="ebx";
+ $w="ebp";
+ $r="edi";
+ $c="esi";
+
+ &xor($c,$c); # clear carry
+ &mov($r,&wparam(0)); #
+
+ &mov("ecx",&wparam(2)); #
+ &mov($a,&wparam(1)); #
+
+ &and("ecx",0xfffffff8); # num / 8
+ &mov($w,&wparam(3)); #
+
+ &push("ecx"); # Up the stack for a tmp variable
+
+ &jz(&label("maw_finish"));
+
+ &set_label("maw_loop",0);
+
+ &mov(&swtmp(0),"ecx"); #
+
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+= *r
+ &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r
+ &adc("edx",0); # H(t)+=carry
+ &add("eax",$c); # L(t)+=c
+ &adc("edx",0); # H(t)+=carry
+ &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ }
+
+ &comment("");
+ &mov("ecx",&swtmp(0)); #
+ &add($a,32);
+ &add($r,32);
+ &sub("ecx",8);
+ &jnz(&label("maw_loop"));
+
+ &set_label("maw_finish",0);
+ &mov("ecx",&wparam(2)); # get num
+ &and("ecx",7);
+ &jnz(&label("maw_finish2")); # helps branch prediction
+ &jmp(&label("maw_end"));
+
+ &set_label("maw_finish2",1);
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0));# *a
+ &mul($w); # *a * w
+ &add("eax",$c); # L(t)+=c
+ &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r
+ &adc("edx",0); # H(t)+=carry
+ &add("eax",$c);
+ &adc("edx",0); # H(t)+=carry
+ &dec("ecx") if ($i != 7-1);
+ &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+ &mov($c,"edx"); # c= H(t);
+ &jz(&label("maw_end")) if ($i != 7-1);
+ }
+ &set_label("maw_end",0);
+ &mov("eax",$c);
+
+ &pop("ecx"); # clear variable from
+
+ &function_end($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/sqr.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/sqr.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/sqr.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,60 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sqr_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $r="esi";
+ $a="edi";
+ $num="ebx";
+
+ &mov($r,&wparam(0)); #
+ &mov($a,&wparam(1)); #
+ &mov($num,&wparam(2)); #
+
+ &and($num,0xfffffff8); # num / 8
+ &jz(&label("sw_finish"));
+
+ &set_label("sw_loop",0);
+ for ($i=0; $i<32; $i+=4)
+ {
+ &comment("Round $i");
+ &mov("eax",&DWP($i,$a,"",0)); # *a
+ # XXX
+ &mul("eax"); # *a * *a
+ &mov(&DWP($i*2,$r,"",0),"eax"); #
+ &mov(&DWP($i*2+4,$r,"",0),"edx");#
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($r,64);
+ &sub($num,8);
+ &jnz(&label("sw_loop"));
+
+ &set_label("sw_finish",0);
+ &mov($num,&wparam(2)); # get num
+ &and($num,7);
+ &jz(&label("sw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov("eax",&DWP($i*4,$a,"",0)); # *a
+ # XXX
+ &mul("eax"); # *a * *a
+ &mov(&DWP($i*8,$r,"",0),"eax"); #
+ &dec($num) if ($i != 7-1);
+ &mov(&DWP($i*8+4,$r,"",0),"edx");
+ &jz(&label("sw_end")) if ($i != 7-1);
+ }
+ &set_label("sw_end",0);
+
+ &function_end($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86/sub.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86/sub.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86/sub.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sub_words
+ {
+ local($name)=@_;
+
+ &function_begin($name,"");
+
+ &comment("");
+ $a="esi";
+ $b="edi";
+ $c="eax";
+ $r="ebx";
+ $tmp1="ecx";
+ $tmp2="edx";
+ $num="ebp";
+
+ &mov($r,&wparam(0)); # get r
+ &mov($a,&wparam(1)); # get a
+ &mov($b,&wparam(2)); # get b
+ &mov($num,&wparam(3)); # get num
+ &xor($c,$c); # clear carry
+ &and($num,0xfffffff8); # num / 8
+
+ &jz(&label("aw_finish"));
+
+ &set_label("aw_loop",0);
+ for ($i=0; $i<8; $i++)
+ {
+ &comment("Round $i");
+
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0)); # *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+ }
+
+ &comment("");
+ &add($a,32);
+ &add($b,32);
+ &add($r,32);
+ &sub($num,8);
+ &jnz(&label("aw_loop"));
+
+ &set_label("aw_finish",0);
+ &mov($num,&wparam(3)); # get num
+ &and($num,7);
+ &jz(&label("aw_end"));
+
+ for ($i=0; $i<7; $i++)
+ {
+ &comment("Tail Round $i");
+ &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+ &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+ &sub($tmp1,$c);
+ &mov($c,0);
+ &adc($c,$c);
+ &sub($tmp1,$tmp2);
+ &adc($c,0);
+ &dec($num) if ($i != 6);
+ &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
+ &jz(&label("aw_end")) if ($i != 6);
+ }
+ &set_label("aw_end",0);
+
+# &mov("eax",$c); # $c is "eax"
+
+ &function_end($name);
+ }
+
+1;
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+require("x86/mul_add.pl");
+require("x86/mul.pl");
+require("x86/sqr.pl");
+require("x86/div.pl");
+require("x86/add.pl");
+require("x86/sub.pl");
+require("x86/comba.pl");
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,602 @@
+#include "../bn_lcl.h"
+#ifdef __SUNPRO_C
+# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
+#else
+/*
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ * versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ * proof-of-concept hack. As you can see it's implemented with
+ * inline assembler, which means that you're bound to GCC and that
+ * there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ * why I decided to let the compiler take care of subroutine
+ * prologue/epilogue as well as register allocation. For reference.
+ * Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ * sign verify sign/s verify/s
+ * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2
+ * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0
+ * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8
+ * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6
+ * sign verify sign/s verify/s
+ * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3
+ * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2
+ * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0
+ *
+ * 'apps/openssl speed rsa dsa' output with this module:
+ *
+ * sign verify sign/s verify/s
+ * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9
+ * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7
+ * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0
+ * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8
+ * sign verify sign/s verify/s
+ * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3
+ * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4
+ * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6
+ *
+ * For the reference. IA-32 assembler implementation performs
+ * very much like 64-bit code compiled with no-asm on the same
+ * machine.
+ */
+
+#define BN_ULONG unsigned long
+
+#undef mul
+#undef mul_add
+#undef sqr
+
+/*
+ * "m"(a), "+m"(r) is the way to favor DirectPath \xB5-code;
+ * "g"(0) let the compiler to decide where does it
+ * want to keep the value of zero;
+ */
+#define mul_add(r,a,word,carry) do { \
+ register BN_ULONG high,low; \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(word),"m"(a) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(carry),"+d"(high)\
+ : "a"(low),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+m"(r),"+d"(high) \
+ : "r"(carry),"g"(0) \
+ : "cc"); \
+ carry=high; \
+ } while (0)
+
+#define mul(r,a,word,carry) do { \
+ register BN_ULONG high,low; \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(word),"g"(a) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(carry),"+d"(high)\
+ : "a"(low),"g"(0) \
+ : "cc"); \
+ (r)=carry, carry=high; \
+ } while (0)
+
+#define sqr(r0,r1,a) \
+ asm ("mulq %2" \
+ : "=a"(r0),"=d"(r1) \
+ : "a"(a) \
+ : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG c1=0;
+
+ if (num <= 0) return(c1);
+
+ while (num&~3)
+ {
+ mul_add(rp[0],ap[0],w,c1);
+ mul_add(rp[1],ap[1],w,c1);
+ mul_add(rp[2],ap[2],w,c1);
+ mul_add(rp[3],ap[3],w,c1);
+ ap+=4; rp+=4; num-=4;
+ }
+ if (num)
+ {
+ mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+ mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+ mul_add(rp[2],ap[2],w,c1); return c1;
+ }
+
+ return(c1);
+ }
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG c1=0;
+
+ if (num <= 0) return(c1);
+
+ while (num&~3)
+ {
+ mul(rp[0],ap[0],w,c1);
+ mul(rp[1],ap[1],w,c1);
+ mul(rp[2],ap[2],w,c1);
+ mul(rp[3],ap[3],w,c1);
+ ap+=4; rp+=4; num-=4;
+ }
+ if (num)
+ {
+ mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+ mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+ mul(rp[2],ap[2],w,c1);
+ }
+ return(c1);
+ }
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+ {
+ if (n <= 0) return;
+
+ while (n&~3)
+ {
+ sqr(r[0],r[1],a[0]);
+ sqr(r[2],r[3],a[1]);
+ sqr(r[4],r[5],a[2]);
+ sqr(r[6],r[7],a[3]);
+ a+=4; r+=8; n-=4;
+ }
+ if (n)
+ {
+ sqr(r[0],r[1],a[0]); if (--n == 0) return;
+ sqr(r[2],r[3],a[1]); if (--n == 0) return;
+ sqr(r[4],r[5],a[2]);
+ }
+ }
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{ BN_ULONG ret,waste;
+
+ asm ("divq %4"
+ : "=a"(ret),"=d"(waste)
+ : "a"(l),"d"(h),"g"(d)
+ : "cc");
+
+ return ret;
+}
+
+BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
+{ BN_ULONG ret=0,i=0;
+
+ if (n <= 0) return 0;
+
+ asm (
+ " subq %2,%2 \n"
+ ".align 16 \n"
+ "1: movq (%4,%2,8),%0 \n"
+ " adcq (%5,%2,8),%0 \n"
+ " movq %0,(%3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
+ : "=&a"(ret),"+c"(n),"=&r"(i)
+ : "r"(rp),"r"(ap),"r"(bp)
+ : "cc"
+ );
+
+ return ret&1;
+}
+
+#ifndef SIMICS
+BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
+{ BN_ULONG ret=0,i=0;
+
+ if (n <= 0) return 0;
+
+ asm (
+ " subq %2,%2 \n"
+ ".align 16 \n"
+ "1: movq (%4,%2,8),%0 \n"
+ " sbbq (%5,%2,8),%0 \n"
+ " movq %0,(%3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
+ : "=&a"(ret),"+c"(n),"=&r"(i)
+ : "r"(rp),"r"(ap),"r"(bp)
+ : "cc"
+ );
+
+ return ret&1;
+}
+#else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+ {
+ BN_ULONG t1,t2;
+ int c=0;
+
+ if (n <= 0) return((BN_ULONG)0);
+
+ for (;;)
+ {
+ t1=a[0]; t2=b[0];
+ r[0]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[1]; t2=b[1];
+ r[1]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[2]; t2=b[2];
+ r[2]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[3]; t2=b[3];
+ r[3]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ a+=4;
+ b+=4;
+ r+=4;
+ }
+ return(c);
+ }
+#endif
+
+/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
+#if 0
+/* original macros are kept for reference purposes */
+#define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ t1 = ta * tb; \
+ t2 = BN_UMULT_HIGH(ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ t1 = BN_UMULT_HIGH(ta,tb); \
+ t0 = ta * tb; \
+ t2 = t1+t1; c2 += (t2<t1)?1:0; \
+ t1 = t0+t0; t2 += (t1<t0)?1:0; \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+#else
+#define mul_add_c(a,b,c0,c1,c2) do { \
+ asm ("mulq %3" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a),"m"(b) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c0),"+d"(t2) \
+ : "a"(t1),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c1),"+r"(c2) \
+ : "d"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+
+#define sqr_add_c(a,i,c0,c1,c2) do { \
+ asm ("mulq %2" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a[i]) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c0),"+d"(t2) \
+ : "a"(t1),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c1),"+r"(c2) \
+ : "d"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+
+#define mul_add_c2(a,b,c0,c1,c2) do { \
+ asm ("mulq %3" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a),"m"(b) \
+ : "cc"); \
+ asm ("addq %0,%0; adcq %2,%1" \
+ : "+d"(t2),"+r"(c2) \
+ : "g"(0) \
+ : "cc"); \
+ asm ("addq %0,%0; adcq %2,%1" \
+ : "+a"(t1),"+d"(t2) \
+ : "g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c0),"+d"(t2) \
+ : "a"(t1),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c1),"+r"(c2) \
+ : "d"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+#endif
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ mul_add_c(a[0],b[0],c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ mul_add_c(a[0],b[1],c2,c3,c1);
+ mul_add_c(a[1],b[0],c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ mul_add_c(a[2],b[0],c3,c1,c2);
+ mul_add_c(a[1],b[1],c3,c1,c2);
+ mul_add_c(a[0],b[2],c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ mul_add_c(a[0],b[3],c1,c2,c3);
+ mul_add_c(a[1],b[2],c1,c2,c3);
+ mul_add_c(a[2],b[1],c1,c2,c3);
+ mul_add_c(a[3],b[0],c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ mul_add_c(a[4],b[0],c2,c3,c1);
+ mul_add_c(a[3],b[1],c2,c3,c1);
+ mul_add_c(a[2],b[2],c2,c3,c1);
+ mul_add_c(a[1],b[3],c2,c3,c1);
+ mul_add_c(a[0],b[4],c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ mul_add_c(a[0],b[5],c3,c1,c2);
+ mul_add_c(a[1],b[4],c3,c1,c2);
+ mul_add_c(a[2],b[3],c3,c1,c2);
+ mul_add_c(a[3],b[2],c3,c1,c2);
+ mul_add_c(a[4],b[1],c3,c1,c2);
+ mul_add_c(a[5],b[0],c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ mul_add_c(a[6],b[0],c1,c2,c3);
+ mul_add_c(a[5],b[1],c1,c2,c3);
+ mul_add_c(a[4],b[2],c1,c2,c3);
+ mul_add_c(a[3],b[3],c1,c2,c3);
+ mul_add_c(a[2],b[4],c1,c2,c3);
+ mul_add_c(a[1],b[5],c1,c2,c3);
+ mul_add_c(a[0],b[6],c1,c2,c3);
+ r[6]=c1;
+ c1=0;
+ mul_add_c(a[0],b[7],c2,c3,c1);
+ mul_add_c(a[1],b[6],c2,c3,c1);
+ mul_add_c(a[2],b[5],c2,c3,c1);
+ mul_add_c(a[3],b[4],c2,c3,c1);
+ mul_add_c(a[4],b[3],c2,c3,c1);
+ mul_add_c(a[5],b[2],c2,c3,c1);
+ mul_add_c(a[6],b[1],c2,c3,c1);
+ mul_add_c(a[7],b[0],c2,c3,c1);
+ r[7]=c2;
+ c2=0;
+ mul_add_c(a[7],b[1],c3,c1,c2);
+ mul_add_c(a[6],b[2],c3,c1,c2);
+ mul_add_c(a[5],b[3],c3,c1,c2);
+ mul_add_c(a[4],b[4],c3,c1,c2);
+ mul_add_c(a[3],b[5],c3,c1,c2);
+ mul_add_c(a[2],b[6],c3,c1,c2);
+ mul_add_c(a[1],b[7],c3,c1,c2);
+ r[8]=c3;
+ c3=0;
+ mul_add_c(a[2],b[7],c1,c2,c3);
+ mul_add_c(a[3],b[6],c1,c2,c3);
+ mul_add_c(a[4],b[5],c1,c2,c3);
+ mul_add_c(a[5],b[4],c1,c2,c3);
+ mul_add_c(a[6],b[3],c1,c2,c3);
+ mul_add_c(a[7],b[2],c1,c2,c3);
+ r[9]=c1;
+ c1=0;
+ mul_add_c(a[7],b[3],c2,c3,c1);
+ mul_add_c(a[6],b[4],c2,c3,c1);
+ mul_add_c(a[5],b[5],c2,c3,c1);
+ mul_add_c(a[4],b[6],c2,c3,c1);
+ mul_add_c(a[3],b[7],c2,c3,c1);
+ r[10]=c2;
+ c2=0;
+ mul_add_c(a[4],b[7],c3,c1,c2);
+ mul_add_c(a[5],b[6],c3,c1,c2);
+ mul_add_c(a[6],b[5],c3,c1,c2);
+ mul_add_c(a[7],b[4],c3,c1,c2);
+ r[11]=c3;
+ c3=0;
+ mul_add_c(a[7],b[5],c1,c2,c3);
+ mul_add_c(a[6],b[6],c1,c2,c3);
+ mul_add_c(a[5],b[7],c1,c2,c3);
+ r[12]=c1;
+ c1=0;
+ mul_add_c(a[6],b[7],c2,c3,c1);
+ mul_add_c(a[7],b[6],c2,c3,c1);
+ r[13]=c2;
+ c2=0;
+ mul_add_c(a[7],b[7],c3,c1,c2);
+ r[14]=c3;
+ r[15]=c1;
+ }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ mul_add_c(a[0],b[0],c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ mul_add_c(a[0],b[1],c2,c3,c1);
+ mul_add_c(a[1],b[0],c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ mul_add_c(a[2],b[0],c3,c1,c2);
+ mul_add_c(a[1],b[1],c3,c1,c2);
+ mul_add_c(a[0],b[2],c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ mul_add_c(a[0],b[3],c1,c2,c3);
+ mul_add_c(a[1],b[2],c1,c2,c3);
+ mul_add_c(a[2],b[1],c1,c2,c3);
+ mul_add_c(a[3],b[0],c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ mul_add_c(a[3],b[1],c2,c3,c1);
+ mul_add_c(a[2],b[2],c2,c3,c1);
+ mul_add_c(a[1],b[3],c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ mul_add_c(a[2],b[3],c3,c1,c2);
+ mul_add_c(a[3],b[2],c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ mul_add_c(a[3],b[3],c1,c2,c3);
+ r[6]=c1;
+ r[7]=c2;
+ }
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+ {
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ sqr_add_c(a,0,c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ sqr_add_c2(a,1,0,c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ sqr_add_c(a,1,c3,c1,c2);
+ sqr_add_c2(a,2,0,c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ sqr_add_c2(a,3,0,c1,c2,c3);
+ sqr_add_c2(a,2,1,c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ sqr_add_c(a,2,c2,c3,c1);
+ sqr_add_c2(a,3,1,c2,c3,c1);
+ sqr_add_c2(a,4,0,c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ sqr_add_c2(a,5,0,c3,c1,c2);
+ sqr_add_c2(a,4,1,c3,c1,c2);
+ sqr_add_c2(a,3,2,c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ sqr_add_c(a,3,c1,c2,c3);
+ sqr_add_c2(a,4,2,c1,c2,c3);
+ sqr_add_c2(a,5,1,c1,c2,c3);
+ sqr_add_c2(a,6,0,c1,c2,c3);
+ r[6]=c1;
+ c1=0;
+ sqr_add_c2(a,7,0,c2,c3,c1);
+ sqr_add_c2(a,6,1,c2,c3,c1);
+ sqr_add_c2(a,5,2,c2,c3,c1);
+ sqr_add_c2(a,4,3,c2,c3,c1);
+ r[7]=c2;
+ c2=0;
+ sqr_add_c(a,4,c3,c1,c2);
+ sqr_add_c2(a,5,3,c3,c1,c2);
+ sqr_add_c2(a,6,2,c3,c1,c2);
+ sqr_add_c2(a,7,1,c3,c1,c2);
+ r[8]=c3;
+ c3=0;
+ sqr_add_c2(a,7,2,c1,c2,c3);
+ sqr_add_c2(a,6,3,c1,c2,c3);
+ sqr_add_c2(a,5,4,c1,c2,c3);
+ r[9]=c1;
+ c1=0;
+ sqr_add_c(a,5,c2,c3,c1);
+ sqr_add_c2(a,6,4,c2,c3,c1);
+ sqr_add_c2(a,7,3,c2,c3,c1);
+ r[10]=c2;
+ c2=0;
+ sqr_add_c2(a,7,4,c3,c1,c2);
+ sqr_add_c2(a,6,5,c3,c1,c2);
+ r[11]=c3;
+ c3=0;
+ sqr_add_c(a,6,c1,c2,c3);
+ sqr_add_c2(a,7,5,c1,c2,c3);
+ r[12]=c1;
+ c1=0;
+ sqr_add_c2(a,7,6,c2,c3,c1);
+ r[13]=c2;
+ c2=0;
+ sqr_add_c(a,7,c3,c1,c2);
+ r[14]=c3;
+ r[15]=c1;
+ }
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+ {
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ sqr_add_c(a,0,c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ sqr_add_c2(a,1,0,c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ sqr_add_c(a,1,c3,c1,c2);
+ sqr_add_c2(a,2,0,c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ sqr_add_c2(a,3,0,c1,c2,c3);
+ sqr_add_c2(a,2,1,c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ sqr_add_c(a,2,c2,c3,c1);
+ sqr_add_c2(a,3,1,c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ sqr_add_c2(a,3,2,c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ sqr_add_c(a,3,c1,c2,c3);
+ r[6]=c1;
+ r[7]=c2;
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,214 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005.
+#
+# Montgomery multiplication routine for x86_64. While it gives modest
+# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
+# than twice, >2x, as fast. Most common rsa1024 sign is improved by
+# respectful 50%. It remains to be seen if loop unrolling and
+# dedicated squaring routine can provide further improvement...
+
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $output";
+
+# int bn_mul_mont(
+$rp="%rdi"; # BN_ULONG *rp,
+$ap="%rsi"; # const BN_ULONG *ap,
+$bp="%rdx"; # const BN_ULONG *bp,
+$np="%rcx"; # const BN_ULONG *np,
+$n0="%r8"; # const BN_ULONG *n0,
+$num="%r9"; # int num);
+$lo0="%r10";
+$hi0="%r11";
+$bp="%r12"; # reassign $bp
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.globl bn_mul_mont
+.type bn_mul_mont,\@function,6
+.align 16
+bn_mul_mont:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ mov ${num}d,${num}d
+ lea 2($num),%rax
+ mov %rsp,%rbp
+ neg %rax
+ lea (%rsp,%rax,8),%rsp # tp=alloca(8*(num+2))
+ and \$-1024,%rsp # minimize TLB usage
+
+ mov %rbp,8(%rsp,$num,8) # tp[num+1]=%rsp
+ mov %rdx,$bp # $bp reassigned, remember?
+
+ mov ($n0),$n0 # pull n0[0] value
+
+ xor $i,$i # i=0
+ xor $j,$j # j=0
+
+ mov ($bp),$m0 # m0=bp[0]
+ mov ($ap),%rax
+ mulq $m0 # ap[0]*bp[0]
+ mov %rax,$lo0
+ mov %rdx,$hi0
+
+ imulq $n0,%rax # "tp[0]"*n0
+ mov %rax,$m1
+
+ mulq ($np) # np[0]*m1
+ add $lo0,%rax # discarded
+ adc \$0,%rdx
+ mov %rdx,$hi1
+
+ lea 1($j),$j # j++
+.L1st:
+ mov ($ap,$j,8),%rax
+ mulq $m0 # ap[j]*bp[0]
+ add $hi0,%rax
+ adc \$0,%rdx
+ mov %rax,$lo0
+ mov ($np,$j,8),%rax
+ mov %rdx,$hi0
+
+ mulq $m1 # np[j]*m1
+ add $hi1,%rax
+ lea 1($j),$j # j++
+ adc \$0,%rdx
+ add $lo0,%rax # np[j]*m1+ap[j]*bp[0]
+ adc \$0,%rdx
+ mov %rax,-16(%rsp,$j,8) # tp[j-1]
+ cmp $num,$j
+ mov %rdx,$hi1
+ jl .L1st
+
+ xor %rdx,%rdx
+ add $hi0,$hi1
+ adc \$0,%rdx
+ mov $hi1,-8(%rsp,$num,8)
+ mov %rdx,(%rsp,$num,8) # store upmost overflow bit
+
+ lea 1($i),$i # i++
+.align 4
+.Louter:
+ xor $j,$j # j=0
+
+ mov ($bp,$i,8),$m0 # m0=bp[i]
+ mov ($ap),%rax # ap[0]
+ mulq $m0 # ap[0]*bp[i]
+ add (%rsp),%rax # ap[0]*bp[i]+tp[0]
+ adc \$0,%rdx
+ mov %rax,$lo0
+ mov %rdx,$hi0
+
+ imulq $n0,%rax # tp[0]*n0
+ mov %rax,$m1
+
+ mulq ($np,$j,8) # np[0]*m1
+ add $lo0,%rax # discarded
+ mov 8(%rsp),$lo0 # tp[1]
+ adc \$0,%rdx
+ mov %rdx,$hi1
+
+ lea 1($j),$j # j++
+.align 4
+.Linner:
+ mov ($ap,$j,8),%rax
+ mulq $m0 # ap[j]*bp[i]
+ add $hi0,%rax
+ adc \$0,%rdx
+ add %rax,$lo0 # ap[j]*bp[i]+tp[j]
+ mov ($np,$j,8),%rax
+ adc \$0,%rdx
+ mov %rdx,$hi0
+
+ mulq $m1 # np[j]*m1
+ add $hi1,%rax
+ lea 1($j),$j # j++
+ adc \$0,%rdx
+ add $lo0,%rax # np[j]*m1+ap[j]*bp[i]+tp[j]
+ adc \$0,%rdx
+ mov (%rsp,$j,8),$lo0
+ cmp $num,$j
+ mov %rax,-16(%rsp,$j,8) # tp[j-1]
+ mov %rdx,$hi1
+ jl .Linner
+
+ xor %rdx,%rdx
+ add $hi0,$hi1
+ adc \$0,%rdx
+ add $lo0,$hi1 # pull upmost overflow bit
+ adc \$0,%rdx
+ mov $hi1,-8(%rsp,$num,8)
+ mov %rdx,(%rsp,$num,8) # store upmost overflow bit
+
+ lea 1($i),$i # i++
+ cmp $num,$i
+ jl .Louter
+
+ lea (%rsp),$ap # borrow ap for tp
+ lea -1($num),$j # j=num-1
+
+ mov ($ap),%rax # tp[0]
+ xor $i,$i # i=0 and clear CF!
+ jmp .Lsub
+.align 16
+.Lsub: sbb ($np,$i,8),%rax
+ mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
+ dec $j # doesn't affect CF!
+ mov 8($ap,$i,8),%rax # tp[i+1]
+ lea 1($i),$i # i++
+ jge .Lsub
+
+ sbb \$0,%rax # handle upmost overflow bit
+ and %rax,$ap
+ not %rax
+ mov $rp,$np
+ and %rax,$np
+ lea -1($num),$j
+ or $np,$ap # ap=borrow?tp:rp
+.align 16
+.Lcopy: # copy or in-place refresh
+ mov ($ap,$j,8),%rax
+ mov %rax,($rp,$j,8) # rp[i]=tp[i]
+ mov $i,(%rsp,$j,8) # zap temporary vector
+ dec $j
+ jge .Lcopy
+
+ mov 8(%rsp,$num,8),%rsp # restore %rsp
+ mov \$1,%rax
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ ret
+.size bn_mul_mont,.-bn_mul_mont
+.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+print $code;
+close STDOUT;
Added: vendor-crypto/openssl/dist/crypto/bn/bn.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,866 @@
+/* crypto/bn/bn.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_BN_H
+#define HEADER_BN_H
+
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h> /* FILE */
+#endif
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These preprocessor symbols control various aspects of the bignum headers and
+ * library code. They're not defined by any "normal" configuration, as they are
+ * intended for development and testing purposes. NB: defining all three can be
+ * useful for debugging application code as well as openssl itself.
+ *
+ * BN_DEBUG - turn on various debugging alterations to the bignum code
+ * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+#define BN_MUL_COMBA
+#define BN_SQR_COMBA
+#define BN_RECURSION
+
+/* This next option uses the C libraries (2 word)/(1 word) function.
+ * If it is not defined, I use my C version (which is slower).
+ * The reason for this flag is that when the particular C compiler
+ * library routine is used, and the library is linked with a different
+ * compiler, the library is missing. This mostly happens when the
+ * library is built with gcc and then linked using normal cc. This would
+ * be a common occurrence because gcc normally produces code that is
+ * 2 times faster than system compilers for the big number stuff.
+ * For machines with only one compiler (or shared libraries), this should
+ * be on. Again this in only really a problem on machines
+ * using "long long's", are 32bit, and are not using my assembler code. */
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+ defined(OPENSSL_SYS_WIN32) || defined(linux)
+# ifndef BN_DIV2W
+# define BN_DIV2W
+# endif
+#endif
+
+/* assuming long is 64bit - this is the DEC Alpha
+ * unsigned long long is only 64 bits :-(, don't define
+ * BN_LLONG for the DEC Alpha */
+#ifdef SIXTY_FOUR_BIT_LONG
+#define BN_ULLONG unsigned long long
+#define BN_ULONG unsigned long
+#define BN_LONG long
+#define BN_BITS 128
+#define BN_BYTES 8
+#define BN_BITS2 64
+#define BN_BITS4 32
+#define BN_MASK (0xffffffffffffffffffffffffffffffffLL)
+#define BN_MASK2 (0xffffffffffffffffL)
+#define BN_MASK2l (0xffffffffL)
+#define BN_MASK2h (0xffffffff00000000L)
+#define BN_MASK2h1 (0xffffffff80000000L)
+#define BN_TBIT (0x8000000000000000L)
+#define BN_DEC_CONV (10000000000000000000UL)
+#define BN_DEC_FMT1 "%lu"
+#define BN_DEC_FMT2 "%019lu"
+#define BN_DEC_NUM 19
+#endif
+
+/* This is where the long long data type is 64 bits, but long is 32.
+ * For machines where there are 64bit registers, this is the mode to use.
+ * IRIX, on R4000 and above should use this mode, along with the relevant
+ * assembler code :-). Do NOT define BN_LLONG.
+ */
+#ifdef SIXTY_FOUR_BIT
+#undef BN_LLONG
+#undef BN_ULLONG
+#define BN_ULONG unsigned long long
+#define BN_LONG long long
+#define BN_BITS 128
+#define BN_BYTES 8
+#define BN_BITS2 64
+#define BN_BITS4 32
+#define BN_MASK2 (0xffffffffffffffffLL)
+#define BN_MASK2l (0xffffffffL)
+#define BN_MASK2h (0xffffffff00000000LL)
+#define BN_MASK2h1 (0xffffffff80000000LL)
+#define BN_TBIT (0x8000000000000000LL)
+#define BN_DEC_CONV (10000000000000000000ULL)
+#define BN_DEC_FMT1 "%llu"
+#define BN_DEC_FMT2 "%019llu"
+#define BN_DEC_NUM 19
+#endif
+
+#ifdef THIRTY_TWO_BIT
+#ifdef BN_LLONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define BN_ULLONG unsigned __int64
+# else
+# define BN_ULLONG unsigned long long
+# endif
+#endif
+#define BN_ULONG unsigned long
+#define BN_LONG long
+#define BN_BITS 64
+#define BN_BYTES 4
+#define BN_BITS2 32
+#define BN_BITS4 16
+#ifdef OPENSSL_SYS_WIN32
+/* VC++ doesn't like the LL suffix */
+#define BN_MASK (0xffffffffffffffffL)
+#else
+#define BN_MASK (0xffffffffffffffffLL)
+#endif
+#define BN_MASK2 (0xffffffffL)
+#define BN_MASK2l (0xffff)
+#define BN_MASK2h1 (0xffff8000L)
+#define BN_MASK2h (0xffff0000L)
+#define BN_TBIT (0x80000000L)
+#define BN_DEC_CONV (1000000000L)
+#define BN_DEC_FMT1 "%lu"
+#define BN_DEC_FMT2 "%09lu"
+#define BN_DEC_NUM 9
+#endif
+
+#ifdef SIXTEEN_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG unsigned long
+#define BN_ULONG unsigned short
+#define BN_LONG short
+#define BN_BITS 32
+#define BN_BYTES 2
+#define BN_BITS2 16
+#define BN_BITS4 8
+#define BN_MASK (0xffffffff)
+#define BN_MASK2 (0xffff)
+#define BN_MASK2l (0xff)
+#define BN_MASK2h1 (0xff80)
+#define BN_MASK2h (0xff00)
+#define BN_TBIT (0x8000)
+#define BN_DEC_CONV (100000)
+#define BN_DEC_FMT1 "%u"
+#define BN_DEC_FMT2 "%05u"
+#define BN_DEC_NUM 5
+#endif
+
+#ifdef EIGHT_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG unsigned short
+#define BN_ULONG unsigned char
+#define BN_LONG char
+#define BN_BITS 16
+#define BN_BYTES 1
+#define BN_BITS2 8
+#define BN_BITS4 4
+#define BN_MASK (0xffff)
+#define BN_MASK2 (0xff)
+#define BN_MASK2l (0xf)
+#define BN_MASK2h1 (0xf8)
+#define BN_MASK2h (0xf0)
+#define BN_TBIT (0x80)
+#define BN_DEC_CONV (100)
+#define BN_DEC_FMT1 "%u"
+#define BN_DEC_FMT2 "%02u"
+#define BN_DEC_NUM 2
+#endif
+
+#define BN_DEFAULT_BITS 1280
+
+#define BN_FLG_MALLOCED 0x01
+#define BN_FLG_STATIC_DATA 0x02
+#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+
+#ifndef OPENSSL_NO_DEPRECATED
+#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
+ /* avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
+#endif
+
+#ifndef OPENSSL_NO_DEPRECATED
+#define BN_FLG_FREE 0x8000 /* used for debuging */
+#endif
+#define BN_set_flags(b,n) ((b)->flags|=(n))
+#define BN_get_flags(b,n) ((b)->flags&(n))
+
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
+#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
+ (dest)->top=(b)->top, \
+ (dest)->dmax=(b)->dmax, \
+ (dest)->neg=(b)->neg, \
+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
+ | ((b)->flags & ~BN_FLG_MALLOCED) \
+ | BN_FLG_STATIC_DATA \
+ | (n)))
+
+/* Already declared in ossl_typ.h */
+#if 0
+typedef struct bignum_st BIGNUM;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+#endif
+
+struct bignum_st
+ {
+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
+ int top; /* Index of last used d +1. */
+ /* The next are internal book keeping for bn_expand. */
+ int dmax; /* Size of the d array. */
+ int neg; /* one if the number is negative */
+ int flags;
+ };
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st
+ {
+ int ri; /* number of bits in R */
+ BIGNUM RR; /* used to convert to montgomery form */
+ BIGNUM N; /* The modulus */
+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
+ * (Ni is only stored for bignum algorithm) */
+#if 0
+ /* OpenSSL 0.9.9 preview: */
+ BN_ULONG n0[2];/* least significant word(s) of Ni */
+#else
+ BN_ULONG n0; /* least significant word of Ni */
+#endif
+ int flags;
+ };
+
+/* Used for reciprocal division/mod functions
+ * It cannot be shared between threads
+ */
+struct bn_recp_ctx_st
+ {
+ BIGNUM N; /* the divisor */
+ BIGNUM Nr; /* the reciprocal */
+ int num_bits;
+ int shift;
+ int flags;
+ };
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st
+ {
+ unsigned int ver; /* To handle binary (in)compatibility */
+ void *arg; /* callback-specific data */
+ union
+ {
+ /* if(ver==1) - handles old style callbacks */
+ void (*cb_1)(int, int, void *);
+ /* if(ver==2) - new callback style */
+ int (*cb_2)(int, int, BN_GENCB *);
+ } cb;
+ };
+/* Wrapper function to make using BN_GENCB easier, */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+/* Macro to populate a BN_GENCB structure with an "old"-style callback */
+#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
+ BN_GENCB *tmp_gencb = (gencb); \
+ tmp_gencb->ver = 1; \
+ tmp_gencb->arg = (cb_arg); \
+ tmp_gencb->cb.cb_1 = (callback); }
+/* Macro to populate a BN_GENCB structure with a "new"-style callback */
+#define BN_GENCB_set(gencb, callback, cb_arg) { \
+ BN_GENCB *tmp_gencb = (gencb); \
+ tmp_gencb->ver = 2; \
+ tmp_gencb->arg = (cb_arg); \
+ tmp_gencb->cb.cb_2 = (callback); }
+
+#define BN_prime_checks 0 /* default: select number of iterations
+ based on the size of the number */
+
+/* number of Miller-Rabin iterations for an error rate of less than 2^-80
+ * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
+ * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
+ * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
+#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
+ (b) >= 850 ? 3 : \
+ (b) >= 650 ? 4 : \
+ (b) >= 550 ? 5 : \
+ (b) >= 450 ? 6 : \
+ (b) >= 400 ? 7 : \
+ (b) >= 350 ? 8 : \
+ (b) >= 300 ? 9 : \
+ (b) >= 250 ? 12 : \
+ (b) >= 200 ? 15 : \
+ (b) >= 150 ? 18 : \
+ /* b >= 100 */ 27)
+
+#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
+#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
+ (((w) == 0) && ((a)->top == 0)))
+#define BN_is_zero(a) ((a)->top == 0)
+#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
+#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
+#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
+
+#define BN_one(a) (BN_set_word((a),1))
+#define BN_zero_ex(a) \
+ do { \
+ BIGNUM *_tmp_bn = (a); \
+ _tmp_bn->top = 0; \
+ _tmp_bn->neg = 0; \
+ } while(0)
+#ifdef OPENSSL_NO_DEPRECATED
+#define BN_zero(a) BN_zero_ex(a)
+#else
+#define BN_zero(a) (BN_set_word((a),0))
+#endif
+
+const BIGNUM *BN_value_one(void);
+char * BN_options(void);
+BN_CTX *BN_CTX_new(void);
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *c);
+#endif
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void BN_init(BIGNUM *);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param b pointer to the BIGNUM object
+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param a pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+#define BN_is_negative(a) ((a)->neg != 0)
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
+#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m,BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
+ BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m,BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a,int n);
+#ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+#endif
+#ifdef HEADER_BIO_H
+int BN_print(BIO *fp, const BIGNUM *a);
+#else
+int BN_print(void *fp, const BIGNUM *a);
+#endif
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char * BN_bn2hex(const BIGNUM *a);
+char * BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback)(int,int,void *),void *cb_arg);
+int BN_is_prime(const BIGNUM *p,int nchecks,
+ void (*callback)(int,int,void *),
+ BN_CTX *ctx,void *cb_arg);
+int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+ void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+ int do_trial_division);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void );
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
+ (r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+#define BN_BLINDING_NO_UPDATE 0x00000001
+#define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_set_params(int mul,int high,int low,int mont);
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+#endif
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp,BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+
+/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ *
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored.
+ *
+ * Note that input arguments are not const so that their bit arrays can
+ * be expanded to the appropriate size if needed.
+ */
+
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
+#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx); /* r = (a * a) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
+ BN_CTX *ctx); /* r = (1 / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx); /* r = sqrt(a) mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx); /* r^2 + r = a mod p */
+#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/* Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p. The irreducible f(t) is then of the form:
+ * t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
+ /* r = a mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+ BN_CTX *ctx); /* r = (a * a) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+ BN_CTX *ctx); /* r = (1 / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+ const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+ const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+
+/* faster mod functions for the 'NIST primes'
+ * 0 <= a < p^2 */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+/* library internal functions */
+
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+ (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
+#endif
+
+/* Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ * bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ * consistent. (ed: only if BN_DEBUG_RAND is defined)
+ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+#ifdef BN_DEBUG
+
+/* We only need assert() when debugging */
+#include <assert.h>
+
+#ifdef BN_DEBUG_RAND
+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
+#ifndef RAND_pseudo_bytes
+int RAND_pseudo_bytes(unsigned char *buf,int num);
+#define BN_DEBUG_TRIX
+#endif
+#define bn_pollute(a) \
+ do { \
+ const BIGNUM *_bnum1 = (a); \
+ if(_bnum1->top < _bnum1->dmax) { \
+ unsigned char _tmp_char; \
+ /* We cast away const without the compiler knowing, any \
+ * *genuinely* constant variables that aren't mutable \
+ * wouldn't be constructed with top!=dmax. */ \
+ BN_ULONG *_not_const; \
+ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
+ RAND_pseudo_bytes(&_tmp_char, 1); \
+ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
+ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
+ } \
+ } while(0)
+#ifdef BN_DEBUG_TRIX
+#undef RAND_pseudo_bytes
+#endif
+#else
+#define bn_pollute(a)
+#endif
+#define bn_check_top(a) \
+ do { \
+ const BIGNUM *_bnum2 = (a); \
+ if (_bnum2 != NULL) { \
+ assert((_bnum2->top == 0) || \
+ (_bnum2->d[_bnum2->top - 1] != 0)); \
+ bn_pollute(_bnum2); \
+ } \
+ } while(0)
+
+#define bn_fix_top(a) bn_check_top(a)
+
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
+#else /* !BN_DEBUG */
+
+#define bn_pollute(a)
+#define bn_check_top(a)
+#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
+
+#endif
+
+#define bn_correct_top(a) \
+ { \
+ BN_ULONG *ftl; \
+ if ((a)->top > 0) \
+ { \
+ for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+ if (*(ftl--)) break; \
+ } \
+ bn_pollute(a); \
+ }
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+
+/* Primes from RFC 2409 */
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BN_strings(void);
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+#define BN_F_BNRAND 127
+#define BN_F_BN_BLINDING_CONVERT_EX 100
+#define BN_F_BN_BLINDING_CREATE_PARAM 128
+#define BN_F_BN_BLINDING_INVERT_EX 101
+#define BN_F_BN_BLINDING_NEW 102
+#define BN_F_BN_BLINDING_UPDATE 103
+#define BN_F_BN_BN2DEC 104
+#define BN_F_BN_BN2HEX 105
+#define BN_F_BN_CTX_GET 116
+#define BN_F_BN_CTX_NEW 106
+#define BN_F_BN_CTX_START 129
+#define BN_F_BN_DIV 107
+#define BN_F_BN_DIV_NO_BRANCH 138
+#define BN_F_BN_DIV_RECP 130
+#define BN_F_BN_EXP 123
+#define BN_F_BN_EXPAND2 108
+#define BN_F_BN_EXPAND_INTERNAL 120
+#define BN_F_BN_GF2M_MOD 131
+#define BN_F_BN_GF2M_MOD_EXP 132
+#define BN_F_BN_GF2M_MOD_MUL 133
+#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134
+#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
+#define BN_F_BN_GF2M_MOD_SQR 136
+#define BN_F_BN_GF2M_MOD_SQRT 137
+#define BN_F_BN_MOD_EXP2_MONT 118
+#define BN_F_BN_MOD_EXP_MONT 109
+#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
+#define BN_F_BN_MOD_EXP_MONT_WORD 117
+#define BN_F_BN_MOD_EXP_RECP 125
+#define BN_F_BN_MOD_EXP_SIMPLE 126
+#define BN_F_BN_MOD_INVERSE 110
+#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
+#define BN_F_BN_MOD_LSHIFT_QUICK 119
+#define BN_F_BN_MOD_MUL_RECIPROCAL 111
+#define BN_F_BN_MOD_SQRT 121
+#define BN_F_BN_MPI2BN 112
+#define BN_F_BN_NEW 113
+#define BN_F_BN_RAND 114
+#define BN_F_BN_RAND_RANGE 122
+#define BN_F_BN_USUB 115
+
+/* Reason codes. */
+#define BN_R_ARG2_LT_ARG3 100
+#define BN_R_BAD_RECIPROCAL 101
+#define BN_R_BIGNUM_TOO_LONG 114
+#define BN_R_CALLED_WITH_EVEN_MODULUS 102
+#define BN_R_DIV_BY_ZERO 103
+#define BN_R_ENCODING_ERROR 104
+#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
+#define BN_R_INPUT_NOT_REDUCED 110
+#define BN_R_INVALID_LENGTH 106
+#define BN_R_INVALID_RANGE 115
+#define BN_R_NOT_A_SQUARE 111
+#define BN_R_NOT_INITIALIZED 107
+#define BN_R_NO_INVERSE 108
+#define BN_R_NO_SOLUTION 116
+#define BN_R_P_IS_NOT_PRIME 112
+#define BN_R_TOO_MANY_ITERATIONS 113
+#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn.mul
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.mul (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn.mul 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,19 @@
+We need
+
+* bn_mul_comba8
+* bn_mul_comba4
+* bn_mul_normal
+* bn_mul_recursive
+
+* bn_sqr_comba8
+* bn_sqr_comba4
+bn_sqr_normal -> BN_sqr
+* bn_sqr_recursive
+
+* bn_mul_low_recursive
+* bn_mul_low_normal
+* bn_mul_high
+
+* bn_mul_part_recursive # symetric but not power of 2
+
+bn_mul_asymetric_recursive # uneven, but do the chop up.
Added: vendor-crypto/openssl/dist/crypto/bn/bn_add.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_add.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_add.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,313 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+ {
+ const BIGNUM *tmp;
+ int a_neg = a->neg, ret;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /* a + b a+b
+ * a + -b a-b
+ * -a + b b-a
+ * -a + -b -(a+b)
+ */
+ if (a_neg ^ b->neg)
+ {
+ /* only one is negative */
+ if (a_neg)
+ { tmp=a; a=b; b=tmp; }
+
+ /* we are now a - b */
+
+ if (BN_ucmp(a,b) < 0)
+ {
+ if (!BN_usub(r,b,a)) return(0);
+ r->neg=1;
+ }
+ else
+ {
+ if (!BN_usub(r,a,b)) return(0);
+ r->neg=0;
+ }
+ return(1);
+ }
+
+ ret = BN_uadd(r,a,b);
+ r->neg = a_neg;
+ bn_check_top(r);
+ return ret;
+ }
+
+/* unsigned add of b to a */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+ {
+ int max,min,dif;
+ BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+ const BIGNUM *tmp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->top < b->top)
+ { tmp=a; a=b; b=tmp; }
+ max = a->top;
+ min = b->top;
+ dif = max - min;
+
+ if (bn_wexpand(r,max+1) == NULL)
+ return 0;
+
+ r->top=max;
+
+
+ ap=a->d;
+ bp=b->d;
+ rp=r->d;
+
+ carry=bn_add_words(rp,ap,bp,min);
+ rp+=min;
+ ap+=min;
+ bp+=min;
+
+ if (carry)
+ {
+ while (dif)
+ {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1+1) & BN_MASK2;
+ *(rp++) = t2;
+ if (t2)
+ {
+ carry=0;
+ break;
+ }
+ }
+ if (carry)
+ {
+ /* carry != 0 => dif == 0 */
+ *rp = 1;
+ r->top++;
+ }
+ }
+ if (dif && rp != ap)
+ while (dif--)
+ /* copy remaining words if ap != rp */
+ *(rp++) = *(ap++);
+ r->neg = 0;
+ bn_check_top(r);
+ return 1;
+ }
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+ {
+ int max,min,dif;
+ register BN_ULONG t1,t2,*ap,*bp,*rp;
+ int i,carry;
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+ int dummy;
+#endif
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ max = a->top;
+ min = b->top;
+ dif = max - min;
+
+ if (dif < 0) /* hmm... should not be happening */
+ {
+ BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
+ return(0);
+ }
+
+ if (bn_wexpand(r,max) == NULL) return(0);
+
+ ap=a->d;
+ bp=b->d;
+ rp=r->d;
+
+#if 1
+ carry=0;
+ for (i = min; i != 0; i--)
+ {
+ t1= *(ap++);
+ t2= *(bp++);
+ if (carry)
+ {
+ carry=(t1 <= t2);
+ t1=(t1-t2-1)&BN_MASK2;
+ }
+ else
+ {
+ carry=(t1 < t2);
+ t1=(t1-t2)&BN_MASK2;
+ }
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+ dummy=t1;
+#endif
+ *(rp++)=t1&BN_MASK2;
+ }
+#else
+ carry=bn_sub_words(rp,ap,bp,min);
+ ap+=min;
+ bp+=min;
+ rp+=min;
+#endif
+ if (carry) /* subtracted */
+ {
+ if (!dif)
+ /* error: a < b */
+ return 0;
+ while (dif)
+ {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1-1)&BN_MASK2;
+ *(rp++) = t2;
+ if (t1)
+ break;
+ }
+ }
+#if 0
+ memcpy(rp,ap,sizeof(*rp)*(max-i));
+#else
+ if (rp != ap)
+ {
+ for (;;)
+ {
+ if (!dif--) break;
+ rp[0]=ap[0];
+ if (!dif--) break;
+ rp[1]=ap[1];
+ if (!dif--) break;
+ rp[2]=ap[2];
+ if (!dif--) break;
+ rp[3]=ap[3];
+ rp+=4;
+ ap+=4;
+ }
+ }
+#endif
+
+ r->top=max;
+ r->neg=0;
+ bn_correct_top(r);
+ return(1);
+ }
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+ {
+ int max;
+ int add=0,neg=0;
+ const BIGNUM *tmp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /* a - b a-b
+ * a - -b a+b
+ * -a - b -(a+b)
+ * -a - -b b-a
+ */
+ if (a->neg)
+ {
+ if (b->neg)
+ { tmp=a; a=b; b=tmp; }
+ else
+ { add=1; neg=1; }
+ }
+ else
+ {
+ if (b->neg) { add=1; neg=0; }
+ }
+
+ if (add)
+ {
+ if (!BN_uadd(r,a,b)) return(0);
+ r->neg=neg;
+ return(1);
+ }
+
+ /* We are actually doing a - b :-) */
+
+ max=(a->top > b->top)?a->top:b->top;
+ if (bn_wexpand(r,max) == NULL) return(0);
+ if (BN_ucmp(a,b) < 0)
+ {
+ if (!BN_usub(r,b,a)) return(0);
+ r->neg=1;
+ }
+ else
+ {
+ if (!BN_usub(r,a,b)) return(0);
+ r->neg=0;
+ }
+ bn_check_top(r);
+ return(1);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_asm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_asm.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_asm.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,860 @@
+/* crypto/bn/bn_asm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG c1=0;
+
+ assert(num >= 0);
+ if (num <= 0) return(c1);
+
+ while (num&~3)
+ {
+ mul_add(rp[0],ap[0],w,c1);
+ mul_add(rp[1],ap[1],w,c1);
+ mul_add(rp[2],ap[2],w,c1);
+ mul_add(rp[3],ap[3],w,c1);
+ ap+=4; rp+=4; num-=4;
+ }
+ if (num)
+ {
+ mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+ mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+ mul_add(rp[2],ap[2],w,c1); return c1;
+ }
+
+ return(c1);
+ }
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG c1=0;
+
+ assert(num >= 0);
+ if (num <= 0) return(c1);
+
+ while (num&~3)
+ {
+ mul(rp[0],ap[0],w,c1);
+ mul(rp[1],ap[1],w,c1);
+ mul(rp[2],ap[2],w,c1);
+ mul(rp[3],ap[3],w,c1);
+ ap+=4; rp+=4; num-=4;
+ }
+ if (num)
+ {
+ mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+ mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+ mul(rp[2],ap[2],w,c1);
+ }
+ return(c1);
+ }
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+ {
+ assert(n >= 0);
+ if (n <= 0) return;
+ while (n&~3)
+ {
+ sqr(r[0],r[1],a[0]);
+ sqr(r[2],r[3],a[1]);
+ sqr(r[4],r[5],a[2]);
+ sqr(r[6],r[7],a[3]);
+ a+=4; r+=8; n-=4;
+ }
+ if (n)
+ {
+ sqr(r[0],r[1],a[0]); if (--n == 0) return;
+ sqr(r[2],r[3],a[1]); if (--n == 0) return;
+ sqr(r[4],r[5],a[2]);
+ }
+ }
+
+#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG c=0;
+ BN_ULONG bl,bh;
+
+ assert(num >= 0);
+ if (num <= 0) return((BN_ULONG)0);
+
+ bl=LBITS(w);
+ bh=HBITS(w);
+
+ for (;;)
+ {
+ mul_add(rp[0],ap[0],bl,bh,c);
+ if (--num == 0) break;
+ mul_add(rp[1],ap[1],bl,bh,c);
+ if (--num == 0) break;
+ mul_add(rp[2],ap[2],bl,bh,c);
+ if (--num == 0) break;
+ mul_add(rp[3],ap[3],bl,bh,c);
+ if (--num == 0) break;
+ ap+=4;
+ rp+=4;
+ }
+ return(c);
+ }
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+ {
+ BN_ULONG carry=0;
+ BN_ULONG bl,bh;
+
+ assert(num >= 0);
+ if (num <= 0) return((BN_ULONG)0);
+
+ bl=LBITS(w);
+ bh=HBITS(w);
+
+ for (;;)
+ {
+ mul(rp[0],ap[0],bl,bh,carry);
+ if (--num == 0) break;
+ mul(rp[1],ap[1],bl,bh,carry);
+ if (--num == 0) break;
+ mul(rp[2],ap[2],bl,bh,carry);
+ if (--num == 0) break;
+ mul(rp[3],ap[3],bl,bh,carry);
+ if (--num == 0) break;
+ ap+=4;
+ rp+=4;
+ }
+ return(carry);
+ }
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+ {
+ assert(n >= 0);
+ if (n <= 0) return;
+ for (;;)
+ {
+ sqr64(r[0],r[1],a[0]);
+ if (--n == 0) break;
+
+ sqr64(r[2],r[3],a[1]);
+ if (--n == 0) break;
+
+ sqr64(r[4],r[5],a[2]);
+ if (--n == 0) break;
+
+ sqr64(r[6],r[7],a[3]);
+ if (--n == 0) break;
+
+ a+=4;
+ r+=8;
+ }
+ }
+
+#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+ {
+ return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
+ }
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+ {
+ BN_ULONG dh,dl,q,ret=0,th,tl,t;
+ int i,count=2;
+
+ if (d == 0) return(BN_MASK2);
+
+ i=BN_num_bits_word(d);
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
+
+ i=BN_BITS2-i;
+ if (h >= d) h-=d;
+
+ if (i)
+ {
+ d<<=i;
+ h=(h<<i)|(l>>(BN_BITS2-i));
+ l<<=i;
+ }
+ dh=(d&BN_MASK2h)>>BN_BITS4;
+ dl=(d&BN_MASK2l);
+ for (;;)
+ {
+ if ((h>>BN_BITS4) == dh)
+ q=BN_MASK2l;
+ else
+ q=h/dh;
+
+ th=q*dh;
+ tl=dl*q;
+ for (;;)
+ {
+ t=h-th;
+ if ((t&BN_MASK2h) ||
+ ((tl) <= (
+ (t<<BN_BITS4)|
+ ((l&BN_MASK2h)>>BN_BITS4))))
+ break;
+ q--;
+ th-=dh;
+ tl-=dl;
+ }
+ t=(tl>>BN_BITS4);
+ tl=(tl<<BN_BITS4)&BN_MASK2h;
+ th+=t;
+
+ if (l < tl) th++;
+ l-=tl;
+ if (h < th)
+ {
+ h+=d;
+ q--;
+ }
+ h-=th;
+
+ if (--count == 0) break;
+
+ ret=q<<BN_BITS4;
+ h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
+ l=(l&BN_MASK2l)<<BN_BITS4;
+ }
+ ret|=q;
+ return(ret);
+ }
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+ {
+ BN_ULLONG ll=0;
+
+ assert(n >= 0);
+ if (n <= 0) return((BN_ULONG)0);
+
+ for (;;)
+ {
+ ll+=(BN_ULLONG)a[0]+b[0];
+ r[0]=(BN_ULONG)ll&BN_MASK2;
+ ll>>=BN_BITS2;
+ if (--n <= 0) break;
+
+ ll+=(BN_ULLONG)a[1]+b[1];
+ r[1]=(BN_ULONG)ll&BN_MASK2;
+ ll>>=BN_BITS2;
+ if (--n <= 0) break;
+
+ ll+=(BN_ULLONG)a[2]+b[2];
+ r[2]=(BN_ULONG)ll&BN_MASK2;
+ ll>>=BN_BITS2;
+ if (--n <= 0) break;
+
+ ll+=(BN_ULLONG)a[3]+b[3];
+ r[3]=(BN_ULONG)ll&BN_MASK2;
+ ll>>=BN_BITS2;
+ if (--n <= 0) break;
+
+ a+=4;
+ b+=4;
+ r+=4;
+ }
+ return((BN_ULONG)ll);
+ }
+#else /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+ {
+ BN_ULONG c,l,t;
+
+ assert(n >= 0);
+ if (n <= 0) return((BN_ULONG)0);
+
+ c=0;
+ for (;;)
+ {
+ t=a[0];
+ t=(t+c)&BN_MASK2;
+ c=(t < c);
+ l=(t+b[0])&BN_MASK2;
+ c+=(l < t);
+ r[0]=l;
+ if (--n <= 0) break;
+
+ t=a[1];
+ t=(t+c)&BN_MASK2;
+ c=(t < c);
+ l=(t+b[1])&BN_MASK2;
+ c+=(l < t);
+ r[1]=l;
+ if (--n <= 0) break;
+
+ t=a[2];
+ t=(t+c)&BN_MASK2;
+ c=(t < c);
+ l=(t+b[2])&BN_MASK2;
+ c+=(l < t);
+ r[2]=l;
+ if (--n <= 0) break;
+
+ t=a[3];
+ t=(t+c)&BN_MASK2;
+ c=(t < c);
+ l=(t+b[3])&BN_MASK2;
+ c+=(l < t);
+ r[3]=l;
+ if (--n <= 0) break;
+
+ a+=4;
+ b+=4;
+ r+=4;
+ }
+ return((BN_ULONG)c);
+ }
+#endif /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+ {
+ BN_ULONG t1,t2;
+ int c=0;
+
+ assert(n >= 0);
+ if (n <= 0) return((BN_ULONG)0);
+
+ for (;;)
+ {
+ t1=a[0]; t2=b[0];
+ r[0]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[1]; t2=b[1];
+ r[1]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[2]; t2=b[2];
+ r[2]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ t1=a[3]; t2=b[3];
+ r[3]=(t1-t2-c)&BN_MASK2;
+ if (t1 != t2) c=(t1 < t2);
+ if (--n <= 0) break;
+
+ a+=4;
+ b+=4;
+ r+=4;
+ }
+ return(c);
+ }
+
+#ifdef BN_MUL_COMBA
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+ t=(BN_ULLONG)a*b; \
+ t1=(BN_ULONG)Lw(t); \
+ t2=(BN_ULONG)Hw(t); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+ t=(BN_ULLONG)a*b; \
+ tt=(t+t)&BN_MASK; \
+ if (tt < t) c2++; \
+ t1=(BN_ULONG)Lw(tt); \
+ t2=(BN_ULONG)Hw(tt); \
+ c0=(c0+t1)&BN_MASK2; \
+ if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+ t=(BN_ULLONG)a[i]*a[i]; \
+ t1=(BN_ULONG)Lw(t); \
+ t2=(BN_ULONG)Hw(t); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#elif defined(BN_UMULT_LOHI)
+
+#define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ BN_UMULT_LOHI(t1,t2,ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ BN_UMULT_LOHI(t0,t1,ta,tb); \
+ t2 = t1+t1; c2 += (t2<t1)?1:0; \
+ t1 = t0+t0; t2 += (t1<t0)?1:0; \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define sqr_add_c(a,i,c0,c1,c2) { \
+ BN_ULONG ta=(a)[i]; \
+ BN_UMULT_LOHI(t1,t2,ta,ta); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#elif defined(BN_UMULT_HIGH)
+
+#define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ t1 = ta * tb; \
+ t2 = BN_UMULT_HIGH(ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ t1 = BN_UMULT_HIGH(ta,tb); \
+ t0 = ta * tb; \
+ t2 = t1+t1; c2 += (t2<t1)?1:0; \
+ t1 = t0+t0; t2 += (t1<t0)?1:0; \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define sqr_add_c(a,i,c0,c1,c2) { \
+ BN_ULONG ta=(a)[i]; \
+ t1 = ta * ta; \
+ t2 = BN_UMULT_HIGH(ta,ta); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#else /* !BN_LLONG */
+#define mul_add_c(a,b,c0,c1,c2) \
+ t1=LBITS(a); t2=HBITS(a); \
+ bl=LBITS(b); bh=HBITS(b); \
+ mul64(t1,t2,bl,bh); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+ t1=LBITS(a); t2=HBITS(a); \
+ bl=LBITS(b); bh=HBITS(b); \
+ mul64(t1,t2,bl,bh); \
+ if (t2 & BN_TBIT) c2++; \
+ t2=(t2+t2)&BN_MASK2; \
+ if (t1 & BN_TBIT) t2++; \
+ t1=(t1+t1)&BN_MASK2; \
+ c0=(c0+t1)&BN_MASK2; \
+ if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+ sqr64(t1,t2,(a)[i]); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t;
+#else
+ BN_ULONG bl,bh;
+#endif
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ mul_add_c(a[0],b[0],c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ mul_add_c(a[0],b[1],c2,c3,c1);
+ mul_add_c(a[1],b[0],c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ mul_add_c(a[2],b[0],c3,c1,c2);
+ mul_add_c(a[1],b[1],c3,c1,c2);
+ mul_add_c(a[0],b[2],c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ mul_add_c(a[0],b[3],c1,c2,c3);
+ mul_add_c(a[1],b[2],c1,c2,c3);
+ mul_add_c(a[2],b[1],c1,c2,c3);
+ mul_add_c(a[3],b[0],c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ mul_add_c(a[4],b[0],c2,c3,c1);
+ mul_add_c(a[3],b[1],c2,c3,c1);
+ mul_add_c(a[2],b[2],c2,c3,c1);
+ mul_add_c(a[1],b[3],c2,c3,c1);
+ mul_add_c(a[0],b[4],c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ mul_add_c(a[0],b[5],c3,c1,c2);
+ mul_add_c(a[1],b[4],c3,c1,c2);
+ mul_add_c(a[2],b[3],c3,c1,c2);
+ mul_add_c(a[3],b[2],c3,c1,c2);
+ mul_add_c(a[4],b[1],c3,c1,c2);
+ mul_add_c(a[5],b[0],c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ mul_add_c(a[6],b[0],c1,c2,c3);
+ mul_add_c(a[5],b[1],c1,c2,c3);
+ mul_add_c(a[4],b[2],c1,c2,c3);
+ mul_add_c(a[3],b[3],c1,c2,c3);
+ mul_add_c(a[2],b[4],c1,c2,c3);
+ mul_add_c(a[1],b[5],c1,c2,c3);
+ mul_add_c(a[0],b[6],c1,c2,c3);
+ r[6]=c1;
+ c1=0;
+ mul_add_c(a[0],b[7],c2,c3,c1);
+ mul_add_c(a[1],b[6],c2,c3,c1);
+ mul_add_c(a[2],b[5],c2,c3,c1);
+ mul_add_c(a[3],b[4],c2,c3,c1);
+ mul_add_c(a[4],b[3],c2,c3,c1);
+ mul_add_c(a[5],b[2],c2,c3,c1);
+ mul_add_c(a[6],b[1],c2,c3,c1);
+ mul_add_c(a[7],b[0],c2,c3,c1);
+ r[7]=c2;
+ c2=0;
+ mul_add_c(a[7],b[1],c3,c1,c2);
+ mul_add_c(a[6],b[2],c3,c1,c2);
+ mul_add_c(a[5],b[3],c3,c1,c2);
+ mul_add_c(a[4],b[4],c3,c1,c2);
+ mul_add_c(a[3],b[5],c3,c1,c2);
+ mul_add_c(a[2],b[6],c3,c1,c2);
+ mul_add_c(a[1],b[7],c3,c1,c2);
+ r[8]=c3;
+ c3=0;
+ mul_add_c(a[2],b[7],c1,c2,c3);
+ mul_add_c(a[3],b[6],c1,c2,c3);
+ mul_add_c(a[4],b[5],c1,c2,c3);
+ mul_add_c(a[5],b[4],c1,c2,c3);
+ mul_add_c(a[6],b[3],c1,c2,c3);
+ mul_add_c(a[7],b[2],c1,c2,c3);
+ r[9]=c1;
+ c1=0;
+ mul_add_c(a[7],b[3],c2,c3,c1);
+ mul_add_c(a[6],b[4],c2,c3,c1);
+ mul_add_c(a[5],b[5],c2,c3,c1);
+ mul_add_c(a[4],b[6],c2,c3,c1);
+ mul_add_c(a[3],b[7],c2,c3,c1);
+ r[10]=c2;
+ c2=0;
+ mul_add_c(a[4],b[7],c3,c1,c2);
+ mul_add_c(a[5],b[6],c3,c1,c2);
+ mul_add_c(a[6],b[5],c3,c1,c2);
+ mul_add_c(a[7],b[4],c3,c1,c2);
+ r[11]=c3;
+ c3=0;
+ mul_add_c(a[7],b[5],c1,c2,c3);
+ mul_add_c(a[6],b[6],c1,c2,c3);
+ mul_add_c(a[5],b[7],c1,c2,c3);
+ r[12]=c1;
+ c1=0;
+ mul_add_c(a[6],b[7],c2,c3,c1);
+ mul_add_c(a[7],b[6],c2,c3,c1);
+ r[13]=c2;
+ c2=0;
+ mul_add_c(a[7],b[7],c3,c1,c2);
+ r[14]=c3;
+ r[15]=c1;
+ }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t;
+#else
+ BN_ULONG bl,bh;
+#endif
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ mul_add_c(a[0],b[0],c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ mul_add_c(a[0],b[1],c2,c3,c1);
+ mul_add_c(a[1],b[0],c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ mul_add_c(a[2],b[0],c3,c1,c2);
+ mul_add_c(a[1],b[1],c3,c1,c2);
+ mul_add_c(a[0],b[2],c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ mul_add_c(a[0],b[3],c1,c2,c3);
+ mul_add_c(a[1],b[2],c1,c2,c3);
+ mul_add_c(a[2],b[1],c1,c2,c3);
+ mul_add_c(a[3],b[0],c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ mul_add_c(a[3],b[1],c2,c3,c1);
+ mul_add_c(a[2],b[2],c2,c3,c1);
+ mul_add_c(a[1],b[3],c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ mul_add_c(a[2],b[3],c3,c1,c2);
+ mul_add_c(a[3],b[2],c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ mul_add_c(a[3],b[3],c1,c2,c3);
+ r[6]=c1;
+ r[7]=c2;
+ }
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t,tt;
+#else
+ BN_ULONG bl,bh;
+#endif
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ sqr_add_c(a,0,c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ sqr_add_c2(a,1,0,c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ sqr_add_c(a,1,c3,c1,c2);
+ sqr_add_c2(a,2,0,c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ sqr_add_c2(a,3,0,c1,c2,c3);
+ sqr_add_c2(a,2,1,c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ sqr_add_c(a,2,c2,c3,c1);
+ sqr_add_c2(a,3,1,c2,c3,c1);
+ sqr_add_c2(a,4,0,c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ sqr_add_c2(a,5,0,c3,c1,c2);
+ sqr_add_c2(a,4,1,c3,c1,c2);
+ sqr_add_c2(a,3,2,c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ sqr_add_c(a,3,c1,c2,c3);
+ sqr_add_c2(a,4,2,c1,c2,c3);
+ sqr_add_c2(a,5,1,c1,c2,c3);
+ sqr_add_c2(a,6,0,c1,c2,c3);
+ r[6]=c1;
+ c1=0;
+ sqr_add_c2(a,7,0,c2,c3,c1);
+ sqr_add_c2(a,6,1,c2,c3,c1);
+ sqr_add_c2(a,5,2,c2,c3,c1);
+ sqr_add_c2(a,4,3,c2,c3,c1);
+ r[7]=c2;
+ c2=0;
+ sqr_add_c(a,4,c3,c1,c2);
+ sqr_add_c2(a,5,3,c3,c1,c2);
+ sqr_add_c2(a,6,2,c3,c1,c2);
+ sqr_add_c2(a,7,1,c3,c1,c2);
+ r[8]=c3;
+ c3=0;
+ sqr_add_c2(a,7,2,c1,c2,c3);
+ sqr_add_c2(a,6,3,c1,c2,c3);
+ sqr_add_c2(a,5,4,c1,c2,c3);
+ r[9]=c1;
+ c1=0;
+ sqr_add_c(a,5,c2,c3,c1);
+ sqr_add_c2(a,6,4,c2,c3,c1);
+ sqr_add_c2(a,7,3,c2,c3,c1);
+ r[10]=c2;
+ c2=0;
+ sqr_add_c2(a,7,4,c3,c1,c2);
+ sqr_add_c2(a,6,5,c3,c1,c2);
+ r[11]=c3;
+ c3=0;
+ sqr_add_c(a,6,c1,c2,c3);
+ sqr_add_c2(a,7,5,c1,c2,c3);
+ r[12]=c1;
+ c1=0;
+ sqr_add_c2(a,7,6,c2,c3,c1);
+ r[13]=c2;
+ c2=0;
+ sqr_add_c(a,7,c3,c1,c2);
+ r[14]=c3;
+ r[15]=c1;
+ }
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t,tt;
+#else
+ BN_ULONG bl,bh;
+#endif
+ BN_ULONG t1,t2;
+ BN_ULONG c1,c2,c3;
+
+ c1=0;
+ c2=0;
+ c3=0;
+ sqr_add_c(a,0,c1,c2,c3);
+ r[0]=c1;
+ c1=0;
+ sqr_add_c2(a,1,0,c2,c3,c1);
+ r[1]=c2;
+ c2=0;
+ sqr_add_c(a,1,c3,c1,c2);
+ sqr_add_c2(a,2,0,c3,c1,c2);
+ r[2]=c3;
+ c3=0;
+ sqr_add_c2(a,3,0,c1,c2,c3);
+ sqr_add_c2(a,2,1,c1,c2,c3);
+ r[3]=c1;
+ c1=0;
+ sqr_add_c(a,2,c2,c3,c1);
+ sqr_add_c2(a,3,1,c2,c3,c1);
+ r[4]=c2;
+ c2=0;
+ sqr_add_c2(a,3,2,c3,c1,c2);
+ r[5]=c3;
+ c3=0;
+ sqr_add_c(a,3,c1,c2,c3);
+ r[6]=c1;
+ r[7]=c2;
+ }
+#else /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+#undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+ {
+ BN_ULONG t[8];
+ bn_sqr_normal(r,a,4,t);
+ }
+
+#undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+ {
+ BN_ULONG t[16];
+ bn_sqr_normal(r,a,8,t);
+ }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+ r[4]=bn_mul_words( &(r[0]),a,4,b[0]);
+ r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
+ r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
+ r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
+ }
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+ {
+ r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]);
+ r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+ r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+ r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+ r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+ r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+ r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+ r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+ }
+
+#endif /* !BN_MUL_COMBA */
Added: vendor-crypto/openssl/dist/crypto/bn/bn_blind.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_blind.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_blind.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,374 @@
+/* crypto/bn/bn_blind.c */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define BN_BLINDING_COUNTER 32
+
+struct bn_blinding_st
+ {
+ BIGNUM *A;
+ BIGNUM *Ai;
+ BIGNUM *e;
+ BIGNUM *mod; /* just a reference */
+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+ * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+ int counter;
+ unsigned long flags;
+ BN_MONT_CTX *m_ctx;
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+ };
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
+ {
+ BN_BLINDING *ret=NULL;
+
+ bn_check_top(mod);
+
+ if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
+ {
+ BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ memset(ret,0,sizeof(BN_BLINDING));
+ if (A != NULL)
+ {
+ if ((ret->A = BN_dup(A)) == NULL) goto err;
+ }
+ if (Ai != NULL)
+ {
+ if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
+ }
+
+ /* save a copy of mod in the BN_BLINDING structure */
+ if ((ret->mod = BN_dup(mod)) == NULL) goto err;
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+ /* Set the counter to the special value -1
+ * to indicate that this is never-used fresh blinding
+ * that does not need updating before first use. */
+ ret->counter = -1;
+ return(ret);
+err:
+ if (ret != NULL) BN_BLINDING_free(ret);
+ return(NULL);
+ }
+
+void BN_BLINDING_free(BN_BLINDING *r)
+ {
+ if(r == NULL)
+ return;
+
+ if (r->A != NULL) BN_free(r->A );
+ if (r->Ai != NULL) BN_free(r->Ai);
+ if (r->e != NULL) BN_free(r->e );
+ if (r->mod != NULL) BN_free(r->mod);
+ OPENSSL_free(r);
+ }
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+ {
+ int ret=0;
+
+ if ((b->A == NULL) || (b->Ai == NULL))
+ {
+ BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
+ goto err;
+ }
+
+ if (b->counter == -1)
+ b->counter = 0;
+
+ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+ !(b->flags & BN_BLINDING_NO_RECREATE))
+ {
+ /* re-create blinding parameters */
+ if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+ goto err;
+ }
+ else if (!(b->flags & BN_BLINDING_NO_UPDATE))
+ {
+ if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
+ if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
+ }
+
+ ret=1;
+err:
+ if (b->counter == BN_BLINDING_COUNTER)
+ b->counter = 0;
+ return(ret);
+ }
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+ {
+ return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+ }
+
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+ {
+ int ret = 1;
+
+ bn_check_top(n);
+
+ if ((b->A == NULL) || (b->Ai == NULL))
+ {
+ BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
+ return(0);
+ }
+
+ if (b->counter == -1)
+ /* Fresh blinding, doesn't need updating. */
+ b->counter = 0;
+ else if (!BN_BLINDING_update(b,ctx))
+ return(0);
+
+ if (r != NULL)
+ {
+ if (!BN_copy(r, b->Ai)) ret=0;
+ }
+
+ if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
+
+ return ret;
+ }
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+ {
+ return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+ }
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+ {
+ int ret;
+
+ bn_check_top(n);
+
+ if (r != NULL)
+ ret = BN_mod_mul(n, n, r, b->mod, ctx);
+ else
+ {
+ if (b->Ai == NULL)
+ {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+ return(0);
+ }
+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
+
+ bn_check_top(n);
+ return(ret);
+ }
+
+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
+ {
+ return b->thread_id;
+ }
+
+void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
+ {
+ b->thread_id = n;
+ }
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
+ {
+ return b->flags;
+ }
+
+void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+ {
+ b->flags = flags;
+ }
+
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx)
+{
+ int retry_counter = 32;
+ BN_BLINDING *ret = NULL;
+
+ if (b == NULL)
+ ret = BN_BLINDING_new(NULL, NULL, m);
+ else
+ ret = b;
+
+ if (ret == NULL)
+ goto err;
+
+ if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+ goto err;
+ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+ goto err;
+
+ if (e != NULL)
+ {
+ if (ret->e != NULL)
+ BN_free(ret->e);
+ ret->e = BN_dup(e);
+ }
+ if (ret->e == NULL)
+ goto err;
+
+ if (bn_mod_exp != NULL)
+ ret->bn_mod_exp = bn_mod_exp;
+ if (m_ctx != NULL)
+ ret->m_ctx = m_ctx;
+
+ do {
+ if (!BN_rand_range(ret->A, ret->mod)) goto err;
+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
+ {
+ /* this should almost never happen for good RSA keys */
+ unsigned long error = ERR_peek_last_error();
+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
+ {
+ if (retry_counter-- == 0)
+ {
+ BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
+ BN_R_TOO_MANY_ITERATIONS);
+ goto err;
+ }
+ ERR_clear_error();
+ }
+ else
+ goto err;
+ }
+ else
+ break;
+ } while (1);
+
+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
+ {
+ if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+ goto err;
+ }
+ else
+ {
+ if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+ goto err;
+ }
+
+ return ret;
+err:
+ if (b == NULL && ret != NULL)
+ {
+ BN_BLINDING_free(ret);
+ ret = NULL;
+ }
+
+ return ret;
+}
Added: vendor-crypto/openssl/dist/crypto/bn/bn_const.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_const.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_const.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,402 @@
+/* crypto/bn/knownprimes.c */
+/* Insert boilerplate */
+
+#include "bn.h"
+
+/* "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
+ {
+ static const unsigned char RFC2409_PRIME_768[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
+ }
+
+/* "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
+ {
+ static const unsigned char RFC2409_PRIME_1024[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
+ }
+
+/* "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_1536[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
+ }
+
+/* "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_2048[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+ 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+ 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+ 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
+ }
+
+/* "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_3072[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+ 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+ 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+ 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+ 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+ 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+ 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+ 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+ 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+ 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+ 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+ 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+ 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
+ }
+
+/* "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_4096[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+ 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+ 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+ 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+ 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+ 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+ 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+ 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+ 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+ 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+ 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+ 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+ 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+ 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+ 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+ 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+ 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+ 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+ 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+ 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
+ }
+
+/* "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_6144[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+ 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+ 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+ 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+ 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+ 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+ 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+ 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+ 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+ 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+ 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+ 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+ 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+ 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+ 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+ 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+ 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+ 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+ 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+ 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+ 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+ 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+ 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+ 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+ 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+ 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+ 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+ 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+ 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+ 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+ 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+ 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+ 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+ 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+ 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+ 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+ 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
+ }
+
+/* "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
+ {
+ static const unsigned char RFC3526_PRIME_8192[]={
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+ 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+ 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+ 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+ 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+ 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+ 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+ 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+ 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+ 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+ 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+ 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+ 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+ 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+ 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+ 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+ 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+ 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+ 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+ 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+ 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+ 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+ 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+ 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+ 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+ 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+ 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+ 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+ 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+ 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+ 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+ 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+ 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+ 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+ 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+ 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+ 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+ 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+ 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+ 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+ 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+ 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+ 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+ 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+ 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+ 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+ 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+ 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+ 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+ 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
+ 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
+ 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
+ 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+ 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
+ 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
+ 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
+ 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+ 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
+ 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
+ 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
+ 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+ 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
+ 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
+ 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
+ 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+ 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
+ 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
+ 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
+ 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+ 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,454 @@
+/* crypto/bn/bn_ctx.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
+#ifndef NDEBUG
+#define NDEBUG
+#endif
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* TODO list
+ *
+ * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
+ * check they can be safely removed.
+ * - Check +1 and other ugliness in BN_from_montgomery()
+ *
+ * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
+ * appropriate 'block' size that will be honoured by bn_expand_internal() to
+ * prevent piddly little reallocations. OTOH, profiling bignum expansions in
+ * BN_CTX doesn't show this to be a big issue.
+ */
+
+/* How many bignums are in each "pool item"; */
+#define BN_CTX_POOL_SIZE 16
+/* The stack frame info is resizing, set a first-time expansion size; */
+#define BN_CTX_START_FRAMES 32
+
+/***********/
+/* BN_POOL */
+/***********/
+
+/* A bundle of bignums that can be linked with other bundles */
+typedef struct bignum_pool_item
+ {
+ /* The bignum values */
+ BIGNUM vals[BN_CTX_POOL_SIZE];
+ /* Linked-list admin */
+ struct bignum_pool_item *prev, *next;
+ } BN_POOL_ITEM;
+/* A linked-list of bignums grouped in bundles */
+typedef struct bignum_pool
+ {
+ /* Linked-list admin */
+ BN_POOL_ITEM *head, *current, *tail;
+ /* Stack depth and allocation size */
+ unsigned used, size;
+ } BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_POOL_reset(BN_POOL *);
+#endif
+static BIGNUM * BN_POOL_get(BN_POOL *);
+static void BN_POOL_release(BN_POOL *, unsigned int);
+
+/************/
+/* BN_STACK */
+/************/
+
+/* A wrapper to manage the "stack frames" */
+typedef struct bignum_ctx_stack
+ {
+ /* Array of indexes into the bignum stack */
+ unsigned int *indexes;
+ /* Number of stack frames, and the size of the allocated array */
+ unsigned int depth, size;
+ } BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_STACK_reset(BN_STACK *);
+#endif
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
+
+/**********/
+/* BN_CTX */
+/**********/
+
+/* The opaque BN_CTX type */
+struct bignum_ctx
+ {
+ /* The bignum bundles */
+ BN_POOL pool;
+ /* The "stack frames", if you will */
+ BN_STACK stack;
+ /* The number of bignums currently assigned */
+ unsigned int used;
+ /* Depth of stack overflow */
+ int err_stack;
+ /* Block "gets" until an "end" (compatibility behaviour) */
+ int too_many;
+ };
+
+/* Enable this to find BN_CTX bugs */
+#ifdef BN_CTX_DEBUG
+static const char *ctxdbg_cur = NULL;
+static void ctxdbg(BN_CTX *ctx)
+ {
+ unsigned int bnidx = 0, fpidx = 0;
+ BN_POOL_ITEM *item = ctx->pool.head;
+ BN_STACK *stack = &ctx->stack;
+ fprintf(stderr,"(%08x): ", (unsigned int)ctx);
+ while(bnidx < ctx->used)
+ {
+ fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+ if(!(bnidx % BN_CTX_POOL_SIZE))
+ item = item->next;
+ }
+ fprintf(stderr,"\n");
+ bnidx = 0;
+ fprintf(stderr," : ");
+ while(fpidx < stack->depth)
+ {
+ while(bnidx++ < stack->indexes[fpidx])
+ fprintf(stderr," ");
+ fprintf(stderr,"^^ ");
+ bnidx++;
+ fpidx++;
+ }
+ fprintf(stderr,"\n");
+ }
+#define CTXDBG_ENTRY(str, ctx) do { \
+ ctxdbg_cur = (str); \
+ fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+ ctxdbg(ctx); \
+ } while(0)
+#define CTXDBG_EXIT(ctx) do { \
+ fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+ ctxdbg(ctx); \
+ } while(0)
+#define CTXDBG_RET(ctx,ret)
+#else
+#define CTXDBG_ENTRY(str, ctx)
+#define CTXDBG_EXIT(ctx)
+#define CTXDBG_RET(ctx,ret)
+#endif
+
+/* This function is an evil legacy and should not be used. This implementation
+ * is WYSIWYG, though I've done my best. */
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *ctx)
+ {
+ /* Assume the caller obtained the context via BN_CTX_new() and so is
+ * trying to reset it for use. Nothing else makes sense, least of all
+ * binary compatibility from a time when they could declare a static
+ * variable. */
+ BN_POOL_reset(&ctx->pool);
+ BN_STACK_reset(&ctx->stack);
+ ctx->used = 0;
+ ctx->err_stack = 0;
+ ctx->too_many = 0;
+ }
+#endif
+
+BN_CTX *BN_CTX_new(void)
+ {
+ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
+ if(!ret)
+ {
+ BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ /* Initialise the structure */
+ BN_POOL_init(&ret->pool);
+ BN_STACK_init(&ret->stack);
+ ret->used = 0;
+ ret->err_stack = 0;
+ ret->too_many = 0;
+ return ret;
+ }
+
+void BN_CTX_free(BN_CTX *ctx)
+ {
+ if (ctx == NULL)
+ return;
+#ifdef BN_CTX_DEBUG
+ {
+ BN_POOL_ITEM *pool = ctx->pool.head;
+ fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+ ctx->stack.size, ctx->pool.size);
+ fprintf(stderr,"dmaxs: ");
+ while(pool) {
+ unsigned loop = 0;
+ while(loop < BN_CTX_POOL_SIZE)
+ fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
+ pool = pool->next;
+ }
+ fprintf(stderr,"\n");
+ }
+#endif
+ BN_STACK_finish(&ctx->stack);
+ BN_POOL_finish(&ctx->pool);
+ OPENSSL_free(ctx);
+ }
+
+void BN_CTX_start(BN_CTX *ctx)
+ {
+ CTXDBG_ENTRY("BN_CTX_start", ctx);
+ /* If we're already overflowing ... */
+ if(ctx->err_stack || ctx->too_many)
+ ctx->err_stack++;
+ /* (Try to) get a new frame pointer */
+ else if(!BN_STACK_push(&ctx->stack, ctx->used))
+ {
+ BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ ctx->err_stack++;
+ }
+ CTXDBG_EXIT(ctx);
+ }
+
+void BN_CTX_end(BN_CTX *ctx)
+ {
+ CTXDBG_ENTRY("BN_CTX_end", ctx);
+ if(ctx->err_stack)
+ ctx->err_stack--;
+ else
+ {
+ unsigned int fp = BN_STACK_pop(&ctx->stack);
+ /* Does this stack frame have anything to release? */
+ if(fp < ctx->used)
+ BN_POOL_release(&ctx->pool, ctx->used - fp);
+ ctx->used = fp;
+ /* Unjam "too_many" in case "get" had failed */
+ ctx->too_many = 0;
+ }
+ CTXDBG_EXIT(ctx);
+ }
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+ {
+ BIGNUM *ret;
+ CTXDBG_ENTRY("BN_CTX_get", ctx);
+ if(ctx->err_stack || ctx->too_many) return NULL;
+ if((ret = BN_POOL_get(&ctx->pool)) == NULL)
+ {
+ /* Setting too_many prevents repeated "get" attempts from
+ * cluttering the error stack. */
+ ctx->too_many = 1;
+ BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ return NULL;
+ }
+ /* OK, make sure the returned bignum is "zero" */
+ BN_zero(ret);
+ ctx->used++;
+ CTXDBG_RET(ctx, ret);
+ return ret;
+ }
+
+/************/
+/* BN_STACK */
+/************/
+
+static void BN_STACK_init(BN_STACK *st)
+ {
+ st->indexes = NULL;
+ st->depth = st->size = 0;
+ }
+
+static void BN_STACK_finish(BN_STACK *st)
+ {
+ if(st->size) OPENSSL_free(st->indexes);
+ }
+
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_STACK_reset(BN_STACK *st)
+ {
+ st->depth = 0;
+ }
+#endif
+
+static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+ {
+ if(st->depth == st->size)
+ /* Need to expand */
+ {
+ unsigned int newsize = (st->size ?
+ (st->size * 3 / 2) : BN_CTX_START_FRAMES);
+ unsigned int *newitems = OPENSSL_malloc(newsize *
+ sizeof(unsigned int));
+ if(!newitems) return 0;
+ if(st->depth)
+ memcpy(newitems, st->indexes, st->depth *
+ sizeof(unsigned int));
+ if(st->size) OPENSSL_free(st->indexes);
+ st->indexes = newitems;
+ st->size = newsize;
+ }
+ st->indexes[(st->depth)++] = idx;
+ return 1;
+ }
+
+static unsigned int BN_STACK_pop(BN_STACK *st)
+ {
+ return st->indexes[--(st->depth)];
+ }
+
+/***********/
+/* BN_POOL */
+/***********/
+
+static void BN_POOL_init(BN_POOL *p)
+ {
+ p->head = p->current = p->tail = NULL;
+ p->used = p->size = 0;
+ }
+
+static void BN_POOL_finish(BN_POOL *p)
+ {
+ while(p->head)
+ {
+ unsigned int loop = 0;
+ BIGNUM *bn = p->head->vals;
+ while(loop++ < BN_CTX_POOL_SIZE)
+ {
+ if(bn->d) BN_clear_free(bn);
+ bn++;
+ }
+ p->current = p->head->next;
+ OPENSSL_free(p->head);
+ p->head = p->current;
+ }
+ }
+
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_POOL_reset(BN_POOL *p)
+ {
+ BN_POOL_ITEM *item = p->head;
+ while(item)
+ {
+ unsigned int loop = 0;
+ BIGNUM *bn = item->vals;
+ while(loop++ < BN_CTX_POOL_SIZE)
+ {
+ if(bn->d) BN_clear(bn);
+ bn++;
+ }
+ item = item->next;
+ }
+ p->current = p->head;
+ p->used = 0;
+ }
+#endif
+
+static BIGNUM *BN_POOL_get(BN_POOL *p)
+ {
+ if(p->used == p->size)
+ {
+ BIGNUM *bn;
+ unsigned int loop = 0;
+ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
+ if(!item) return NULL;
+ /* Initialise the structure */
+ bn = item->vals;
+ while(loop++ < BN_CTX_POOL_SIZE)
+ BN_init(bn++);
+ item->prev = p->tail;
+ item->next = NULL;
+ /* Link it in */
+ if(!p->head)
+ p->head = p->current = p->tail = item;
+ else
+ {
+ p->tail->next = item;
+ p->tail = item;
+ p->current = item;
+ }
+ p->size += BN_CTX_POOL_SIZE;
+ p->used++;
+ /* Return the first bignum from the new pool */
+ return item->vals;
+ }
+ if(!p->used)
+ p->current = p->head;
+ else if((p->used % BN_CTX_POOL_SIZE) == 0)
+ p->current = p->current->next;
+ return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+ }
+
+static void BN_POOL_release(BN_POOL *p, unsigned int num)
+ {
+ unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+ p->used -= num;
+ while(num--)
+ {
+ bn_check_top(p->current->vals + offset);
+ if(!offset)
+ {
+ offset = BN_CTX_POOL_SIZE - 1;
+ p->current = p->current->prev;
+ }
+ else
+ offset--;
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_depr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_depr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_depr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,112 @@
+/* crypto/bn/bn_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* Support for deprecated functions goes here - static linkage will only slurp
+ * this code if applications are using them directly. */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static void *dummy=&dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BN_GENCB cb;
+ BIGNUM *rnd=NULL;
+ int found = 0;
+
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+
+ if (ret == NULL)
+ {
+ if ((rnd=BN_new()) == NULL) goto err;
+ }
+ else
+ rnd=ret;
+ if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+ goto err;
+
+ /* we have a prime :-) */
+ found = 1;
+err:
+ if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
+ return(found ? rnd : NULL);
+ }
+
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+ BN_CTX *ctx_passed, void *cb_arg)
+ {
+ BN_GENCB cb;
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+ return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+ }
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int,int,void *),
+ BN_CTX *ctx_passed, void *cb_arg,
+ int do_trial_division)
+ {
+ BN_GENCB cb;
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+ do_trial_division, &cb);
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn_div.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_div.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_div.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,650 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx)
+ {
+ int i,nm,nd;
+ int ret = 0;
+ BIGNUM *D;
+
+ bn_check_top(m);
+ bn_check_top(d);
+ if (BN_is_zero(d))
+ {
+ BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+ return(0);
+ }
+
+ if (BN_ucmp(m,d) < 0)
+ {
+ if (rem != NULL)
+ { if (BN_copy(rem,m) == NULL) return(0); }
+ if (dv != NULL) BN_zero(dv);
+ return(1);
+ }
+
+ BN_CTX_start(ctx);
+ D = BN_CTX_get(ctx);
+ if (dv == NULL) dv = BN_CTX_get(ctx);
+ if (rem == NULL) rem = BN_CTX_get(ctx);
+ if (D == NULL || dv == NULL || rem == NULL)
+ goto end;
+
+ nd=BN_num_bits(d);
+ nm=BN_num_bits(m);
+ if (BN_copy(D,d) == NULL) goto end;
+ if (BN_copy(rem,m) == NULL) goto end;
+
+ /* The next 2 are needed so we can do a dv->d[0]|=1 later
+ * since BN_lshift1 will only work once there is a value :-) */
+ BN_zero(dv);
+ if(bn_wexpand(dv,1) == NULL) goto end;
+ dv->top=1;
+
+ if (!BN_lshift(D,D,nm-nd)) goto end;
+ for (i=nm-nd; i>=0; i--)
+ {
+ if (!BN_lshift1(dv,dv)) goto end;
+ if (BN_ucmp(rem,D) >= 0)
+ {
+ dv->d[0]|=1;
+ if (!BN_usub(rem,rem,D)) goto end;
+ }
+/* CAN IMPROVE (and have now :=) */
+ if (!BN_rshift1(D,D)) goto end;
+ }
+ rem->neg=BN_is_zero(rem)?0:m->neg;
+ dv->neg=m->neg^d->neg;
+ ret = 1;
+ end:
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+#else
+
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+ && !defined(PEDANTIC) && !defined(BN_DIV3W)
+# if defined(__GNUC__) && __GNUC__>=2
+# if defined(__i386) || defined (__i386__)
+ /*
+ * There were two reasons for implementing this template:
+ * - GNU C generates a call to a function (__udivdi3 to be exact)
+ * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+ * understand why...);
+ * - divl doesn't only calculate quotient, but also leaves
+ * remainder in %edx which we can definitely use here:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+# define bn_div_words(n0,n1,d0) \
+ ({ asm volatile ( \
+ "divl %4" \
+ : "=a"(q), "=d"(rem) \
+ : "a"(n1), "d"(n0), "g"(d0) \
+ : "cc"); \
+ q; \
+ })
+# define REMAINDER_IS_ALREADY_CALCULATED
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+ /*
+ * Same story here, but it's 128-bit by 64-bit division. Wow!
+ * <appro at fy.chalmers.se>
+ */
+# define bn_div_words(n0,n1,d0) \
+ ({ asm volatile ( \
+ "divq %4" \
+ : "=a"(q), "=d"(rem) \
+ : "a"(n1), "d"(n0), "g"(d0) \
+ : "cc"); \
+ q; \
+ })
+# define REMAINDER_IS_ALREADY_CALCULATED
+# endif /* __<cpu> */
+# endif /* __GNUC__ */
+#endif /* OPENSSL_NO_ASM */
+
+
+/* BN_div[_no_branch] computes dv := num / divisor, rounding towards
+ * zero, and sets up rm such that dv*divisor + rm = num holds.
+ * Thus:
+ * dv->neg == num->neg ^ divisor->neg (unless the result is zero)
+ * rm->neg == num->neg (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx);
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+ {
+ int norm_shift,i,loop;
+ BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+ BN_ULONG *resp,*wnump;
+ BN_ULONG d0,d1;
+ int num_n,div_n;
+
+ /* Invalid zero-padding would have particularly bad consequences
+ * in the case of 'num', so don't just rely on bn_check_top() for this one
+ * (bn_check_top() works only for BN_DEBUG builds) */
+ if (num->top > 0 && num->d[num->top - 1] == 0)
+ {
+ BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ bn_check_top(num);
+
+ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
+ {
+ return BN_div_no_branch(dv, rm, num, divisor, ctx);
+ }
+
+ bn_check_top(dv);
+ bn_check_top(rm);
+ /* bn_check_top(num); */ /* 'num' has been checked already */
+ bn_check_top(divisor);
+
+ if (BN_is_zero(divisor))
+ {
+ BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+ return(0);
+ }
+
+ if (BN_ucmp(num,divisor) < 0)
+ {
+ if (rm != NULL)
+ { if (BN_copy(rm,num) == NULL) return(0); }
+ if (dv != NULL) BN_zero(dv);
+ return(1);
+ }
+
+ BN_CTX_start(ctx);
+ tmp=BN_CTX_get(ctx);
+ snum=BN_CTX_get(ctx);
+ sdiv=BN_CTX_get(ctx);
+ if (dv == NULL)
+ res=BN_CTX_get(ctx);
+ else res=dv;
+ if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+ goto err;
+
+ /* First we normalise the numbers */
+ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+ if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+ sdiv->neg=0;
+ norm_shift+=BN_BITS2;
+ if (!(BN_lshift(snum,num,norm_shift))) goto err;
+ snum->neg=0;
+ div_n=sdiv->top;
+ num_n=snum->top;
+ loop=num_n-div_n;
+ /* Lets setup a 'window' into snum
+ * This is the part that corresponds to the current
+ * 'area' being divided */
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
+ /* only needed when BN_ucmp messes up the values between top and max */
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+ /* Get the top 2 words of sdiv */
+ /* div_n=sdiv->top; */
+ d0=sdiv->d[div_n-1];
+ d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+ /* pointer to the 'top' of snum */
+ wnump= &(snum->d[num_n-1]);
+
+ /* Setup to 'res' */
+ res->neg= (num->neg^divisor->neg);
+ if (!bn_wexpand(res,(loop+1))) goto err;
+ res->top=loop;
+ resp= &(res->d[loop-1]);
+
+ /* space for temp */
+ if (!bn_wexpand(tmp,(div_n+1))) goto err;
+
+ if (BN_ucmp(&wnum,sdiv) >= 0)
+ {
+ /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
+ * bn_pollute) the const bignum arguments =>
+ * clean the values between top and max again */
+ bn_clear_top2max(&wnum);
+ bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
+ *resp=1;
+ }
+ else
+ res->top--;
+ /* if res->top == 0 then clear the neg value otherwise decrease
+ * the resp pointer */
+ if (res->top == 0)
+ res->neg = 0;
+ else
+ resp--;
+
+ for (i=0; i<loop-1; i++, wnump--, resp--)
+ {
+ BN_ULONG q,l0;
+ /* the first part of the loop uses the top two words of
+ * snum and sdiv to calculate a BN_ULONG q such that
+ * | wnum - sdiv * q | < sdiv */
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+ BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
+ q=bn_div_3_words(wnump,d1,d0);
+#else
+ BN_ULONG n0,n1,rem=0;
+
+ n0=wnump[0];
+ n1=wnump[-1];
+ if (n0 == d0)
+ q=BN_MASK2;
+ else /* n0 < d0 */
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t2;
+
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+ q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+#else
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#endif
+
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+ t2=(BN_ULLONG)d1*q;
+
+ for (;;)
+ {
+ if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ t2 -= d1;
+ }
+#else /* !BN_LLONG */
+ BN_ULONG t2l,t2h;
+#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+ BN_ULONG ql,qh;
+#endif
+
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+
+#if defined(BN_UMULT_LOHI)
+ BN_UMULT_LOHI(t2l,t2h,d1,q);
+#elif defined(BN_UMULT_HIGH)
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH(d1,q);
+#else
+ t2l=LBITS(d1); t2h=HBITS(d1);
+ ql =LBITS(q); qh =HBITS(q);
+ mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+#endif
+
+ for (;;)
+ {
+ if ((t2h < rem) ||
+ ((t2h == rem) && (t2l <= wnump[-2])))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ if (t2l < d1) t2h--; t2l -= d1;
+ }
+#endif /* !BN_LLONG */
+ }
+#endif /* !BN_DIV3W */
+
+ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+ tmp->d[div_n]=l0;
+ wnum.d--;
+ /* ingore top values of the bignums just sub the two
+ * BN_ULONG arrays with bn_sub_words */
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
+ {
+ /* Note: As we have considered only the leading
+ * two BN_ULONGs in the calculation of q, sdiv * q
+ * might be greater than wnum (but then (q-1) * sdiv
+ * is less or equal than wnum)
+ */
+ q--;
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+ /* we can't have an overflow here (assuming
+ * that q != 0, but if q == 0 then tmp is
+ * zero anyway) */
+ (*wnump)++;
+ }
+ /* store part of the result */
+ *resp = q;
+ }
+ bn_correct_top(snum);
+ if (rm != NULL)
+ {
+ /* Keep a copy of the neg flag in num because if rm==num
+ * BN_rshift() will overwrite it.
+ */
+ int neg = num->neg;
+ BN_rshift(rm,snum,norm_shift);
+ if (!BN_is_zero(rm))
+ rm->neg = neg;
+ bn_check_top(rm);
+ }
+ BN_CTX_end(ctx);
+ return(1);
+err:
+ bn_check_top(rm);
+ BN_CTX_end(ctx);
+ return(0);
+ }
+
+
+/* BN_div_no_branch is a special version of BN_div. It does not contain
+ * branches that may leak sensitive information.
+ */
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx)
+ {
+ int norm_shift,i,loop;
+ BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+ BN_ULONG *resp,*wnump;
+ BN_ULONG d0,d1;
+ int num_n,div_n;
+
+ bn_check_top(dv);
+ bn_check_top(rm);
+ /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
+ bn_check_top(divisor);
+
+ if (BN_is_zero(divisor))
+ {
+ BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);
+ return(0);
+ }
+
+ BN_CTX_start(ctx);
+ tmp=BN_CTX_get(ctx);
+ snum=BN_CTX_get(ctx);
+ sdiv=BN_CTX_get(ctx);
+ if (dv == NULL)
+ res=BN_CTX_get(ctx);
+ else res=dv;
+ if (sdiv == NULL || res == NULL) goto err;
+
+ /* First we normalise the numbers */
+ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+ if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+ sdiv->neg=0;
+ norm_shift+=BN_BITS2;
+ if (!(BN_lshift(snum,num,norm_shift))) goto err;
+ snum->neg=0;
+
+ /* Since we don't know whether snum is larger than sdiv,
+ * we pad snum with enough zeroes without changing its
+ * value.
+ */
+ if (snum->top <= sdiv->top+1)
+ {
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
+ for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
+ snum->top = sdiv->top + 2;
+ }
+ else
+ {
+ if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
+ snum->d[snum->top] = 0;
+ snum->top ++;
+ }
+
+ div_n=sdiv->top;
+ num_n=snum->top;
+ loop=num_n-div_n;
+ /* Lets setup a 'window' into snum
+ * This is the part that corresponds to the current
+ * 'area' being divided */
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
+ /* only needed when BN_ucmp messes up the values between top and max */
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+ /* Get the top 2 words of sdiv */
+ /* div_n=sdiv->top; */
+ d0=sdiv->d[div_n-1];
+ d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+ /* pointer to the 'top' of snum */
+ wnump= &(snum->d[num_n-1]);
+
+ /* Setup to 'res' */
+ res->neg= (num->neg^divisor->neg);
+ if (!bn_wexpand(res,(loop+1))) goto err;
+ res->top=loop-1;
+ resp= &(res->d[loop-1]);
+
+ /* space for temp */
+ if (!bn_wexpand(tmp,(div_n+1))) goto err;
+
+ /* if res->top == 0 then clear the neg value otherwise decrease
+ * the resp pointer */
+ if (res->top == 0)
+ res->neg = 0;
+ else
+ resp--;
+
+ for (i=0; i<loop-1; i++, wnump--, resp--)
+ {
+ BN_ULONG q,l0;
+ /* the first part of the loop uses the top two words of
+ * snum and sdiv to calculate a BN_ULONG q such that
+ * | wnum - sdiv * q | < sdiv */
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+ BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
+ q=bn_div_3_words(wnump,d1,d0);
+#else
+ BN_ULONG n0,n1,rem=0;
+
+ n0=wnump[0];
+ n1=wnump[-1];
+ if (n0 == d0)
+ q=BN_MASK2;
+ else /* n0 < d0 */
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t2;
+
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+ q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+#else
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#endif
+
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+ t2=(BN_ULLONG)d1*q;
+
+ for (;;)
+ {
+ if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ t2 -= d1;
+ }
+#else /* !BN_LLONG */
+ BN_ULONG t2l,t2h;
+#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+ BN_ULONG ql,qh;
+#endif
+
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+
+#if defined(BN_UMULT_LOHI)
+ BN_UMULT_LOHI(t2l,t2h,d1,q);
+#elif defined(BN_UMULT_HIGH)
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH(d1,q);
+#else
+ t2l=LBITS(d1); t2h=HBITS(d1);
+ ql =LBITS(q); qh =HBITS(q);
+ mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+#endif
+
+ for (;;)
+ {
+ if ((t2h < rem) ||
+ ((t2h == rem) && (t2l <= wnump[-2])))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ if (t2l < d1) t2h--; t2l -= d1;
+ }
+#endif /* !BN_LLONG */
+ }
+#endif /* !BN_DIV3W */
+
+ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+ tmp->d[div_n]=l0;
+ wnum.d--;
+ /* ingore top values of the bignums just sub the two
+ * BN_ULONG arrays with bn_sub_words */
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
+ {
+ /* Note: As we have considered only the leading
+ * two BN_ULONGs in the calculation of q, sdiv * q
+ * might be greater than wnum (but then (q-1) * sdiv
+ * is less or equal than wnum)
+ */
+ q--;
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+ /* we can't have an overflow here (assuming
+ * that q != 0, but if q == 0 then tmp is
+ * zero anyway) */
+ (*wnump)++;
+ }
+ /* store part of the result */
+ *resp = q;
+ }
+ bn_correct_top(snum);
+ if (rm != NULL)
+ {
+ /* Keep a copy of the neg flag in num because if rm==num
+ * BN_rshift() will overwrite it.
+ */
+ int neg = num->neg;
+ BN_rshift(rm,snum,norm_shift);
+ if (!BN_is_zero(rm))
+ rm->neg = neg;
+ bn_check_top(rm);
+ }
+ bn_correct_top(res);
+ BN_CTX_end(ctx);
+ return(1);
+err:
+ bn_check_top(rm);
+ BN_CTX_end(ctx);
+ return(0);
+ }
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_err.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_err.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,150 @@
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+
+static ERR_STRING_DATA BN_str_functs[]=
+ {
+{ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
+{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA BN_str_reasons[]=
+ {
+{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
+{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
+{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
+{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
+{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
+{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
+{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
+{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
+{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
+{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
+{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
+{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
+{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
+{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"},
+{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
+{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
+{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_BN_strings(void)
+ {
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
+ {
+ ERR_load_strings(0,BN_str_functs);
+ ERR_load_strings(0,BN_str_reasons);
+ }
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,991 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE 32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int i,bits,ret=0;
+ BIGNUM *v,*rr;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+ {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ if ((r == a) || (r == p))
+ rr = BN_CTX_get(ctx);
+ else
+ rr = r;
+ v = BN_CTX_get(ctx);
+ if (rr == NULL || v == NULL) goto err;
+
+ if (BN_copy(v,a) == NULL) goto err;
+ bits=BN_num_bits(p);
+
+ if (BN_is_odd(p))
+ { if (BN_copy(rr,a) == NULL) goto err; }
+ else { if (!BN_one(rr)) goto err; }
+
+ for (i=1; i<bits; i++)
+ {
+ if (!BN_sqr(v,v,ctx)) goto err;
+ if (BN_is_bit_set(p,i))
+ {
+ if (!BN_mul(rr,rr,v,ctx)) goto err;
+ }
+ }
+ ret=1;
+err:
+ if (r != rr) BN_copy(r,rr);
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return(ret);
+ }
+
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+ {
+ int ret;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ /* For even modulus m = 2^k*m_odd, it might make sense to compute
+ * a^p mod m_odd and a^p mod 2^k separately (with Montgomery
+ * exponentiation for the odd part), using appropriate exponent
+ * reductions, and combine the results using the CRT.
+ *
+ * For now, we use Montgomery only if the modulus is odd; otherwise,
+ * exponentiation using the reciprocal-based quick remaindering
+ * algorithm is used.
+ *
+ * (Timing obtained with expspeed.c [computations a^p mod m
+ * where a, p, m are of the same length: 256, 512, 1024, 2048,
+ * 4096, 8192 bits], compared to the running time of the
+ * standard algorithm:
+ *
+ * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
+ * 55 .. 77 % [UltraSparc processor, but
+ * debug-solaris-sparcv8-gcc conf.]
+ *
+ * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
+ * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+ *
+ * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+ * at 2048 and more bits, but at 512 and 1024 bits, it was
+ * slower even than the standard algorithm!
+ *
+ * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+ * should be obtained when the new Montgomery reduction code
+ * has been integrated into OpenSSL.)
+ */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+ /* I have finally been able to take out this pre-condition of
+ * the top bit being set. It was caused by an error in BN_div
+ * with negatives. There was also another problem when for a^b%m
+ * a >= m. eay 07-May-97 */
+/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+ if (BN_is_odd(m))
+ {
+# ifdef MONT_EXP_WORD
+ if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
+ {
+ BN_ULONG A = a->d[0];
+ ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
+ }
+ else
+# endif
+ ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
+ }
+ else
+#endif
+#ifdef RECP_MUL_MOD
+ { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+#else
+ { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+#endif
+
+ bn_check_top(r);
+ return(ret);
+ }
+
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+ {
+ int i,j,bits,ret=0,wstart,wend,window,wvalue;
+ int start=1;
+ BIGNUM *aa;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+ BN_RECP_CTX recp;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+ {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bits=BN_num_bits(p);
+
+ if (bits == 0)
+ {
+ ret = BN_one(r);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ aa = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if(!aa || !val[0]) goto err;
+
+ BN_RECP_CTX_init(&recp);
+ if (m->neg)
+ {
+ /* ignore sign of 'm' */
+ if (!BN_copy(aa, m)) goto err;
+ aa->neg = 0;
+ if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
+ }
+ else
+ {
+ if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+ }
+
+ if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
+ if (BN_is_zero(val[0]))
+ {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
+ {
+ if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
+ goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_reciprocal(val[i],val[i-1],
+ aa,&recp,ctx))
+ goto err;
+ }
+ }
+
+ start=1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue=0; /* The 'value' of the window */
+ wstart=bits-1; /* The top bit of the window */
+ wend=0; /* The bottom bit of the window */
+
+ if (!BN_one(r)) goto err;
+
+ for (;;)
+ {
+ if (BN_is_bit_set(p,wstart) == 0)
+ {
+ if (!start)
+ if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+ goto err;
+ if (wstart == 0) break;
+ wstart--;
+ continue;
+ }
+ /* We now have wstart on a 'set' bit, we now need to work out
+ * how bit a window to do. To do this we need to scan
+ * forward until the last set bit before the end of the
+ * window */
+ j=wstart;
+ wvalue=1;
+ wend=0;
+ for (i=1; i<window; i++)
+ {
+ if (wstart-i < 0) break;
+ if (BN_is_bit_set(p,wstart-i))
+ {
+ wvalue<<=(i-wend);
+ wvalue|=1;
+ wend=i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j=wend+1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i=0; i<j; i++)
+ {
+ if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart-=wend+1;
+ wvalue=0;
+ start=0;
+ if (wstart < 0) break;
+ }
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ BN_RECP_CTX_free(&recp);
+ bn_check_top(r);
+ return(ret);
+ }
+
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ int i,j,bits,ret=0,wstart,wend,window,wvalue;
+ int start=1;
+ BIGNUM *d,*r;
+ const BIGNUM *aa;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+ BN_MONT_CTX *mont=NULL;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+ {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ if (!BN_is_odd(m))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits=BN_num_bits(p);
+ if (bits == 0)
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if (!d || !r || !val[0]) goto err;
+
+ /* If this is not done, things will break in the montgomery
+ * part */
+
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+ }
+
+ if (a->neg || BN_ucmp(a,m) >= 0)
+ {
+ if (!BN_nnmod(val[0],a,m,ctx))
+ goto err;
+ aa= val[0];
+ }
+ else
+ aa=a;
+ if (BN_is_zero(aa))
+ {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+ if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
+ {
+ if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val[i],val[i-1],
+ d,mont,ctx))
+ goto err;
+ }
+ }
+
+ start=1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue=0; /* The 'value' of the window */
+ wstart=bits-1; /* The top bit of the window */
+ wend=0; /* The bottom bit of the window */
+
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ for (;;)
+ {
+ if (BN_is_bit_set(p,wstart) == 0)
+ {
+ if (!start)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ goto err;
+ }
+ if (wstart == 0) break;
+ wstart--;
+ continue;
+ }
+ /* We now have wstart on a 'set' bit, we now need to work out
+ * how bit a window to do. To do this we need to scan
+ * forward until the last set bit before the end of the
+ * window */
+ j=wstart;
+ wvalue=1;
+ wend=0;
+ for (i=1; i<window; i++)
+ {
+ if (wstart-i < 0) break;
+ if (BN_is_bit_set(p,wstart-i))
+ {
+ wvalue<<=(i-wend);
+ wvalue|=1;
+ wend=i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j=wend+1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i=0; i<j; i++)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart-=wend+1;
+ wvalue=0;
+ start=0;
+ if (wstart < 0) break;
+ }
+ if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+ ret=1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return(ret);
+ }
+
+
+/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
+ * so that accessing any of these table values shows the same access pattern as far
+ * as cache lines are concerned. The following functions are used to transfer a BIGNUM
+ * from/to that table. */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+ while (b->top < top)
+ {
+ b->d[b->top++] = 0;
+ }
+
+ for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ buf[j] = ((unsigned char*)b->d)[i];
+ }
+
+ bn_correct_top(b);
+ return 1;
+ }
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+ for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ ((unsigned char*)b->d)[i] = buf[j];
+ }
+
+ b->top = top;
+ bn_correct_top(b);
+ return 1;
+ }
+
+/* Given a pointer value, compute the next address that is a cache line multiple. */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/* This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum
+ * to protect secret exponents (cf. the hyper-threading timing attacks
+ * pointed out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ int i,bits,ret=0,idx,window,wvalue;
+ int top;
+ BIGNUM *r;
+ const BIGNUM *aa;
+ BN_MONT_CTX *mont=NULL;
+
+ int numPowers;
+ unsigned char *powerbufFree=NULL;
+ int powerbufLen = 0;
+ unsigned char *powerbuf=NULL;
+ BIGNUM *computeTemp=NULL, *am=NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ top = m->top;
+
+ if (!(m->d[0] & 1))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits=BN_num_bits(p);
+ if (bits == 0)
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ /* Initialize BIGNUM context and allocate intermediate result */
+ BN_CTX_start(ctx);
+ r = BN_CTX_get(ctx);
+ if (r == NULL) goto err;
+
+ /* Allocate a montgomery context if it was not supplied by the caller.
+ * If this is not done, things will break in the montgomery part.
+ */
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+ }
+
+ /* Get the window size to use with size of p. */
+ window = BN_window_bits_for_ctime_exponent_size(bits);
+
+ /* Allocate a buffer large enough to hold all of the pre-computed
+ * powers of a.
+ */
+ numPowers = 1 << window;
+ powerbufLen = sizeof(m->d[0])*top*numPowers;
+ if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
+ goto err;
+
+ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+ memset(powerbuf, 0, powerbufLen);
+
+ /* Initialize the intermediate result. Do this early to save double conversion,
+ * once each for a^0 and intermediate result.
+ */
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
+
+ /* Initialize computeTemp as a^1 with montgomery precalcs */
+ computeTemp = BN_CTX_get(ctx);
+ am = BN_CTX_get(ctx);
+ if (computeTemp==NULL || am==NULL) goto err;
+
+ if (a->neg || BN_ucmp(a,m) >= 0)
+ {
+ if (!BN_mod(am,a,m,ctx))
+ goto err;
+ aa= am;
+ }
+ else
+ aa=a;
+ if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
+ if (!BN_copy(computeTemp, am)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
+
+ /* If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
+ * (even powers could instead be computed as (a^(i/2))^2
+ * to use the slight performance advantage of sqr over mul).
+ */
+ if (window > 1)
+ {
+ for (i=2; i<numPowers; i++)
+ {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
+ }
+ }
+
+ /* Adjust the number of bits up to a multiple of the window size.
+ * If the exponent length is not a multiple of the window size, then
+ * this pads the most significant bits with zeros to normalize the
+ * scanning loop to there's no special cases.
+ *
+ * * NOTE: Making the window size a power of two less than the native
+ * * word size ensures that the padded bits won't go past the last
+ * * word in the internal BIGNUM structure. Going past the end will
+ * * still produce the correct result, but causes a different branch
+ * * to be taken in the BN_is_bit_set function.
+ */
+ bits = ((bits+window-1)/window)*window;
+ idx=bits-1; /* The top bit of the window */
+
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (idx >= 0)
+ {
+ wvalue=0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i=0; i<window; i++,idx--)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
+ wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
+ }
+
+ /* Fetch the appropriate pre-computed value from the pre-buf */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
+ }
+
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+ ret=1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if (powerbuf!=NULL)
+ {
+ OPENSSL_cleanse(powerbuf,powerbufLen);
+ OPENSSL_free(powerbufFree);
+ }
+ if (am!=NULL) BN_clear(am);
+ if (computeTemp!=NULL) BN_clear(computeTemp);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ BN_MONT_CTX *mont = NULL;
+ int b, bits, ret=0;
+ int r_is_one;
+ BN_ULONG w, next_w;
+ BIGNUM *d, *r, *t;
+ BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+ (BN_mul_word(r, (w)) && \
+ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
+ (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+ /* BN_MOD_MUL_WORD is only used with 'w' large,
+ * so the BN_ucmp test is probably more overhead
+ * than always using BN_mod (which uses BN_copy if
+ * a similar test returns true). */
+ /* We can use BN_mod and do not need BN_nnmod because our
+ * accumulator is never negative (the result of BN_mod does
+ * not depend on the sign of the modulus).
+ */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+ {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bn_check_top(p);
+ bn_check_top(m);
+
+ if (!BN_is_odd(m))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ if (m->top == 1)
+ a %= m->d[0]; /* make sure that 'a' is reduced */
+
+ bits = BN_num_bits(p);
+ if (bits == 0)
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+ if (a == 0)
+ {
+ BN_zero(rr);
+ ret = 1;
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ if (d == NULL || r == NULL || t == NULL) goto err;
+
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
+ }
+
+ r_is_one = 1; /* except for Montgomery factor */
+
+ /* bits-1 >= 0 */
+
+ /* The result is accumulated in the product r*w. */
+ w = a; /* bit 'bits-1' of 'p' is always set */
+ for (b = bits-2; b >= 0; b--)
+ {
+ /* First, square r*w. */
+ next_w = w*w;
+ if ((next_w/w) != w) /* overflow */
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ next_w = 1;
+ }
+ w = next_w;
+ if (!r_is_one)
+ {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
+ }
+
+ /* Second, multiply r*w by 'a' if exponent bit is set. */
+ if (BN_is_bit_set(p, b))
+ {
+ next_w = w*a;
+ if ((next_w/a) != w) /* overflow */
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ next_w = a;
+ }
+ w = next_w;
+ }
+ }
+
+ /* Finally, set r:=r*w. */
+ if (w != 1)
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ }
+
+ if (r_is_one) /* can happen only if a == 1*/
+ {
+ if (!BN_one(rr)) goto err;
+ }
+ else
+ {
+ if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
+ }
+ ret = 1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return(ret);
+ }
+
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+ {
+ int i,j,bits,ret=0,wstart,wend,window,wvalue;
+ int start=1;
+ BIGNUM *d;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+ {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bits=BN_num_bits(p);
+
+ if (bits == 0)
+ {
+ ret = BN_one(r);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if(!d || !val[0]) goto err;
+
+ if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
+ if (BN_is_zero(val[0]))
+ {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
+ {
+ if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+ goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul(val[i],val[i-1],d,m,ctx))
+ goto err;
+ }
+ }
+
+ start=1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue=0; /* The 'value' of the window */
+ wstart=bits-1; /* The top bit of the window */
+ wend=0; /* The bottom bit of the window */
+
+ if (!BN_one(r)) goto err;
+
+ for (;;)
+ {
+ if (BN_is_bit_set(p,wstart) == 0)
+ {
+ if (!start)
+ if (!BN_mod_mul(r,r,r,m,ctx))
+ goto err;
+ if (wstart == 0) break;
+ wstart--;
+ continue;
+ }
+ /* We now have wstart on a 'set' bit, we now need to work out
+ * how bit a window to do. To do this we need to scan
+ * forward until the last set bit before the end of the
+ * window */
+ j=wstart;
+ wvalue=1;
+ wend=0;
+ for (i=1; i<window; i++)
+ {
+ if (wstart-i < 0) break;
+ if (BN_is_bit_set(p,wstart-i))
+ {
+ wvalue<<=(i-wend);
+ wvalue|=1;
+ wend=i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j=wend+1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i=0; i<j; i++)
+ {
+ if (!BN_mod_mul(r,r,r,m,ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart-=wend+1;
+ wvalue=0;
+ start=0;
+ if (wstart < 0) break;
+ }
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return(ret);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,312 @@
+/* crypto/bn/bn_exp2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE 32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
+ int r_is_one=1;
+ BIGNUM *d,*r;
+ const BIGNUM *a_mod_m;
+ /* Tables of variables obtained from 'ctx' */
+ BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+ BN_MONT_CTX *mont=NULL;
+
+ bn_check_top(a1);
+ bn_check_top(p1);
+ bn_check_top(a2);
+ bn_check_top(p2);
+ bn_check_top(m);
+
+ if (!(m->d[0] & 1))
+ {
+ BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits1=BN_num_bits(p1);
+ bits2=BN_num_bits(p2);
+ if ((bits1 == 0) && (bits2 == 0))
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ bits=(bits1 > bits2)?bits1:bits2;
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ val1[0] = BN_CTX_get(ctx);
+ val2[0] = BN_CTX_get(ctx);
+ if(!d || !r || !val1[0] || !val2[0]) goto err;
+
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+ }
+
+ window1 = BN_window_bits_for_exponent_size(bits1);
+ window2 = BN_window_bits_for_exponent_size(bits2);
+
+ /*
+ * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
+ */
+ if (a1->neg || BN_ucmp(a1,m) >= 0)
+ {
+ if (!BN_mod(val1[0],a1,m,ctx))
+ goto err;
+ a_mod_m = val1[0];
+ }
+ else
+ a_mod_m = a1;
+ if (BN_is_zero(a_mod_m))
+ {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+
+ if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
+ if (window1 > 1)
+ {
+ if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+
+ j=1<<(window1-1);
+ for (i=1; i<j; i++)
+ {
+ if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val1[i],val1[i-1],
+ d,mont,ctx))
+ goto err;
+ }
+ }
+
+
+ /*
+ * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
+ */
+ if (a2->neg || BN_ucmp(a2,m) >= 0)
+ {
+ if (!BN_mod(val2[0],a2,m,ctx))
+ goto err;
+ a_mod_m = val2[0];
+ }
+ else
+ a_mod_m = a2;
+ if (BN_is_zero(a_mod_m))
+ {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+ if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
+ if (window2 > 1)
+ {
+ if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+
+ j=1<<(window2-1);
+ for (i=1; i<j; i++)
+ {
+ if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val2[i],val2[i-1],
+ d,mont,ctx))
+ goto err;
+ }
+ }
+
+
+ /* Now compute the power product, using independent windows. */
+ r_is_one=1;
+ wvalue1=0; /* The 'value' of the first window */
+ wvalue2=0; /* The 'value' of the second window */
+ wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */
+ wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */
+
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ for (b=bits-1; b>=0; b--)
+ {
+ if (!r_is_one)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ goto err;
+ }
+
+ if (!wvalue1)
+ if (BN_is_bit_set(p1, b))
+ {
+ /* consider bits b-window1+1 .. b for this window */
+ i = b-window1+1;
+ while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+ i++;
+ wpos1 = i;
+ wvalue1 = 1;
+ for (i = b-1; i >= wpos1; i--)
+ {
+ wvalue1 <<= 1;
+ if (BN_is_bit_set(p1, i))
+ wvalue1++;
+ }
+ }
+
+ if (!wvalue2)
+ if (BN_is_bit_set(p2, b))
+ {
+ /* consider bits b-window2+1 .. b for this window */
+ i = b-window2+1;
+ while (!BN_is_bit_set(p2, i))
+ i++;
+ wpos2 = i;
+ wvalue2 = 1;
+ for (i = b-1; i >= wpos2; i--)
+ {
+ wvalue2 <<= 1;
+ if (BN_is_bit_set(p2, i))
+ wvalue2++;
+ }
+ }
+
+ if (wvalue1 && b == wpos1)
+ {
+ /* wvalue1 is odd and < 2^window1 */
+ if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
+ goto err;
+ wvalue1 = 0;
+ r_is_one = 0;
+ }
+
+ if (wvalue2 && b == wpos2)
+ {
+ /* wvalue2 is odd and < 2^window2 */
+ if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
+ goto err;
+ wvalue2 = 0;
+ r_is_one = 0;
+ }
+ }
+ if (!BN_from_montgomery(rr,r,mont,ctx))
+ goto err;
+ ret=1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,654 @@
+/* crypto/bn/bn_gcd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*t;
+ int ret=0;
+
+ bn_check_top(in_a);
+ bn_check_top(in_b);
+
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ if (a == NULL || b == NULL) goto err;
+
+ if (BN_copy(a,in_a) == NULL) goto err;
+ if (BN_copy(b,in_b) == NULL) goto err;
+ a->neg = 0;
+ b->neg = 0;
+
+ if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
+ t=euclid(a,b);
+ if (t == NULL) goto err;
+
+ if (BN_copy(r,t) == NULL) goto err;
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return(ret);
+ }
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+ {
+ BIGNUM *t;
+ int shifts=0;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /* 0 <= b <= a */
+ while (!BN_is_zero(b))
+ {
+ /* 0 < b <= a */
+
+ if (BN_is_odd(a))
+ {
+ if (BN_is_odd(b))
+ {
+ if (!BN_sub(a,a,b)) goto err;
+ if (!BN_rshift1(a,a)) goto err;
+ if (BN_cmp(a,b) < 0)
+ { t=a; a=b; b=t; }
+ }
+ else /* a odd - b even */
+ {
+ if (!BN_rshift1(b,b)) goto err;
+ if (BN_cmp(a,b) < 0)
+ { t=a; a=b; b=t; }
+ }
+ }
+ else /* a is even */
+ {
+ if (BN_is_odd(b))
+ {
+ if (!BN_rshift1(a,a)) goto err;
+ if (BN_cmp(a,b) < 0)
+ { t=a; a=b; b=t; }
+ }
+ else /* a even - b even */
+ {
+ if (!BN_rshift1(a,a)) goto err;
+ if (!BN_rshift1(b,b)) goto err;
+ shifts++;
+ }
+ }
+ /* 0 <= b <= a */
+ }
+
+ if (shifts)
+ {
+ if (!BN_lshift(a,a,shifts)) goto err;
+ }
+ bn_check_top(a);
+ return(a);
+err:
+ return(NULL);
+ }
+
+
+/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+ {
+ BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+ BIGNUM *ret=NULL;
+ int sign;
+
+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
+ {
+ return BN_mod_inverse_no_branch(in, a, n, ctx);
+ }
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL) goto err;
+
+ if (in == NULL)
+ R=BN_new();
+ else
+ R=in;
+ if (R == NULL) goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B,a) == NULL) goto err;
+ if (BN_copy(A,n) == NULL) goto err;
+ A->neg = 0;
+ if (B->neg || (BN_ucmp(B, A) >= 0))
+ {
+ if (!BN_nnmod(B, B, A, ctx)) goto err;
+ }
+ sign = -1;
+ /* From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
+ {
+ /* Binary inversion algorithm; requires odd modulus.
+ * This is faster than the general algorithm if the modulus
+ * is sufficiently small (about 400 .. 500 bits on 32-bit
+ * sytems, but much more on 64-bit systems) */
+ int shift;
+
+ while (!BN_is_zero(B))
+ {
+ /*
+ * 0 < B < |n|,
+ * 0 < A <= |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|)
+ */
+
+ /* Now divide B by the maximum possible power of two in the integers,
+ * and divide X by the same value mod |n|.
+ * When we're done, (1) still holds. */
+ shift = 0;
+ while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
+ {
+ shift++;
+
+ if (BN_is_odd(X))
+ {
+ if (!BN_uadd(X, X, n)) goto err;
+ }
+ /* now X is even, so we can easily divide it by two */
+ if (!BN_rshift1(X, X)) goto err;
+ }
+ if (shift > 0)
+ {
+ if (!BN_rshift(B, B, shift)) goto err;
+ }
+
+
+ /* Same for A and Y. Afterwards, (2) still holds. */
+ shift = 0;
+ while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
+ {
+ shift++;
+
+ if (BN_is_odd(Y))
+ {
+ if (!BN_uadd(Y, Y, n)) goto err;
+ }
+ /* now Y is even */
+ if (!BN_rshift1(Y, Y)) goto err;
+ }
+ if (shift > 0)
+ {
+ if (!BN_rshift(A, A, shift)) goto err;
+ }
+
+
+ /* We still have (1) and (2).
+ * Both A and B are odd.
+ * The following computations ensure that
+ *
+ * 0 <= B < |n|,
+ * 0 < A < |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|),
+ *
+ * and that either A or B is even in the next iteration.
+ */
+ if (BN_ucmp(B, A) >= 0)
+ {
+ /* -sign*(X + Y)*a == B - A (mod |n|) */
+ if (!BN_uadd(X, X, Y)) goto err;
+ /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+ * actually makes the algorithm slower */
+ if (!BN_usub(B, B, A)) goto err;
+ }
+ else
+ {
+ /* sign*(X + Y)*a == A - B (mod |n|) */
+ if (!BN_uadd(Y, Y, X)) goto err;
+ /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
+ if (!BN_usub(A, A, B)) goto err;
+ }
+ }
+ }
+ else
+ {
+ /* general inversion algorithm */
+
+ while (!BN_is_zero(B))
+ {
+ BIGNUM *tmp;
+
+ /*
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (BN_num_bits(A) == BN_num_bits(B))
+ {
+ if (!BN_one(D)) goto err;
+ if (!BN_sub(M,A,B)) goto err;
+ }
+ else if (BN_num_bits(A) == BN_num_bits(B) + 1)
+ {
+ /* A/B is 1, 2, or 3 */
+ if (!BN_lshift1(T,B)) goto err;
+ if (BN_ucmp(A,T) < 0)
+ {
+ /* A < 2*B, so D=1 */
+ if (!BN_one(D)) goto err;
+ if (!BN_sub(M,A,B)) goto err;
+ }
+ else
+ {
+ /* A >= 2*B, so D=2 or D=3 */
+ if (!BN_sub(M,A,T)) goto err;
+ if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
+ if (BN_ucmp(A,D) < 0)
+ {
+ /* A < 3*B, so D=2 */
+ if (!BN_set_word(D,2)) goto err;
+ /* M (= A - 2*B) already has the correct value */
+ }
+ else
+ {
+ /* only D=3 remains */
+ if (!BN_set_word(D,3)) goto err;
+ /* currently M = A - 2*B, but we need M = A - 3*B */
+ if (!BN_sub(M,M,B)) goto err;
+ }
+ }
+ }
+ else
+ {
+ if (!BN_div(D,M,A,B,ctx)) goto err;
+ }
+
+ /* Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp=A; /* keep the BIGNUM object, the value does not matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A=B;
+ B=M;
+ /* ... so we have 0 <= B < A again */
+
+ /* Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ /* most of the time D is very small, so we can optimize tmp := D*X+Y */
+ if (BN_is_one(D))
+ {
+ if (!BN_add(tmp,X,Y)) goto err;
+ }
+ else
+ {
+ if (BN_is_word(D,2))
+ {
+ if (!BN_lshift1(tmp,X)) goto err;
+ }
+ else if (BN_is_word(D,4))
+ {
+ if (!BN_lshift(tmp,X,2)) goto err;
+ }
+ else if (D->top == 1)
+ {
+ if (!BN_copy(tmp,X)) goto err;
+ if (!BN_mul_word(tmp,D->d[0])) goto err;
+ }
+ else
+ {
+ if (!BN_mul(tmp,D,X,ctx)) goto err;
+ }
+ if (!BN_add(tmp,tmp,Y)) goto err;
+ }
+
+ M=Y; /* keep the BIGNUM object, the value does not matter */
+ Y=X;
+ X=tmp;
+ sign = -sign;
+ }
+ }
+
+ /*
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0)
+ {
+ if (!BN_sub(Y,n,Y)) goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+
+ if (BN_is_one(A))
+ {
+ /* Y*a == 1 (mod |n|) */
+ if (!Y->neg && BN_ucmp(Y,n) < 0)
+ {
+ if (!BN_copy(R,Y)) goto err;
+ }
+ else
+ {
+ if (!BN_nnmod(R,Y,n,ctx)) goto err;
+ }
+ }
+ else
+ {
+ BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ goto err;
+ }
+ ret=R;
+err:
+ if ((ret == NULL) && (in == NULL)) BN_free(R);
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return(ret);
+ }
+
+
+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
+ * It does not contain branches that may leak sensitive information.
+ */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+ {
+ BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+ BIGNUM local_A, local_B;
+ BIGNUM *pA, *pB;
+ BIGNUM *ret=NULL;
+ int sign;
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL) goto err;
+
+ if (in == NULL)
+ R=BN_new();
+ else
+ R=in;
+ if (R == NULL) goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B,a) == NULL) goto err;
+ if (BN_copy(A,n) == NULL) goto err;
+ A->neg = 0;
+
+ if (B->neg || (BN_ucmp(B, A) >= 0))
+ {
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pB = &local_B;
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+ if (!BN_nnmod(B, pB, A, ctx)) goto err;
+ }
+ sign = -1;
+ /* From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ while (!BN_is_zero(B))
+ {
+ BIGNUM *tmp;
+
+ /*
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pA = &local_A;
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (!BN_div(D,M,pA,B,ctx)) goto err;
+
+ /* Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp=A; /* keep the BIGNUM object, the value does not matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A=B;
+ B=M;
+ /* ... so we have 0 <= B < A again */
+
+ /* Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ if (!BN_mul(tmp,D,X,ctx)) goto err;
+ if (!BN_add(tmp,tmp,Y)) goto err;
+
+ M=Y; /* keep the BIGNUM object, the value does not matter */
+ Y=X;
+ X=tmp;
+ sign = -sign;
+ }
+
+ /*
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0)
+ {
+ if (!BN_sub(Y,n,Y)) goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+ if (BN_is_one(A))
+ {
+ /* Y*a == 1 (mod |n|) */
+ if (!Y->neg && BN_ucmp(Y,n) < 0)
+ {
+ if (!BN_copy(R,Y)) goto err;
+ }
+ else
+ {
+ if (!BN_nnmod(R,Y,n,ctx)) goto err;
+ }
+ }
+ else
+ {
+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
+ goto err;
+ }
+ ret=R;
+err:
+ if ((ret == NULL) && (in == NULL)) BN_free(R);
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1148 @@
+/* crypto/bn/bn_gf2m.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/* NOTE: This file is licensed pursuant to the OpenSSL license below
+ * and may be modified; but after modifications, the above covenant
+ * may no longer apply! In such cases, the corresponding paragraph
+ * ["In addition, Sun covenants ... causes the infringement."] and
+ * this note can be edited out; but please keep the Sun copyright
+ * notice and attribution. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
+#define MAX_ITERATIONS 50
+
+static const BN_ULONG SQR_tb[16] =
+ { 0, 1, 4, 5, 16, 17, 20, 21,
+ 64, 65, 68, 69, 80, 81, 84, 85 };
+/* Platform-specific macros to accelerate squaring. */
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#define SQR1(w) \
+ SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
+ SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
+ SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
+ SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
+#define SQR0(w) \
+ SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
+ SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
+ SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef THIRTY_TWO_BIT
+#define SQR1(w) \
+ SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
+ SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
+#define SQR0(w) \
+ SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef SIXTEEN_BIT
+#define SQR1(w) \
+ SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF]
+#define SQR0(w) \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef EIGHT_BIT
+#define SQR1(w) \
+ SQR_tb[(w) >> 4 & 0xF]
+#define SQR0(w) \
+ SQR_tb[(w) & 15]
+#endif
+
+/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
+ * result is a polynomial r with degree < 2 * BN_BITS - 1
+ * The caller MUST ensure that the variables have the right amount
+ * of space allocated.
+ */
+#ifdef EIGHT_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+ {
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[4], top1b = a >> 7;
+ register BN_ULONG a1, a2;
+
+ a1 = a & (0x7F); a2 = a1 << 1;
+
+ tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
+
+ s = tab[b & 0x3]; l = s;
+ s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 6;
+ s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;
+ s = tab[b >> 6 ]; l ^= s << 6; h ^= s >> 2;
+
+ /* compensate for the top bit of a */
+
+ if (top1b & 01) { l ^= b << 7; h ^= b >> 1; }
+
+ *r1 = h; *r0 = l;
+ }
+#endif
+#ifdef SIXTEEN_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+ {
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[4], top1b = a >> 15;
+ register BN_ULONG a1, a2;
+
+ a1 = a & (0x7FFF); a2 = a1 << 1;
+
+ tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
+
+ s = tab[b & 0x3]; l = s;
+ s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 14;
+ s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 12;
+ s = tab[b >> 6 & 0x3]; l ^= s << 6; h ^= s >> 10;
+ s = tab[b >> 8 & 0x3]; l ^= s << 8; h ^= s >> 8;
+ s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >> 6;
+ s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >> 4;
+ s = tab[b >>14 ]; l ^= s << 14; h ^= s >> 2;
+
+ /* compensate for the top bit of a */
+
+ if (top1b & 01) { l ^= b << 15; h ^= b >> 1; }
+
+ *r1 = h; *r0 = l;
+ }
+#endif
+#ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+ {
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[8], top2b = a >> 30;
+ register BN_ULONG a1, a2, a4;
+
+ a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
+
+ tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
+ tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
+
+ s = tab[b & 0x7]; l = s;
+ s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29;
+ s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26;
+ s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23;
+ s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
+ s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
+ s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
+ s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
+ s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8;
+ s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5;
+ s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2;
+
+ /* compensate for the top two bits of a */
+
+ if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }
+ if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }
+
+ *r1 = h; *r0 = l;
+ }
+#endif
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+ {
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[16], top3b = a >> 61;
+ register BN_ULONG a1, a2, a4, a8;
+
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
+
+ tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
+ tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
+ tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8;
+ tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
+
+ s = tab[b & 0xF]; l = s;
+ s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60;
+ s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56;
+ s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
+ s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
+ s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
+ s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
+ s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
+ s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
+ s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
+ s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
+ s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
+ s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
+ s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
+ s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8;
+ s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4;
+
+ /* compensate for the top three bits of a */
+
+ if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }
+ if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }
+ if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
+
+ *r1 = h; *r0 = l;
+ }
+#endif
+
+/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1
+ * The caller MUST ensure that the variables have the right amount
+ * of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
+ {
+ BN_ULONG m1, m0;
+ /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+ bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
+ bn_GF2m_mul_1x1(r+1, r, a0, b0);
+ bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+ /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
+ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+ }
+
+
+/* Add polynomials a and b and store result in r; r could be a or b, a and b
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ const BIGNUM *at, *bt;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->top < b->top) { at = b; bt = a; }
+ else { at = a; bt = b; }
+
+ if(bn_wexpand(r, at->top) == NULL)
+ return 0;
+
+ for (i = 0; i < bt->top; i++)
+ {
+ r->d[i] = at->d[i] ^ bt->d[i];
+ }
+ for (; i < at->top; i++)
+ {
+ r->d[i] = at->d[i];
+ }
+
+ r->top = at->top;
+ bn_correct_top(r);
+
+ return 1;
+ }
+
+
+/* Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p. The irreducible f(t) is then of the form:
+ * t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+
+/* Performs modular reduction of a and store result in r. r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
+ {
+ int j, k;
+ int n, dN, d0, d1;
+ BN_ULONG zz, *z;
+
+ bn_check_top(a);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ /* Since the algorithm does reduction in the r value, if a != r, copy
+ * the contents of a into r so we can do reduction in r.
+ */
+ if (a != r)
+ {
+ if (!bn_wexpand(r, a->top)) return 0;
+ for (j = 0; j < a->top; j++)
+ {
+ r->d[j] = a->d[j];
+ }
+ r->top = a->top;
+ }
+ z = r->d;
+
+ /* start reduction */
+ dN = p[0] / BN_BITS2;
+ for (j = r->top - 1; j > dN;)
+ {
+ zz = z[j];
+ if (z[j] == 0) { j--; continue; }
+ z[j] = 0;
+
+ for (k = 1; p[k] != 0; k++)
+ {
+ /* reducing component t^p[k] */
+ n = p[0] - p[k];
+ d0 = n % BN_BITS2; d1 = BN_BITS2 - d0;
+ n /= BN_BITS2;
+ z[j-n] ^= (zz>>d0);
+ if (d0) z[j-n-1] ^= (zz<<d1);
+ }
+
+ /* reducing component t^0 */
+ n = dN;
+ d0 = p[0] % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ z[j-n] ^= (zz >> d0);
+ if (d0) z[j-n-1] ^= (zz << d1);
+ }
+
+ /* final round of reduction */
+ while (j == dN)
+ {
+
+ d0 = p[0] % BN_BITS2;
+ zz = z[dN] >> d0;
+ if (zz == 0) break;
+ d1 = BN_BITS2 - d0;
+
+ /* clear up the top d1 bits */
+ if (d0)
+ z[dN] = (z[dN] << d1) >> d1;
+ else
+ z[dN] = 0;
+ z[0] ^= zz; /* reduction t^0 component */
+
+ for (k = 1; p[k] != 0; k++)
+ {
+ BN_ULONG tmp_ulong;
+
+ /* reducing component t^p[k]*/
+ n = p[k] / BN_BITS2;
+ d0 = p[k] % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ z[n] ^= (zz << d0);
+ tmp_ulong = zz >> d1;
+ if (d0 && tmp_ulong)
+ z[n+1] ^= tmp_ulong;
+ }
+
+
+ }
+
+ bn_correct_top(r);
+ return 1;
+ }
+
+/* Performs modular reduction of a by p and store result in r. r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_arr function.
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_arr(r, a, arr);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+
+/* Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r. r could be a or b; a could be b.
+ */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+ {
+ int zlen, i, j, k, ret = 0;
+ BIGNUM *s;
+ BN_ULONG x1, x0, y1, y0, zz[4];
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a == b)
+ {
+ return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+ }
+
+ BN_CTX_start(ctx);
+ if ((s = BN_CTX_get(ctx)) == NULL) goto err;
+
+ zlen = a->top + b->top + 4;
+ if (!bn_wexpand(s, zlen)) goto err;
+ s->top = zlen;
+
+ for (i = 0; i < zlen; i++) s->d[i] = 0;
+
+ for (j = 0; j < b->top; j += 2)
+ {
+ y0 = b->d[j];
+ y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
+ for (i = 0; i < a->top; i += 2)
+ {
+ x0 = a->d[i];
+ x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
+ bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+ for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
+ }
+ }
+
+ bn_correct_top(s);
+ if (BN_GF2m_mod_arr(r, s, p))
+ ret = 1;
+ bn_check_top(r);
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r. r could be a or b; a could equal b.
+ *
+ * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_mul_arr function.
+ */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+
+/* Square a, reduce the result mod p, and store it in a. r could be a. */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+ {
+ int i, ret = 0;
+ BIGNUM *s;
+
+ bn_check_top(a);
+ BN_CTX_start(ctx);
+ if ((s = BN_CTX_get(ctx)) == NULL) return 0;
+ if (!bn_wexpand(s, 2 * a->top)) goto err;
+
+ for (i = a->top - 1; i >= 0; i--)
+ {
+ s->d[2*i+1] = SQR1(a->d[i]);
+ s->d[2*i ] = SQR0(a->d[i]);
+ }
+
+ s->top = 2 * a->top;
+ bn_correct_top(s);
+ if (!BN_GF2m_mod_arr(r, s, p)) goto err;
+ bn_check_top(r);
+ ret = 1;
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Square a, reduce the result mod p, and store it in a. r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_sqr_arr function.
+ */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+
+/* Invert a, reduce modulo p, and store the result in r. r could be a.
+ * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
+ * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation
+ * of Elliptic Curve Cryptography Over Binary Fields".
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ {
+ BIGNUM *b, *c, *u, *v, *tmp;
+ int ret = 0;
+
+ bn_check_top(a);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+
+ b = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ u = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
+ if (v == NULL) goto err;
+
+ if (!BN_one(b)) goto err;
+ if (!BN_GF2m_mod(u, a, p)) goto err;
+ if (!BN_copy(v, p)) goto err;
+
+ if (BN_is_zero(u)) goto err;
+
+ while (1)
+ {
+ while (!BN_is_odd(u))
+ {
+ if (BN_is_zero(u)) goto err;
+ if (!BN_rshift1(u, u)) goto err;
+ if (BN_is_odd(b))
+ {
+ if (!BN_GF2m_add(b, b, p)) goto err;
+ }
+ if (!BN_rshift1(b, b)) goto err;
+ }
+
+ if (BN_abs_is_word(u, 1)) break;
+
+ if (BN_num_bits(u) < BN_num_bits(v))
+ {
+ tmp = u; u = v; v = tmp;
+ tmp = b; b = c; c = tmp;
+ }
+
+ if (!BN_GF2m_add(u, u, v)) goto err;
+ if (!BN_GF2m_add(b, b, c)) goto err;
+ }
+
+
+ if (!BN_copy(r, b)) goto err;
+ bn_check_top(r);
+ ret = 1;
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ *
+ * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+ {
+ BIGNUM *field;
+ int ret = 0;
+
+ bn_check_top(xx);
+ BN_CTX_start(ctx);
+ if ((field = BN_CTX_get(ctx)) == NULL) goto err;
+ if (!BN_GF2m_arr2poly(p, field)) goto err;
+
+ ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+ bn_check_top(r);
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+
+#ifndef OPENSSL_SUN_GF2M_DIV
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
+ {
+ BIGNUM *xinv = NULL;
+ int ret = 0;
+
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+ xinv = BN_CTX_get(ctx);
+ if (xinv == NULL) goto err;
+
+ if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
+ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
+ bn_check_top(r);
+ ret = 1;
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+#else
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ * Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
+ * the Great Divide".
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
+ {
+ BIGNUM *a, *b, *u, *v;
+ int ret = 0;
+
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ u = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
+ if (v == NULL) goto err;
+
+ /* reduce x and y mod p */
+ if (!BN_GF2m_mod(u, y, p)) goto err;
+ if (!BN_GF2m_mod(a, x, p)) goto err;
+ if (!BN_copy(b, p)) goto err;
+
+ while (!BN_is_odd(a))
+ {
+ if (!BN_rshift1(a, a)) goto err;
+ if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
+ if (!BN_rshift1(u, u)) goto err;
+ }
+
+ do
+ {
+ if (BN_GF2m_cmp(b, a) > 0)
+ {
+ if (!BN_GF2m_add(b, b, a)) goto err;
+ if (!BN_GF2m_add(v, v, u)) goto err;
+ do
+ {
+ if (!BN_rshift1(b, b)) goto err;
+ if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
+ if (!BN_rshift1(v, v)) goto err;
+ } while (!BN_is_odd(b));
+ }
+ else if (BN_abs_is_word(a, 1))
+ break;
+ else
+ {
+ if (!BN_GF2m_add(a, a, b)) goto err;
+ if (!BN_GF2m_add(u, u, v)) goto err;
+ do
+ {
+ if (!BN_rshift1(a, a)) goto err;
+ if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
+ if (!BN_rshift1(u, u)) goto err;
+ } while (!BN_is_odd(a));
+ }
+ } while (1);
+
+ if (!BN_copy(r, u)) goto err;
+ bn_check_top(r);
+ ret = 1;
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+#endif
+
+/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * or yy, xx could equal yy.
+ *
+ * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+ {
+ BIGNUM *field;
+ int ret = 0;
+
+ bn_check_top(yy);
+ bn_check_top(xx);
+
+ BN_CTX_start(ctx);
+ if ((field = BN_CTX_get(ctx)) == NULL) goto err;
+ if (!BN_GF2m_arr2poly(p, field)) goto err;
+
+ ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+ bn_check_top(r);
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+
+/* Compute the bth power of a, reduce modulo p, and store
+ * the result in r. r could be a.
+ * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+ {
+ int ret = 0, i, n;
+ BIGNUM *u;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (BN_is_zero(b))
+ return(BN_one(r));
+
+ if (BN_abs_is_word(b, 1))
+ return (BN_copy(r, a) != NULL);
+
+ BN_CTX_start(ctx);
+ if ((u = BN_CTX_get(ctx)) == NULL) goto err;
+
+ if (!BN_GF2m_mod_arr(u, a, p)) goto err;
+
+ n = BN_num_bits(b) - 1;
+ for (i = n - 1; i >= 0; i--)
+ {
+ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
+ if (BN_is_bit_set(b, i))
+ {
+ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
+ }
+ }
+ if (!BN_copy(r, u)) goto err;
+ bn_check_top(r);
+ ret = 1;
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Compute the bth power of a, reduce modulo p, and store
+ * the result in r. r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+/* Compute the square root of a, reduce modulo p, and store
+ * the result in r. r could be a.
+ * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+ {
+ int ret = 0;
+ BIGNUM *u;
+
+ bn_check_top(a);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ if ((u = BN_CTX_get(ctx)) == NULL) goto err;
+
+ if (!BN_set_bit(u, p[0] - 1)) goto err;
+ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+ bn_check_top(r);
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Compute the square root of a, reduce modulo p, and store
+ * the result in r. r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
+ * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
+ {
+ int ret = 0, count = 0;
+ unsigned int j;
+ BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+ bn_check_top(a_);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ z = BN_CTX_get(ctx);
+ w = BN_CTX_get(ctx);
+ if (w == NULL) goto err;
+
+ if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
+
+ if (BN_is_zero(a))
+ {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ if (p[0] & 0x1) /* m is odd */
+ {
+ /* compute half-trace of a */
+ if (!BN_copy(z, a)) goto err;
+ for (j = 1; j <= (p[0] - 1) / 2; j++)
+ {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+ if (!BN_GF2m_add(z, z, a)) goto err;
+ }
+
+ }
+ else /* m is even */
+ {
+ rho = BN_CTX_get(ctx);
+ w2 = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL) goto err;
+ do
+ {
+ if (!BN_rand(rho, p[0], 0, 0)) goto err;
+ if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
+ BN_zero(z);
+ if (!BN_copy(w, rho)) goto err;
+ for (j = 1; j <= p[0] - 1; j++)
+ {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
+ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
+ if (!BN_GF2m_add(z, z, tmp)) goto err;
+ if (!BN_GF2m_add(w, w2, rho)) goto err;
+ }
+ count++;
+ } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+ if (BN_is_zero(w))
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
+ goto err;
+ }
+ }
+
+ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
+ if (!BN_GF2m_add(w, z, w)) goto err;
+ if (BN_GF2m_cmp(w, a))
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+ goto err;
+ }
+
+ if (!BN_copy(r, z)) goto err;
+ bn_check_top(r);
+
+ ret = 1;
+
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
+ *
+ * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
+ max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+ bn_check_top(r);
+err:
+ if (arr) OPENSSL_free(arr);
+ return ret;
+ }
+
+/* Convert the bit-string representation of a polynomial
+ * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array
+ * of integers corresponding to the bits with non-zero coefficient.
+ * Up to max elements of the array will be filled. Return value is total
+ * number of coefficients that would be extracted if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
+ {
+ int i, j, k = 0;
+ BN_ULONG mask;
+
+ if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
+ /* a_0 == 0 => return error (the unsigned int array
+ * must be terminated by 0)
+ */
+ return 0;
+
+ for (i = a->top - 1; i >= 0; i--)
+ {
+ if (!a->d[i])
+ /* skip word if a->d[i] == 0 */
+ continue;
+ mask = BN_TBIT;
+ for (j = BN_BITS2 - 1; j >= 0; j--)
+ {
+ if (a->d[i] & mask)
+ {
+ if (k < max) p[k] = BN_BITS2 * i + j;
+ k++;
+ }
+ mask >>= 1;
+ }
+ }
+
+ return k;
+ }
+
+/* Convert the coefficient array representation of a polynomial to a
+ * bit-string. The array must be terminated by 0.
+ */
+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
+ {
+ int i;
+
+ bn_check_top(a);
+ BN_zero(a);
+ for (i = 0; p[i] != 0; i++)
+ {
+ if (BN_set_bit(a, p[i]) == 0)
+ return 0;
+ }
+ BN_set_bit(a, 0);
+ bn_check_top(a);
+
+ return 1;
+ }
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
Added: vendor-crypto/openssl/dist/crypto/bn/bn_kron.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_kron.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_kron.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,184 @@
+/* crypto/bn/bn_kron.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+ {
+ int i;
+ int ret = -2; /* avoid 'uninitialized' warning */
+ int err = 0;
+ BIGNUM *A, *B, *tmp;
+ /* In 'tab', only odd-indexed entries are relevant:
+ * For any odd BIGNUM n,
+ * tab[BN_lsw(n) & 7]
+ * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+ * Note that the sign of n does not matter.
+ */
+ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ if (B == NULL) goto end;
+
+ err = !BN_copy(A, a);
+ if (err) goto end;
+ err = !BN_copy(B, b);
+ if (err) goto end;
+
+ /*
+ * Kronecker symbol, imlemented according to Henri Cohen,
+ * "A Course in Computational Algebraic Number Theory"
+ * (algorithm 1.4.10).
+ */
+
+ /* Cohen's step 1: */
+
+ if (BN_is_zero(B))
+ {
+ ret = BN_abs_is_word(A, 1);
+ goto end;
+ }
+
+ /* Cohen's step 2: */
+
+ if (!BN_is_odd(A) && !BN_is_odd(B))
+ {
+ ret = 0;
+ goto end;
+ }
+
+ /* now B is non-zero */
+ i = 0;
+ while (!BN_is_bit_set(B, i))
+ i++;
+ err = !BN_rshift(B, B, i);
+ if (err) goto end;
+ if (i & 1)
+ {
+ /* i is odd */
+ /* (thus B was even, thus A must be odd!) */
+
+ /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+ ret = tab[BN_lsw(A) & 7];
+ }
+ else
+ {
+ /* i is even */
+ ret = 1;
+ }
+
+ if (B->neg)
+ {
+ B->neg = 0;
+ if (A->neg)
+ ret = -ret;
+ }
+
+ /* now B is positive and odd, so what remains to be done is
+ * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
+
+ while (1)
+ {
+ /* Cohen's step 3: */
+
+ /* B is positive and odd */
+
+ if (BN_is_zero(A))
+ {
+ ret = BN_is_one(B) ? ret : 0;
+ goto end;
+ }
+
+ /* now A is non-zero */
+ i = 0;
+ while (!BN_is_bit_set(A, i))
+ i++;
+ err = !BN_rshift(A, A, i);
+ if (err) goto end;
+ if (i & 1)
+ {
+ /* i is odd */
+ /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
+ ret = ret * tab[BN_lsw(B) & 7];
+ }
+
+ /* Cohen's step 4: */
+ /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
+ if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+ ret = -ret;
+
+ /* (A, B) := (B mod |A|, |A|) */
+ err = !BN_nnmod(B, B, A, ctx);
+ if (err) goto end;
+ tmp = A; A = B; B = tmp;
+ tmp->neg = 0;
+ }
+end:
+ BN_CTX_end(ctx);
+ if (err)
+ return -2;
+ else
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,490 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_BN_LCL_H
+#define HEADER_BN_LCL_H
+
+#include <openssl/bn.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ * 2^(w-1) + (b-w)/(w+1);
+ *
+ * here 2^(w-1) is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1) is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ * w >= 6 if b > 671
+ * w = 5 if 671 > b > 239
+ * w = 4 if 239 > b > 79
+ * w = 3 if 79 > b > 23
+ * w <= 2 if 23 > b
+ *
+ * (with draws in between). Very small exponents are often selected
+ * with low Hamming weight, so we use w = 1 for b <= 23.
+ */
+#if 1
+#define BN_window_bits_for_exponent_size(b) \
+ ((b) > 671 ? 6 : \
+ (b) > 239 ? 5 : \
+ (b) > 79 ? 4 : \
+ (b) > 23 ? 3 : 1)
+#else
+/* Old SSLeay/OpenSSL table.
+ * Maximum window size was 5, so this table differs for b==1024;
+ * but it coincides for other interesting values (b==160, b==512).
+ */
+#define BN_window_bits_for_exponent_size(b) \
+ ((b) > 255 ? 5 : \
+ (b) > 127 ? 4 : \
+ (b) > 17 ? 3 : 1)
+#endif
+
+
+
+/* BN_mod_exp_mont_conttime is based on the assumption that the
+ * L1 data cache line width of the target processor is at least
+ * the following value.
+ */
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/* Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime).
+ *
+ * To achieve the security goals of BN_mode_exp_mont_consttime, the
+ * maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
+ *
+ * Window size thresholds are defined for cache line sizes of 32 and 64,
+ * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
+ * window size of 7 should only be used on processors that have a 128
+ * byte or greater cache line size.
+ */
+#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 937 ? 6 : \
+ (b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
+
+#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
+
+#endif
+
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha 16,16,16,16.64 */
+#define BN_MULL_SIZE_NORMAL (16) /* 32 */
+#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */
+#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */
+#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */
+#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */
+
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ *
+ * No, I'm not trying to overwhelm you when stating that the
+ * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
+ * you to be impressed when I say that if the compiler doesn't
+ * support 2*N integer type, then you have to replace every N*N
+ * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
+ * and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of
+ * producing 2*N result... That's when you normally start
+ * considering assembler implementation. However! It should be
+ * pointed out that some CPUs (most notably Alpha, PowerPC and
+ * upcoming IA-64 family:-) provide *separate* instruction
+ * calculating the upper half of the product placing the result
+ * into a general purpose register. Now *if* the compiler supports
+ * inline assembler, then it's not impossible to implement the
+ * "bignum" routines (and have the compiler optimize 'em)
+ * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
+ * macro is about:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+# if defined(__DECC)
+# include <c_asm.h>
+# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+# elif defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret; \
+ asm ("umulh %1,%2,%0" \
+ : "=r"(ret) \
+ : "r"(a), "r"(b)); \
+ ret; })
+# endif /* compiler */
+# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+# if defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret; \
+ asm ("mulhdu %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a), "r"(b)); \
+ ret; })
+# endif /* compiler */
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+# if defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret,discard; \
+ asm ("mulq %3" \
+ : "=a"(discard),"=d"(ret) \
+ : "a"(a), "g"(b) \
+ : "cc"); \
+ ret; })
+# define BN_UMULT_LOHI(low,high,a,b) \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(a),"g"(b) \
+ : "cc");
+# endif
+# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+# if defined(_MSC_VER) && _MSC_VER>=1400
+ unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b);
+ unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b,
+ unsigned __int64 *h);
+# pragma intrinsic(__umulh,_umul128)
+# define BN_UMULT_HIGH(a,b) __umulh((a),(b))
+# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
+# endif
+# endif /* cpu */
+#endif /* OPENSSL_NO_ASM */
+
+/*************************************************************
+ * Using the long long type
+ */
+#define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
+#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+#ifdef BN_DEBUG_RAND
+#define bn_clear_top2max(a) \
+ { \
+ int ind = (a)->dmax - (a)->top; \
+ BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+ for (; ind != 0; ind--) \
+ *(++ftl) = 0x0; \
+ }
+#else
+#define bn_clear_top2max(a)
+#endif
+
+#ifdef BN_LLONG
+#define mul_add(r,a,w,c) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)w * (a) + (r) + (c); \
+ (r)= Lw(t); \
+ (c)= Hw(t); \
+ }
+
+#define mul(r,a,w,c) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)w * (a) + (c); \
+ (r)= Lw(t); \
+ (c)= Hw(t); \
+ }
+
+#define sqr(r0,r1,a) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)(a)*(a); \
+ (r0)=Lw(t); \
+ (r1)=Hw(t); \
+ }
+
+#elif defined(BN_UMULT_LOHI)
+#define mul_add(r,a,w,c) { \
+ BN_ULONG high,low,ret,tmp=(a); \
+ ret = (r); \
+ BN_UMULT_LOHI(low,high,w,tmp); \
+ ret += (c); \
+ (c) = (ret<(c))?1:0; \
+ (c) += high; \
+ ret += low; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+#define mul(r,a,w,c) { \
+ BN_ULONG high,low,ret,ta=(a); \
+ BN_UMULT_LOHI(low,high,w,ta); \
+ ret = low + (c); \
+ (c) = high; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+#define sqr(r0,r1,a) { \
+ BN_ULONG tmp=(a); \
+ BN_UMULT_LOHI(r0,r1,tmp,tmp); \
+ }
+
+#elif defined(BN_UMULT_HIGH)
+#define mul_add(r,a,w,c) { \
+ BN_ULONG high,low,ret,tmp=(a); \
+ ret = (r); \
+ high= BN_UMULT_HIGH(w,tmp); \
+ ret += (c); \
+ low = (w) * tmp; \
+ (c) = (ret<(c))?1:0; \
+ (c) += high; \
+ ret += low; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+#define mul(r,a,w,c) { \
+ BN_ULONG high,low,ret,ta=(a); \
+ low = (w) * ta; \
+ high= BN_UMULT_HIGH(w,ta); \
+ ret = low + (c); \
+ (c) = high; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+#define sqr(r0,r1,a) { \
+ BN_ULONG tmp=(a); \
+ (r0) = tmp * tmp; \
+ (r1) = BN_UMULT_HIGH(tmp,tmp); \
+ }
+
+#else
+/*************************************************************
+ * No long long type
+ */
+
+#define LBITS(a) ((a)&BN_MASK2l)
+#define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
+#define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2)
+
+#define LLBITS(a) ((a)&BN_MASKl)
+#define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
+#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+#define mul64(l,h,bl,bh) \
+ { \
+ BN_ULONG m,m1,lt,ht; \
+ \
+ lt=l; \
+ ht=h; \
+ m =(bh)*(lt); \
+ lt=(bl)*(lt); \
+ m1=(bl)*(ht); \
+ ht =(bh)*(ht); \
+ m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+ ht+=HBITS(m); \
+ m1=L2HBITS(m); \
+ lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+ (l)=lt; \
+ (h)=ht; \
+ }
+
+#define sqr64(lo,ho,in) \
+ { \
+ BN_ULONG l,h,m; \
+ \
+ h=(in); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ m =(l)*(h); \
+ l*=l; \
+ h*=h; \
+ h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+ m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+ l=(l+m)&BN_MASK2; if (l < m) h++; \
+ (lo)=l; \
+ (ho)=h; \
+ }
+
+#define mul_add(r,a,bl,bh,c) { \
+ BN_ULONG l,h; \
+ \
+ h= (a); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ mul64(l,h,(bl),(bh)); \
+ \
+ /* non-multiply part */ \
+ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+ (c)=(r); \
+ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+ (c)=h&BN_MASK2; \
+ (r)=l; \
+ }
+
+#define mul(r,a,bl,bh,c) { \
+ BN_ULONG l,h; \
+ \
+ h= (a); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ mul64(l,h,(bl),(bh)); \
+ \
+ /* non-multiply part */ \
+ l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+ (c)=h&BN_MASK2; \
+ (r)=l&BN_MASK2; \
+ }
+#endif /* !BN_LLONG */
+
+void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
+void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+ int dna,int dnb,BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
+ int n,int tna,int tnb,BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+ BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+ BN_ULONG *t);
+BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,835 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+
+/* This stuff appears to be completely unused, so is deprecated */
+#ifndef OPENSSL_NO_DEPRECATED
+/* For a 32 bit machine
+ * 2 - 4 == 128
+ * 3 - 8 == 256
+ * 4 - 16 == 512
+ * 5 - 32 == 1024
+ * 6 - 64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits=0;
+static int bn_limit_num=8; /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low=0;
+static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high=0;
+static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont=0;
+static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+ {
+ if (mult >= 0)
+ {
+ if (mult > (int)(sizeof(int)*8)-1)
+ mult=sizeof(int)*8-1;
+ bn_limit_bits=mult;
+ bn_limit_num=1<<mult;
+ }
+ if (high >= 0)
+ {
+ if (high > (int)(sizeof(int)*8)-1)
+ high=sizeof(int)*8-1;
+ bn_limit_bits_high=high;
+ bn_limit_num_high=1<<high;
+ }
+ if (low >= 0)
+ {
+ if (low > (int)(sizeof(int)*8)-1)
+ low=sizeof(int)*8-1;
+ bn_limit_bits_low=low;
+ bn_limit_num_low=1<<low;
+ }
+ if (mont >= 0)
+ {
+ if (mont > (int)(sizeof(int)*8)-1)
+ mont=sizeof(int)*8-1;
+ bn_limit_bits_mont=mont;
+ bn_limit_num_mont=1<<mont;
+ }
+ }
+
+int BN_get_params(int which)
+ {
+ if (which == 0) return(bn_limit_bits);
+ else if (which == 1) return(bn_limit_bits_high);
+ else if (which == 2) return(bn_limit_bits_low);
+ else if (which == 3) return(bn_limit_bits_mont);
+ else return(0);
+ }
+#endif
+
+const BIGNUM *BN_value_one(void)
+ {
+ static BN_ULONG data_one=1L;
+ static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
+
+ return(&const_one);
+ }
+
+int BN_num_bits_word(BN_ULONG l)
+ {
+ static const char bits[256]={
+ 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
+ 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
+ 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+ 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ };
+
+#if defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffffffff00000000L)
+ {
+ if (l & 0xffff000000000000L)
+ {
+ if (l & 0xff00000000000000L)
+ {
+ return(bits[(int)(l>>56)]+56);
+ }
+ else return(bits[(int)(l>>48)]+48);
+ }
+ else
+ {
+ if (l & 0x0000ff0000000000L)
+ {
+ return(bits[(int)(l>>40)]+40);
+ }
+ else return(bits[(int)(l>>32)]+32);
+ }
+ }
+ else
+#else
+#ifdef SIXTY_FOUR_BIT
+ if (l & 0xffffffff00000000LL)
+ {
+ if (l & 0xffff000000000000LL)
+ {
+ if (l & 0xff00000000000000LL)
+ {
+ return(bits[(int)(l>>56)]+56);
+ }
+ else return(bits[(int)(l>>48)]+48);
+ }
+ else
+ {
+ if (l & 0x0000ff0000000000LL)
+ {
+ return(bits[(int)(l>>40)]+40);
+ }
+ else return(bits[(int)(l>>32)]+32);
+ }
+ }
+ else
+#endif
+#endif
+ {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffff0000L)
+ {
+ if (l & 0xff000000L)
+ return(bits[(int)(l>>24L)]+24);
+ else return(bits[(int)(l>>16L)]+16);
+ }
+ else
+#endif
+ {
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xff00L)
+ return(bits[(int)(l>>8)]+8);
+ else
+#endif
+ return(bits[(int)(l )] );
+ }
+ }
+ }
+
+int BN_num_bits(const BIGNUM *a)
+ {
+ int i = a->top - 1;
+ bn_check_top(a);
+
+ if (BN_is_zero(a)) return 0;
+ return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
+ }
+
+void BN_clear_free(BIGNUM *a)
+ {
+ int i;
+
+ if (a == NULL) return;
+ bn_check_top(a);
+ if (a->d != NULL)
+ {
+ OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+ if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ }
+ i=BN_get_flags(a,BN_FLG_MALLOCED);
+ OPENSSL_cleanse(a,sizeof(BIGNUM));
+ if (i)
+ OPENSSL_free(a);
+ }
+
+void BN_free(BIGNUM *a)
+ {
+ if (a == NULL) return;
+ bn_check_top(a);
+ if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ if (a->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(a);
+ else
+ {
+#ifndef OPENSSL_NO_DEPRECATED
+ a->flags|=BN_FLG_FREE;
+#endif
+ a->d = NULL;
+ }
+ }
+
+void BN_init(BIGNUM *a)
+ {
+ memset(a,0,sizeof(BIGNUM));
+ bn_check_top(a);
+ }
+
+BIGNUM *BN_new(void)
+ {
+ BIGNUM *ret;
+
+ if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
+ {
+ BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->flags=BN_FLG_MALLOCED;
+ ret->top=0;
+ ret->neg=0;
+ ret->dmax=0;
+ ret->d=NULL;
+ bn_check_top(ret);
+ return(ret);
+ }
+
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+ {
+ BN_ULONG *A,*a = NULL;
+ const BN_ULONG *B;
+ int i;
+
+ bn_check_top(b);
+
+ if (words > (INT_MAX/(4*BN_BITS2)))
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+ return NULL;
+ }
+ if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return(NULL);
+ }
+ a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
+ if (A == NULL)
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
+#if 1
+ B=b->d;
+ /* Check if the previous number needs to be copied */
+ if (B != NULL)
+ {
+ for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+ {
+ /*
+ * The fact that the loop is unrolled
+ * 4-wise is a tribute to Intel. It's
+ * the one that doesn't have enough
+ * registers to accomodate more data.
+ * I'd unroll it 8-wise otherwise:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+ BN_ULONG a0,a1,a2,a3;
+ a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+ A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+ }
+ switch (b->top&3)
+ {
+ case 3: A[2]=B[2];
+ case 2: A[1]=B[1];
+ case 1: A[0]=B[0];
+ case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
+ * the switch table by doing a=top&3; a--; goto jump_table[a];
+ * which fails for top== 0 */
+ ;
+ }
+ }
+
+#else
+ memset(A,0,sizeof(BN_ULONG)*words);
+ memcpy(A,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+ return(a);
+ }
+
+/* This is an internal function that can be used instead of bn_expand2()
+ * when there is a need to copy BIGNUMs instead of only expanding the
+ * data part, while still expanding them.
+ * Especially useful when needing to expand BIGNUMs that are declared
+ * 'const' and should therefore not be changed.
+ * The reason to use this instead of a BN_dup() followed by a bn_expand2()
+ * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
+ * will allocate new memory for the BIGNUM data twice, and free it once,
+ * while bn_dup_expand() makes sure allocation is made only once.
+ */
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+ {
+ BIGNUM *r = NULL;
+
+ bn_check_top(b);
+
+ /* This function does not work if
+ * words <= b->dmax && top < words
+ * because BN_dup() does not preserve 'dmax'!
+ * (But bn_dup_expand() is not used anywhere yet.)
+ */
+
+ if (words > b->dmax)
+ {
+ BN_ULONG *a = bn_expand_internal(b, words);
+
+ if (a)
+ {
+ r = BN_new();
+ if (r)
+ {
+ r->top = b->top;
+ r->dmax = words;
+ r->neg = b->neg;
+ r->d = a;
+ }
+ else
+ {
+ /* r == NULL, BN_new failure */
+ OPENSSL_free(a);
+ }
+ }
+ /* If a == NULL, there was an error in allocation in
+ bn_expand_internal(), and NULL should be returned */
+ }
+ else
+ {
+ r = BN_dup(b);
+ }
+
+ bn_check_top(r);
+ return r;
+ }
+#endif
+
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number
+ * and initialises any unused part of b->d with leading zeros.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+ {
+ bn_check_top(b);
+
+ if (words > b->dmax)
+ {
+ BN_ULONG *a = bn_expand_internal(b, words);
+ if(!a) return NULL;
+ if(b->d) OPENSSL_free(b->d);
+ b->d=a;
+ b->dmax=words;
+ }
+
+/* None of this should be necessary because of what b->top means! */
+#if 0
+ /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
+ if (b->top < b->dmax)
+ {
+ int i;
+ BN_ULONG *A = &(b->d[b->top]);
+ for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
+ {
+ A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+ A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+ }
+ for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+ A[0]=0;
+ assert(A == &(b->d[b->dmax]));
+ }
+#endif
+ bn_check_top(b);
+ return b;
+ }
+
+BIGNUM *BN_dup(const BIGNUM *a)
+ {
+ BIGNUM *t;
+
+ if (a == NULL) return NULL;
+ bn_check_top(a);
+
+ t = BN_new();
+ if (t == NULL) return NULL;
+ if(!BN_copy(t, a))
+ {
+ BN_free(t);
+ return NULL;
+ }
+ bn_check_top(t);
+ return t;
+ }
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ BN_ULONG *A;
+ const BN_ULONG *B;
+
+ bn_check_top(b);
+
+ if (a == b) return(a);
+ if (bn_wexpand(a,b->top) == NULL) return(NULL);
+
+#if 1
+ A=a->d;
+ B=b->d;
+ for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+ {
+ BN_ULONG a0,a1,a2,a3;
+ a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+ A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+ }
+ switch (b->top&3)
+ {
+ case 3: A[2]=B[2];
+ case 2: A[1]=B[1];
+ case 1: A[0]=B[0];
+ case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+ }
+#else
+ memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+ a->top=b->top;
+ a->neg=b->neg;
+ bn_check_top(a);
+ return(a);
+ }
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+ {
+ int flags_old_a, flags_old_b;
+ BN_ULONG *tmp_d;
+ int tmp_top, tmp_dmax, tmp_neg;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ flags_old_a = a->flags;
+ flags_old_b = b->flags;
+
+ tmp_d = a->d;
+ tmp_top = a->top;
+ tmp_dmax = a->dmax;
+ tmp_neg = a->neg;
+
+ a->d = b->d;
+ a->top = b->top;
+ a->dmax = b->dmax;
+ a->neg = b->neg;
+
+ b->d = tmp_d;
+ b->top = tmp_top;
+ b->dmax = tmp_dmax;
+ b->neg = tmp_neg;
+
+ a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+ b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+ bn_check_top(a);
+ bn_check_top(b);
+ }
+
+void BN_clear(BIGNUM *a)
+ {
+ bn_check_top(a);
+ if (a->d != NULL)
+ memset(a->d,0,a->dmax*sizeof(a->d[0]));
+ a->top=0;
+ a->neg=0;
+ }
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+ {
+ if (a->top > 1)
+ return BN_MASK2;
+ else if (a->top == 1)
+ return a->d[0];
+ /* a->top == 0 */
+ return 0;
+ }
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+ {
+ bn_check_top(a);
+ if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
+ a->neg = 0;
+ a->d[0] = w;
+ a->top = (w ? 1 : 0);
+ bn_check_top(a);
+ return(1);
+ }
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+ {
+ unsigned int i,m;
+ unsigned int n;
+ BN_ULONG l;
+ BIGNUM *bn = NULL;
+
+ if (ret == NULL)
+ ret = bn = BN_new();
+ if (ret == NULL) return(NULL);
+ bn_check_top(ret);
+ l=0;
+ n=len;
+ if (n == 0)
+ {
+ ret->top=0;
+ return(ret);
+ }
+ i=((n-1)/BN_BYTES)+1;
+ m=((n-1)%(BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL)
+ {
+ if (bn) BN_free(bn);
+ return NULL;
+ }
+ ret->top=i;
+ ret->neg=0;
+ while (n--)
+ {
+ l=(l<<8L)| *(s++);
+ if (m-- == 0)
+ {
+ ret->d[--i]=l;
+ l=0;
+ m=BN_BYTES-1;
+ }
+ }
+ /* need to call this due to clear byte at top if avoiding
+ * having the top bit set (-ve number) */
+ bn_correct_top(ret);
+ return(ret);
+ }
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+ {
+ int n,i;
+ BN_ULONG l;
+
+ bn_check_top(a);
+ n=i=BN_num_bytes(a);
+ while (i--)
+ {
+ l=a->d[i/BN_BYTES];
+ *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+ }
+ return(n);
+ }
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ BN_ULONG t1,t2,*ap,*bp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ i=a->top-b->top;
+ if (i != 0) return(i);
+ ap=a->d;
+ bp=b->d;
+ for (i=a->top-1; i>=0; i--)
+ {
+ t1= ap[i];
+ t2= bp[i];
+ if (t1 != t2)
+ return((t1 > t2) ? 1 : -1);
+ }
+ return(0);
+ }
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ int gt,lt;
+ BN_ULONG t1,t2;
+
+ if ((a == NULL) || (b == NULL))
+ {
+ if (a != NULL)
+ return(-1);
+ else if (b != NULL)
+ return(1);
+ else
+ return(0);
+ }
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->neg != b->neg)
+ {
+ if (a->neg)
+ return(-1);
+ else return(1);
+ }
+ if (a->neg == 0)
+ { gt=1; lt= -1; }
+ else { gt= -1; lt=1; }
+
+ if (a->top > b->top) return(gt);
+ if (a->top < b->top) return(lt);
+ for (i=a->top-1; i>=0; i--)
+ {
+ t1=a->d[i];
+ t2=b->d[i];
+ if (t1 > t2) return(gt);
+ if (t1 < t2) return(lt);
+ }
+ return(0);
+ }
+
+int BN_set_bit(BIGNUM *a, int n)
+ {
+ int i,j,k;
+
+ if (n < 0)
+ return 0;
+
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i)
+ {
+ if (bn_wexpand(a,i+1) == NULL) return(0);
+ for(k=a->top; k<i+1; k++)
+ a->d[k]=0;
+ a->top=i+1;
+ }
+
+ a->d[i]|=(((BN_ULONG)1)<<j);
+ bn_check_top(a);
+ return(1);
+ }
+
+int BN_clear_bit(BIGNUM *a, int n)
+ {
+ int i,j;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i) return(0);
+
+ a->d[i]&=(~(((BN_ULONG)1)<<j));
+ bn_correct_top(a);
+ return(1);
+ }
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+ {
+ int i,j;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i) return 0;
+ return(((a->d[i])>>j)&((BN_ULONG)1));
+ }
+
+int BN_mask_bits(BIGNUM *a, int n)
+ {
+ int b,w;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+
+ w=n/BN_BITS2;
+ b=n%BN_BITS2;
+ if (w >= a->top) return 0;
+ if (b == 0)
+ a->top=w;
+ else
+ {
+ a->top=w+1;
+ a->d[w]&= ~(BN_MASK2<<b);
+ }
+ bn_correct_top(a);
+ return(1);
+ }
+
+void BN_set_negative(BIGNUM *a, int b)
+ {
+ if (b && !BN_is_zero(a))
+ a->neg = 1;
+ else
+ a->neg = 0;
+ }
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+ {
+ int i;
+ BN_ULONG aa,bb;
+
+ aa=a[n-1];
+ bb=b[n-1];
+ if (aa != bb) return((aa > bb)?1:-1);
+ for (i=n-2; i>=0; i--)
+ {
+ aa=a[i];
+ bb=b[i];
+ if (aa != bb) return((aa > bb)?1:-1);
+ }
+ return(0);
+ }
+
+/* Here follows a specialised variants of bn_cmp_words(). It has the
+ property of performing the operation on arrays of different sizes.
+ The sizes of those arrays is expressed through cl, which is the
+ common length ( basicall, min(len(a),len(b)) ), and dl, which is the
+ delta between the two lengths, calculated as len(a)-len(b).
+ All lengths are the number of BN_ULONGs... */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+ {
+ int n,i;
+ n = cl-1;
+
+ if (dl < 0)
+ {
+ for (i=dl; i<0; i++)
+ {
+ if (b[n-i] != 0)
+ return -1; /* a < b */
+ }
+ }
+ if (dl > 0)
+ {
+ for (i=dl; i>0; i--)
+ {
+ if (a[n+i] != 0)
+ return 1; /* a > b */
+ }
+ }
+ return bn_cmp_words(a,b,cl);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_mod.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mod.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_mod.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,301 @@
+/* crypto/bn/bn_mod.c */
+/* Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+#if 0 /* now just a #define */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+ {
+ return(BN_div(NULL,rem,m,d,ctx));
+ /* note that rem->neg == m->neg (unless the remainder is zero) */
+ }
+#endif
+
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+ {
+ /* like BN_mod, but returns non-negative remainder
+ * (i.e., 0 <= r < |d| always holds) */
+
+ if (!(BN_mod(r,m,d,ctx)))
+ return 0;
+ if (!r->neg)
+ return 1;
+ /* now -|d| < r < 0, so we have to set r := r + |d| */
+ return (d->neg ? BN_sub : BN_add)(r, r, d);
+}
+
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+ {
+ if (!BN_add(r, a, b)) return 0;
+ return BN_nnmod(r, r, m, ctx);
+ }
+
+
+/* BN_mod_add variant that may be used if both a and b are non-negative
+ * and less than m */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+ {
+ if (!BN_uadd(r, a, b)) return 0;
+ if (BN_ucmp(r, m) >= 0)
+ return BN_usub(r, r, m);
+ return 1;
+ }
+
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+ {
+ if (!BN_sub(r, a, b)) return 0;
+ return BN_nnmod(r, r, m, ctx);
+ }
+
+
+/* BN_mod_sub variant that may be used if both a and b are non-negative
+ * and less than m */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+ {
+ if (!BN_sub(r, a, b)) return 0;
+ if (r->neg)
+ return BN_add(r, r, m);
+ return 1;
+ }
+
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+ {
+ BIGNUM *t;
+ int ret=0;
+
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(m);
+
+ BN_CTX_start(ctx);
+ if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+ if (a == b)
+ { if (!BN_sqr(t,a,ctx)) goto err; }
+ else
+ { if (!BN_mul(t,a,b,ctx)) goto err; }
+ if (!BN_nnmod(r,t,m,ctx)) goto err;
+ bn_check_top(r);
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+ {
+ if (!BN_sqr(r, a, ctx)) return 0;
+ /* r->neg == 0, thus we don't need BN_nnmod */
+ return BN_mod(r, r, m, ctx);
+ }
+
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+ {
+ if (!BN_lshift1(r, a)) return 0;
+ bn_check_top(r);
+ return BN_nnmod(r, r, m, ctx);
+ }
+
+
+/* BN_mod_lshift1 variant that may be used if a is non-negative
+ * and less than m */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+ {
+ if (!BN_lshift1(r, a)) return 0;
+ bn_check_top(r);
+ if (BN_cmp(r, m) >= 0)
+ return BN_sub(r, r, m);
+ return 1;
+ }
+
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+ {
+ BIGNUM *abs_m = NULL;
+ int ret;
+
+ if (!BN_nnmod(r, a, m, ctx)) return 0;
+
+ if (m->neg)
+ {
+ abs_m = BN_dup(m);
+ if (abs_m == NULL) return 0;
+ abs_m->neg = 0;
+ }
+
+ ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+ bn_check_top(r);
+
+ if (abs_m)
+ BN_free(abs_m);
+ return ret;
+ }
+
+
+/* BN_mod_lshift variant that may be used if a is non-negative
+ * and less than m */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+ {
+ if (r != a)
+ {
+ if (BN_copy(r, a) == NULL) return 0;
+ }
+
+ while (n > 0)
+ {
+ int max_shift;
+
+ /* 0 < r < m */
+ max_shift = BN_num_bits(m) - BN_num_bits(r);
+ /* max_shift >= 0 */
+
+ if (max_shift < 0)
+ {
+ BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+ return 0;
+ }
+
+ if (max_shift > n)
+ max_shift = n;
+
+ if (max_shift)
+ {
+ if (!BN_lshift(r, r, max_shift)) return 0;
+ n -= max_shift;
+ }
+ else
+ {
+ if (!BN_lshift1(r, r)) return 0;
+ --n;
+ }
+
+ /* BN_num_bits(r) <= BN_num_bits(m) */
+
+ if (BN_cmp(r, m) >= 0)
+ {
+ if (!BN_sub(r, r, m)) return 0;
+ }
+ }
+ bn_check_top(r);
+
+ return 1;
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_mont.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mont.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_mont.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,738 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD /* use the faster word-based algorithm */
+
+#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+/* This condition means we have a specific non-default build:
+ * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
+ * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
+ * I.e., if we are here, the user intentionally deviates from the
+ * normal stable build to get better Montgomery performance from
+ * the 0.9.9-dev backport.
+ *
+ * In this case only, we also enable BN_from_montgomery_word()
+ * (another non-stable feature from 0.9.9-dev).
+ */
+#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#endif
+
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+#endif
+
+
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
+ {
+ BIGNUM *tmp;
+ int ret=0;
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+ int num = mont->N.top;
+
+ if (num>1 && a->top==num && b->top==num)
+ {
+ if (bn_wexpand(r,num) == NULL) return(0);
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
+#else
+ if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
+#endif
+ {
+ r->neg = a->neg^b->neg;
+ r->top = num;
+ bn_correct_top(r);
+ return(1);
+ }
+ }
+#endif
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL) goto err;
+
+ bn_check_top(tmp);
+ if (a == b)
+ {
+ if (!BN_sqr(tmp,a,ctx)) goto err;
+ }
+ else
+ {
+ if (!BN_mul(tmp,a,b,ctx)) goto err;
+ }
+ /* reduce from aRR to aR */
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+ if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
+#else
+ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+#endif
+ bn_check_top(r);
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+ {
+ BIGNUM *n;
+ BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+ int al,nl,max,i,x,ri;
+
+ n= &(mont->N);
+ /* mont->ri is the size of mont->N in bits (rounded up
+ to the word size) */
+ al=ri=mont->ri/BN_BITS2;
+
+ nl=n->top;
+ if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
+
+ max=(nl+al+1); /* allow for overflow (no?) XXX */
+ if (bn_wexpand(r,max) == NULL) return(0);
+
+ r->neg^=n->neg;
+ np=n->d;
+ rp=r->d;
+ nrp= &(r->d[nl]);
+
+ /* clear the top words of T */
+ for (i=r->top; i<max; i++) /* memset? XXX */
+ r->d[i]=0;
+
+ r->top=max;
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ n0=mont->n0[0];
+#else
+ n0=mont->n0;
+#endif
+
+#ifdef BN_COUNT
+ fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
+#endif
+ for (i=0; i<nl; i++)
+ {
+#ifdef __TANDEM
+ {
+ long long t1;
+ long long t2;
+ long long t3;
+ t1 = rp[0] * (n0 & 0177777);
+ t2 = 037777600000l;
+ t2 = n0 & t2;
+ t3 = rp[0] & 0177777;
+ t2 = (t3 * t2) & BN_MASK2;
+ t1 = t1 + t2;
+ v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
+ }
+#else
+ v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
+ nrp++;
+ rp++;
+ if (((nrp[-1]+=v)&BN_MASK2) >= v)
+ continue;
+ else
+ {
+ if (((++nrp[0])&BN_MASK2) != 0) continue;
+ if (((++nrp[1])&BN_MASK2) != 0) continue;
+ for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
+ }
+ }
+ bn_correct_top(r);
+
+ /* mont->ri will be a multiple of the word size and below code
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
+ if (r->top <= ri)
+ {
+ ret->top=0;
+ return(1);
+ }
+ al=r->top-ri;
+
+ if (bn_wexpand(ret,ri) == NULL) return(0);
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
+ ret->neg=r->neg;
+
+ rp=ret->d;
+ ap=&(r->d[ri]);
+
+ {
+ size_t m1,m2;
+
+ v=bn_sub_words(rp,ap,np,ri);
+ /* this ----------------^^ works even in al<ri case
+ * thanks to zealous zeroing of top of the vector in the
+ * beginning. */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /* in other words if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
+ m1|=m2; /* (al!=ri) */
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+ }
+
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
+ * though it results in redundant copy in al<ri case. */
+ for (i=0,ri-=4; i<ri; i+=4)
+ {
+ BN_ULONG t1,t2,t3,t4;
+
+ t1=nrp[i+0];
+ t2=nrp[i+1];
+ t3=nrp[i+2]; ap[i+0]=0;
+ t4=nrp[i+3]; ap[i+1]=0;
+ rp[i+0]=t1; ap[i+2]=0;
+ rp[i+1]=t2; ap[i+3]=0;
+ rp[i+2]=t3;
+ rp[i+3]=t4;
+ }
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
+ bn_check_top(ret);
+
+ return(1);
+ }
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
+ {
+ int retn=0;
+ BIGNUM *t;
+
+ BN_CTX_start(ctx);
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
+ retn = BN_from_montgomery_word(ret,t,mont);
+ BN_CTX_end(ctx);
+ return retn;
+ }
+
+#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
+ {
+ int retn=0;
+
+#ifdef MONT_WORD
+ BIGNUM *n,*r;
+ BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+ int al,nl,max,i,x,ri;
+
+ BN_CTX_start(ctx);
+ if ((r = BN_CTX_get(ctx)) == NULL) goto err;
+
+ if (!BN_copy(r,a)) goto err;
+ n= &(mont->N);
+
+ ap=a->d;
+ /* mont->ri is the size of mont->N in bits (rounded up
+ to the word size) */
+ al=ri=mont->ri/BN_BITS2;
+
+ nl=n->top;
+ if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+
+ max=(nl+al+1); /* allow for overflow (no?) XXX */
+ if (bn_wexpand(r,max) == NULL) goto err;
+
+ r->neg=a->neg^n->neg;
+ np=n->d;
+ rp=r->d;
+ nrp= &(r->d[nl]);
+
+ /* clear the top words of T */
+#if 1
+ for (i=r->top; i<max; i++) /* memset? XXX */
+ r->d[i]=0;
+#else
+ memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
+#endif
+
+ r->top=max;
+ n0=mont->n0;
+
+#ifdef BN_COUNT
+ fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
+#endif
+ for (i=0; i<nl; i++)
+ {
+#ifdef __TANDEM
+ {
+ long long t1;
+ long long t2;
+ long long t3;
+ t1 = rp[0] * (n0 & 0177777);
+ t2 = 037777600000l;
+ t2 = n0 & t2;
+ t3 = rp[0] & 0177777;
+ t2 = (t3 * t2) & BN_MASK2;
+ t1 = t1 + t2;
+ v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
+ }
+#else
+ v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
+ nrp++;
+ rp++;
+ if (((nrp[-1]+=v)&BN_MASK2) >= v)
+ continue;
+ else
+ {
+ if (((++nrp[0])&BN_MASK2) != 0) continue;
+ if (((++nrp[1])&BN_MASK2) != 0) continue;
+ for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
+ }
+ }
+ bn_correct_top(r);
+
+ /* mont->ri will be a multiple of the word size and below code
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
+ if (r->top <= ri)
+ {
+ ret->top=0;
+ retn=1;
+ goto err;
+ }
+ al=r->top-ri;
+
+# define BRANCH_FREE 1
+# if BRANCH_FREE
+ if (bn_wexpand(ret,ri) == NULL) goto err;
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
+ ret->neg=r->neg;
+
+ rp=ret->d;
+ ap=&(r->d[ri]);
+
+ {
+ size_t m1,m2;
+
+ v=bn_sub_words(rp,ap,np,ri);
+ /* this ----------------^^ works even in al<ri case
+ * thanks to zealous zeroing of top of the vector in the
+ * beginning. */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /* in other words if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
+ m1|=m2; /* (al!=ri) */
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+ }
+
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
+ * though it results in redundant copy in al<ri case. */
+ for (i=0,ri-=4; i<ri; i+=4)
+ {
+ BN_ULONG t1,t2,t3,t4;
+
+ t1=nrp[i+0];
+ t2=nrp[i+1];
+ t3=nrp[i+2]; ap[i+0]=0;
+ t4=nrp[i+3]; ap[i+1]=0;
+ rp[i+0]=t1; ap[i+2]=0;
+ rp[i+1]=t2; ap[i+3]=0;
+ rp[i+2]=t3;
+ rp[i+3]=t4;
+ }
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
+# else
+ if (bn_wexpand(ret,al) == NULL) goto err;
+ ret->top=al;
+ ret->neg=r->neg;
+
+ rp=ret->d;
+ ap=&(r->d[ri]);
+ al-=4;
+ for (i=0; i<al; i+=4)
+ {
+ BN_ULONG t1,t2,t3,t4;
+
+ t1=ap[i+0];
+ t2=ap[i+1];
+ t3=ap[i+2];
+ t4=ap[i+3];
+ rp[i+0]=t1;
+ rp[i+1]=t2;
+ rp[i+2]=t3;
+ rp[i+3]=t4;
+ }
+ al+=4;
+ for (; i<al; i++)
+ rp[i]=ap[i];
+# endif
+#else /* !MONT_WORD */
+ BIGNUM *t1,*t2;
+
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL) goto err;
+
+ if (!BN_copy(t1,a)) goto err;
+ BN_mask_bits(t1,mont->ri);
+
+ if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
+ BN_mask_bits(t2,mont->ri);
+
+ if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+ if (!BN_add(t2,a,t1)) goto err;
+ if (!BN_rshift(ret,t2,mont->ri)) goto err;
+#endif /* MONT_WORD */
+
+#if !defined(BRANCH_FREE) || BRANCH_FREE==0
+ if (BN_ucmp(ret, &(mont->N)) >= 0)
+ {
+ if (!BN_usub(ret,ret,&(mont->N))) goto err;
+ }
+#endif
+ retn=1;
+ bn_check_top(ret);
+ err:
+ BN_CTX_end(ctx);
+ return(retn);
+ }
+#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+ {
+ BN_MONT_CTX *ret;
+
+ if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
+ return(NULL);
+
+ BN_MONT_CTX_init(ret);
+ ret->flags=BN_FLG_MALLOCED;
+ return(ret);
+ }
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+ {
+ ctx->ri=0;
+ BN_init(&(ctx->RR));
+ BN_init(&(ctx->N));
+ BN_init(&(ctx->Ni));
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ ctx->n0[0] = ctx->n0[1] = 0;
+#else
+ ctx->n0 = 0;
+#endif
+ ctx->flags=0;
+ }
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+ {
+ if(mont == NULL)
+ return;
+
+ BN_free(&(mont->RR));
+ BN_free(&(mont->N));
+ BN_free(&(mont->Ni));
+ if (mont->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(mont);
+ }
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+ {
+ int ret = 0;
+ BIGNUM *Ri,*R;
+
+ BN_CTX_start(ctx);
+ if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
+ R= &(mont->RR); /* grab RR as a temp */
+ if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
+ mont->N.neg = 0;
+
+#ifdef MONT_WORD
+ {
+ BIGNUM tmod;
+ BN_ULONG buf[2];
+
+ mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+ BN_zero(R);
+#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
+ only certain BN_BITS2<=32 platforms actually need this */
+ if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */
+#else
+ if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
+#endif
+
+ buf[0]=mod->d[0]; /* tmod = N mod word size */
+ buf[1]=0;
+
+ BN_init(&tmod);
+ tmod.d=buf;
+ tmod.top = buf[0] != 0 ? 1 : 0;
+ tmod.dmax=2;
+ tmod.neg=0;
+
+#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
+ only certain BN_BITS2<=32 platforms actually need this */
+ tmod.top=0;
+ if ((buf[0] = mod->d[0])) tmod.top=1;
+ if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2;
+
+ if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
+ if (!BN_is_zero(Ri))
+ {
+ if (!BN_sub_word(Ri,1)) goto err;
+ }
+ else /* if N mod word size == 1 */
+ {
+ if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
+ goto err;
+ /* Ri-- (mod double word size) */
+ Ri->neg=0;
+ Ri->d[0]=BN_MASK2;
+ Ri->d[1]=BN_MASK2;
+ Ri->top=2;
+ }
+ if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ /* Ni = (R*Ri-1)/N,
+ * keep only couple of least significant words: */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+#else
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
+ if (!BN_is_zero(Ri))
+ {
+ if (!BN_sub_word(Ri,1)) goto err;
+ }
+ else /* if N mod word size == 1 */
+ {
+ if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
+ }
+ if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ /* Ni = (R*Ri-1)/N,
+ * keep only least significant word: */
+# if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = 0;
+# else
+ mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
+# endif
+#endif
+ }
+#else /* !MONT_WORD */
+ { /* bignum version */
+ mont->ri=BN_num_bits(&mont->N);
+ BN_zero(R);
+ if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
+ if (!BN_sub_word(Ri,1)) goto err;
+ /* Ni = (R*Ri-1) / N */
+ if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
+ }
+#endif
+
+ /* setup RR for conversions */
+ BN_zero(&(mont->RR));
+ if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
+ if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
+
+ ret = 1;
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+ {
+ if (to == from) return(to);
+
+ if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
+ if (!BN_copy(&(to->N),&(from->N))) return NULL;
+ if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
+ to->ri=from->ri;
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ to->n0[0]=from->n0[0];
+ to->n0[1]=from->n0[1];
+#else
+ to->n0=from->n0;
+#endif
+ return(to);
+ }
+
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+ {
+ BN_MONT_CTX *ret;
+
+ CRYPTO_r_lock(lock);
+ ret = *pmont;
+ CRYPTO_r_unlock(lock);
+ if (ret)
+ return ret;
+
+ /* We don't want to serialise globally while doing our lazy-init math in
+ * BN_MONT_CTX_set. That punishes threads that are doing independent
+ * things. Instead, punish the case where more than one thread tries to
+ * lazy-init the same 'pmont', by having each do the lazy-init math work
+ * independently and only use the one from the thread that wins the race
+ * (the losers throw away the work they've done). */
+ ret = BN_MONT_CTX_new();
+ if (!ret)
+ return NULL;
+ if (!BN_MONT_CTX_set(ret, mod, ctx))
+ {
+ BN_MONT_CTX_free(ret);
+ return NULL;
+ }
+
+ /* The locked compare-and-set, after the local work is done. */
+ CRYPTO_w_lock(lock);
+ if (*pmont)
+ {
+ BN_MONT_CTX_free(ret);
+ ret = *pmont;
+ }
+ else
+ *pmont = ret;
+ CRYPTO_w_unlock(lock);
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,130 @@
+/* crypto/bn/bn_mpi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+ {
+ int bits;
+ int num=0;
+ int ext=0;
+ long l;
+
+ bits=BN_num_bits(a);
+ num=(bits+7)/8;
+ if (bits > 0)
+ {
+ ext=((bits & 0x07) == 0);
+ }
+ if (d == NULL)
+ return(num+4+ext);
+
+ l=num+ext;
+ d[0]=(unsigned char)(l>>24)&0xff;
+ d[1]=(unsigned char)(l>>16)&0xff;
+ d[2]=(unsigned char)(l>> 8)&0xff;
+ d[3]=(unsigned char)(l )&0xff;
+ if (ext) d[4]=0;
+ num=BN_bn2bin(a,&(d[4+ext]));
+ if (a->neg)
+ d[4]|=0x80;
+ return(num+4+ext);
+ }
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+ {
+ long len;
+ int neg=0;
+
+ if (n < 4)
+ {
+ BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
+ return(NULL);
+ }
+ len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
+ if ((len+4) != n)
+ {
+ BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
+ return(NULL);
+ }
+
+ if (a == NULL) a=BN_new();
+ if (a == NULL) return(NULL);
+
+ if (len == 0)
+ {
+ a->neg=0;
+ a->top=0;
+ return(a);
+ }
+ d+=4;
+ if ((*d) & 0x80)
+ neg=1;
+ if (BN_bin2bn(d,(int)len,a) == NULL)
+ return(NULL);
+ a->neg=neg;
+ if (neg)
+ {
+ BN_clear_bit(a,BN_num_bits(a)-1);
+ }
+ bn_check_top(a);
+ return(a);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_mul.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mul.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_mul.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1166 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
+/* Here follows specialised variants of bn_add_words() and
+ bn_sub_words(). They have the property performing operations on
+ arrays of different sizes. The sizes of those arrays is expressed through
+ cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
+ which is the delta between the two lengths, calculated as len(a)-len(b).
+ All lengths are the number of BN_ULONGs... For the operations that require
+ a result array as parameter, it must have the length cl+abs(dl).
+ These functions should probably end up in bn_asm.c as soon as there are
+ assembler counterparts for the systems that use assembler files. */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+ const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+ {
+ BN_ULONG c, t;
+
+ assert(cl >= 0);
+ c = bn_sub_words(r, a, b, cl);
+
+ if (dl == 0)
+ return c;
+
+ r += cl;
+ a += cl;
+ b += cl;
+
+ if (dl < 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+#endif
+ for (;;)
+ {
+ t = b[0];
+ r[0] = (0-t-c)&BN_MASK2;
+ if (t != 0) c=1;
+ if (++dl >= 0) break;
+
+ t = b[1];
+ r[1] = (0-t-c)&BN_MASK2;
+ if (t != 0) c=1;
+ if (++dl >= 0) break;
+
+ t = b[2];
+ r[2] = (0-t-c)&BN_MASK2;
+ if (t != 0) c=1;
+ if (++dl >= 0) break;
+
+ t = b[3];
+ r[3] = (0-t-c)&BN_MASK2;
+ if (t != 0) c=1;
+ if (++dl >= 0) break;
+
+ b += 4;
+ r += 4;
+ }
+ }
+ else
+ {
+ int save_dl = dl;
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
+#endif
+ while(c)
+ {
+ t = a[0];
+ r[0] = (t-c)&BN_MASK2;
+ if (t != 0) c=0;
+ if (--dl <= 0) break;
+
+ t = a[1];
+ r[1] = (t-c)&BN_MASK2;
+ if (t != 0) c=0;
+ if (--dl <= 0) break;
+
+ t = a[2];
+ r[2] = (t-c)&BN_MASK2;
+ if (t != 0) c=0;
+ if (--dl <= 0) break;
+
+ t = a[3];
+ r[3] = (t-c)&BN_MASK2;
+ if (t != 0) c=0;
+ if (--dl <= 0) break;
+
+ save_dl = dl;
+ a += 4;
+ r += 4;
+ }
+ if (dl > 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+#endif
+ if (save_dl > dl)
+ {
+ switch (save_dl - dl)
+ {
+ case 1:
+ r[1] = a[1];
+ if (--dl <= 0) break;
+ case 2:
+ r[2] = a[2];
+ if (--dl <= 0) break;
+ case 3:
+ r[3] = a[3];
+ if (--dl <= 0) break;
+ }
+ a += 4;
+ r += 4;
+ }
+ }
+ if (dl > 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+#endif
+ for(;;)
+ {
+ r[0] = a[0];
+ if (--dl <= 0) break;
+ r[1] = a[1];
+ if (--dl <= 0) break;
+ r[2] = a[2];
+ if (--dl <= 0) break;
+ r[3] = a[3];
+ if (--dl <= 0) break;
+
+ a += 4;
+ r += 4;
+ }
+ }
+ }
+ return c;
+ }
+#endif
+
+BN_ULONG bn_add_part_words(BN_ULONG *r,
+ const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+ {
+ BN_ULONG c, l, t;
+
+ assert(cl >= 0);
+ c = bn_add_words(r, a, b, cl);
+
+ if (dl == 0)
+ return c;
+
+ r += cl;
+ a += cl;
+ b += cl;
+
+ if (dl < 0)
+ {
+ int save_dl = dl;
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+#endif
+ while (c)
+ {
+ l=(c+b[0])&BN_MASK2;
+ c=(l < c);
+ r[0]=l;
+ if (++dl >= 0) break;
+
+ l=(c+b[1])&BN_MASK2;
+ c=(l < c);
+ r[1]=l;
+ if (++dl >= 0) break;
+
+ l=(c+b[2])&BN_MASK2;
+ c=(l < c);
+ r[2]=l;
+ if (++dl >= 0) break;
+
+ l=(c+b[3])&BN_MASK2;
+ c=(l < c);
+ r[3]=l;
+ if (++dl >= 0) break;
+
+ save_dl = dl;
+ b+=4;
+ r+=4;
+ }
+ if (dl < 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
+#endif
+ if (save_dl < dl)
+ {
+ switch (dl - save_dl)
+ {
+ case 1:
+ r[1] = b[1];
+ if (++dl >= 0) break;
+ case 2:
+ r[2] = b[2];
+ if (++dl >= 0) break;
+ case 3:
+ r[3] = b[3];
+ if (++dl >= 0) break;
+ }
+ b += 4;
+ r += 4;
+ }
+ }
+ if (dl < 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
+#endif
+ for(;;)
+ {
+ r[0] = b[0];
+ if (++dl >= 0) break;
+ r[1] = b[1];
+ if (++dl >= 0) break;
+ r[2] = b[2];
+ if (++dl >= 0) break;
+ r[3] = b[3];
+ if (++dl >= 0) break;
+
+ b += 4;
+ r += 4;
+ }
+ }
+ }
+ else
+ {
+ int save_dl = dl;
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+#endif
+ while (c)
+ {
+ t=(a[0]+c)&BN_MASK2;
+ c=(t < c);
+ r[0]=t;
+ if (--dl <= 0) break;
+
+ t=(a[1]+c)&BN_MASK2;
+ c=(t < c);
+ r[1]=t;
+ if (--dl <= 0) break;
+
+ t=(a[2]+c)&BN_MASK2;
+ c=(t < c);
+ r[2]=t;
+ if (--dl <= 0) break;
+
+ t=(a[3]+c)&BN_MASK2;
+ c=(t < c);
+ r[3]=t;
+ if (--dl <= 0) break;
+
+ save_dl = dl;
+ a+=4;
+ r+=4;
+ }
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+#endif
+ if (dl > 0)
+ {
+ if (save_dl > dl)
+ {
+ switch (save_dl - dl)
+ {
+ case 1:
+ r[1] = a[1];
+ if (--dl <= 0) break;
+ case 2:
+ r[2] = a[2];
+ if (--dl <= 0) break;
+ case 3:
+ r[3] = a[3];
+ if (--dl <= 0) break;
+ }
+ a += 4;
+ r += 4;
+ }
+ }
+ if (dl > 0)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+#endif
+ for(;;)
+ {
+ r[0] = a[0];
+ if (--dl <= 0) break;
+ r[1] = a[1];
+ if (--dl <= 0) break;
+ r[2] = a[2];
+ if (--dl <= 0) break;
+ r[3] = a[3];
+ if (--dl <= 0) break;
+
+ a += 4;
+ r += 4;
+ }
+ }
+ }
+ return c;
+ }
+
+#ifdef BN_RECURSION
+/* Karatsuba recursive multiplication algorithm
+ * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
+
+/* r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+/* dnX may not be positive, but n2/2+dnX has to be */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t)
+ {
+ int n=n2/2,c1,c2;
+ int tna=n+dna, tnb=n+dnb;
+ unsigned int neg,zero;
+ BN_ULONG ln,lo,*p;
+
+# ifdef BN_COUNT
+ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+# endif
+# ifdef BN_MUL_COMBA
+# if 0
+ if (n2 == 4)
+ {
+ bn_mul_comba4(r,a,b);
+ return;
+ }
+# endif
+ /* Only call bn_mul_comba 8 if n2 == 8 and the
+ * two arrays are complete [steve]
+ */
+ if (n2 == 8 && dna == 0 && dnb == 0)
+ {
+ bn_mul_comba8(r,a,b);
+ return;
+ }
+# endif /* BN_MUL_COMBA */
+ /* Else do normal multiply */
+ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+ {
+ bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+ if ((dna + dnb) < 0)
+ memset(&r[2*n2 + dna + dnb], 0,
+ sizeof(BN_ULONG) * -(dna + dnb));
+ return;
+ }
+ /* r=(a[0]-a[1])*(b[1]-b[0]) */
+ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+ c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
+ zero=neg=0;
+ switch (c1*3+c2)
+ {
+ case -4:
+ bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
+ bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ break;
+ case -3:
+ zero=1;
+ break;
+ case -2:
+ bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
+ bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
+ neg=1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ zero=1;
+ break;
+ case 2:
+ bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
+ bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ neg=1;
+ break;
+ case 3:
+ zero=1;
+ break;
+ case 4:
+ bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
+ bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ break;
+ }
+
+# ifdef BN_MUL_COMBA
+ if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
+ extra args to do this well */
+ {
+ if (!zero)
+ bn_mul_comba4(&(t[n2]),t,&(t[n]));
+ else
+ memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+
+ bn_mul_comba4(r,a,b);
+ bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
+ }
+ else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
+ take extra args to do this
+ well */
+ {
+ if (!zero)
+ bn_mul_comba8(&(t[n2]),t,&(t[n]));
+ else
+ memset(&(t[n2]),0,16*sizeof(BN_ULONG));
+
+ bn_mul_comba8(r,a,b);
+ bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+ }
+ else
+# endif /* BN_MUL_COMBA */
+ {
+ p= &(t[n2*2]);
+ if (!zero)
+ bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+ else
+ memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+ bn_mul_recursive(r,a,b,n,0,0,p);
+ bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
+ }
+
+ /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+ if (neg) /* if t[32] is negative */
+ {
+ c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+ }
+ else
+ {
+ /* Might have a carry */
+ c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+ }
+
+ /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ * c1 holds the carry bits
+ */
+ c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+ if (c1)
+ {
+ p= &(r[n+n2]);
+ lo= *p;
+ ln=(lo+c1)&BN_MASK2;
+ *p=ln;
+
+ /* The overflow will stop before we over write
+ * words we should not overwrite */
+ if (ln < (BN_ULONG)c1)
+ {
+ do {
+ p++;
+ lo= *p;
+ ln=(lo+1)&BN_MASK2;
+ *p=ln;
+ } while (ln == 0);
+ }
+ }
+ }
+
+/* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
+/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+ int tna, int tnb, BN_ULONG *t)
+ {
+ int i,j,n2=n*2;
+ int c1,c2,neg;
+ BN_ULONG ln,lo,*p;
+
+# ifdef BN_COUNT
+ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
+# endif
+ if (n < 8)
+ {
+ bn_mul_normal(r,a,n+tna,b,n+tnb);
+ return;
+ }
+
+ /* r=(a[0]-a[1])*(b[1]-b[0]) */
+ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+ c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
+ neg=0;
+ switch (c1*3+c2)
+ {
+ case -4:
+ bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
+ bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ break;
+ case -3:
+ /* break; */
+ case -2:
+ bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
+ bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
+ neg=1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ /* break; */
+ case 2:
+ bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
+ bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ neg=1;
+ break;
+ case 3:
+ /* break; */
+ case 4:
+ bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
+ bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ break;
+ }
+ /* The zero case isn't yet implemented here. The speedup
+ would probably be negligible. */
+# if 0
+ if (n == 4)
+ {
+ bn_mul_comba4(&(t[n2]),t,&(t[n]));
+ bn_mul_comba4(r,a,b);
+ bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+ memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+ }
+ else
+# endif
+ if (n == 8)
+ {
+ bn_mul_comba8(&(t[n2]),t,&(t[n]));
+ bn_mul_comba8(r,a,b);
+ bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
+ memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
+ }
+ else
+ {
+ p= &(t[n2*2]);
+ bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+ bn_mul_recursive(r,a,b,n,0,0,p);
+ i=n/2;
+ /* If there is only a bottom half to the number,
+ * just do it */
+ if (tna > tnb)
+ j = tna - i;
+ else
+ j = tnb - i;
+ if (j == 0)
+ {
+ bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+ }
+ else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+ {
+ bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ memset(&(r[n2+tna+tnb]),0,
+ sizeof(BN_ULONG)*(n2-tna-tnb));
+ }
+ else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+ {
+ memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
+ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+ && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
+ {
+ bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
+ }
+ else
+ {
+ for (;;)
+ {
+ i/=2;
+ /* these simplified conditions work
+ * exclusively because difference
+ * between tna and tnb is 1 or 0 */
+ if (i < tna || i < tnb)
+ {
+ bn_mul_part_recursive(&(r[n2]),
+ &(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ break;
+ }
+ else if (i == tna || i == tnb)
+ {
+ bn_mul_recursive(&(r[n2]),
+ &(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+ if (neg) /* if t[32] is negative */
+ {
+ c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+ }
+ else
+ {
+ /* Might have a carry */
+ c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+ }
+
+ /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ * c1 holds the carry bits
+ */
+ c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+ if (c1)
+ {
+ p= &(r[n+n2]);
+ lo= *p;
+ ln=(lo+c1)&BN_MASK2;
+ *p=ln;
+
+ /* The overflow will stop before we over write
+ * words we should not overwrite */
+ if (ln < (BN_ULONG)c1)
+ {
+ do {
+ p++;
+ lo= *p;
+ ln=(lo+1)&BN_MASK2;
+ *p=ln;
+ } while (ln == 0);
+ }
+ }
+ }
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t)
+ {
+ int n=n2/2;
+
+# ifdef BN_COUNT
+ fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+# endif
+
+ bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
+ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+ {
+ bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+ bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+ bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+ bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+ }
+ else
+ {
+ bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+ bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+ bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+ bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+ }
+ }
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t)
+ {
+ int i,n;
+ int c1,c2;
+ int neg,oneg,zero;
+ BN_ULONG ll,lc,*lp,*mp;
+
+# ifdef BN_COUNT
+ fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+# endif
+ n=n2/2;
+
+ /* Calculate (al-ah)*(bh-bl) */
+ neg=zero=0;
+ c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+ c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+ switch (c1*3+c2)
+ {
+ case -4:
+ bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+ bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+ break;
+ case -3:
+ zero=1;
+ break;
+ case -2:
+ bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+ bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+ neg=1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ zero=1;
+ break;
+ case 2:
+ bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+ bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+ neg=1;
+ break;
+ case 3:
+ zero=1;
+ break;
+ case 4:
+ bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+ bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+ break;
+ }
+
+ oneg=neg;
+ /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+ /* r[10] = (a[1]*b[1]) */
+# ifdef BN_MUL_COMBA
+ if (n == 8)
+ {
+ bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
+ bn_mul_comba8(r,&(a[n]),&(b[n]));
+ }
+ else
+# endif
+ {
+ bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
+ bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
+ }
+
+ /* s0 == low(al*bl)
+ * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+ * We know s0 and s1 so the only unknown is high(al*bl)
+ * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+ * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+ */
+ if (l != NULL)
+ {
+ lp= &(t[n2+n]);
+ c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
+ }
+ else
+ {
+ c1=0;
+ lp= &(r[0]);
+ }
+
+ if (neg)
+ neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
+ else
+ {
+ bn_add_words(&(t[n2]),lp,&(t[0]),n);
+ neg=0;
+ }
+
+ if (l != NULL)
+ {
+ bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+ }
+ else
+ {
+ lp= &(t[n2+n]);
+ mp= &(t[n2]);
+ for (i=0; i<n; i++)
+ lp[i]=((~mp[i])+1)&BN_MASK2;
+ }
+
+ /* s[0] = low(al*bl)
+ * t[3] = high(al*bl)
+ * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+ * r[10] = (a[1]*b[1])
+ */
+ /* R[10] = al*bl
+ * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+ * R[32] = ah*bh
+ */
+ /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+ * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+ * R[3]=r[1]+(carry/borrow)
+ */
+ if (l != NULL)
+ {
+ lp= &(t[n2]);
+ c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
+ }
+ else
+ {
+ lp= &(t[n2+n]);
+ c1=0;
+ }
+ c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
+ if (oneg)
+ c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+ else
+ c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+
+ c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
+ c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
+ if (oneg)
+ c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
+ else
+ c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
+
+ if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
+ {
+ i=0;
+ if (c1 > 0)
+ {
+ lc=c1;
+ do {
+ ll=(r[i]+lc)&BN_MASK2;
+ r[i++]=ll;
+ lc=(lc > ll);
+ } while (lc);
+ }
+ else
+ {
+ lc= -c1;
+ do {
+ ll=r[i];
+ r[i++]=(ll-lc)&BN_MASK2;
+ lc=(lc > ll);
+ } while (lc);
+ }
+ }
+ if (c2 != 0) /* Add starting at r[1] */
+ {
+ i=n;
+ if (c2 > 0)
+ {
+ lc=c2;
+ do {
+ ll=(r[i]+lc)&BN_MASK2;
+ r[i++]=ll;
+ lc=(lc > ll);
+ } while (lc);
+ }
+ else
+ {
+ lc= -c2;
+ do {
+ ll=r[i];
+ r[i++]=(ll-lc)&BN_MASK2;
+ lc=(lc > ll);
+ } while (lc);
+ }
+ }
+ }
+#endif /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+ {
+ int ret=0;
+ int top,al,bl;
+ BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ int i;
+#endif
+#ifdef BN_RECURSION
+ BIGNUM *t=NULL;
+ int j=0,k;
+#endif
+
+#ifdef BN_COUNT
+ fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
+#endif
+
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(r);
+
+ al=a->top;
+ bl=b->top;
+
+ if ((al == 0) || (bl == 0))
+ {
+ BN_zero(r);
+ return(1);
+ }
+ top=al+bl;
+
+ BN_CTX_start(ctx);
+ if ((r == a) || (r == b))
+ {
+ if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
+ }
+ else
+ rr = r;
+ rr->neg=a->neg^b->neg;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ i = al-bl;
+#endif
+#ifdef BN_MUL_COMBA
+ if (i == 0)
+ {
+# if 0
+ if (al == 4)
+ {
+ if (bn_wexpand(rr,8) == NULL) goto err;
+ rr->top=8;
+ bn_mul_comba4(rr->d,a->d,b->d);
+ goto end;
+ }
+# endif
+ if (al == 8)
+ {
+ if (bn_wexpand(rr,16) == NULL) goto err;
+ rr->top=16;
+ bn_mul_comba8(rr->d,a->d,b->d);
+ goto end;
+ }
+ }
+#endif /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
+ {
+ if (i >= -1 && i <= 1)
+ {
+ /* Find out the power of two lower or equal
+ to the longest of the two numbers */
+ if (i >= 0)
+ {
+ j = BN_num_bits_word((BN_ULONG)al);
+ }
+ if (i == -1)
+ {
+ j = BN_num_bits_word((BN_ULONG)bl);
+ }
+ j = 1<<(j-1);
+ assert(j <= al || j <= bl);
+ k = j+j;
+ t = BN_CTX_get(ctx);
+ if (t == NULL)
+ goto err;
+ if (al > j || bl > j)
+ {
+ if (bn_wexpand(t,k*4) == NULL) goto err;
+ if (bn_wexpand(rr,k*4) == NULL) goto err;
+ bn_mul_part_recursive(rr->d,a->d,b->d,
+ j,al-j,bl-j,t->d);
+ }
+ else /* al <= j || bl <= j */
+ {
+ if (bn_wexpand(t,k*2) == NULL) goto err;
+ if (bn_wexpand(rr,k*2) == NULL) goto err;
+ bn_mul_recursive(rr->d,a->d,b->d,
+ j,al-j,bl-j,t->d);
+ }
+ rr->top=top;
+ goto end;
+ }
+#if 0
+ if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+ {
+ BIGNUM *tmp_bn = (BIGNUM *)b;
+ if (bn_wexpand(tmp_bn,al) == NULL) goto err;
+ tmp_bn->d[bl]=0;
+ bl++;
+ i--;
+ }
+ else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+ {
+ BIGNUM *tmp_bn = (BIGNUM *)a;
+ if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
+ tmp_bn->d[al]=0;
+ al++;
+ i++;
+ }
+ if (i == 0)
+ {
+ /* symmetric and > 4 */
+ /* 16 or larger */
+ j=BN_num_bits_word((BN_ULONG)al);
+ j=1<<(j-1);
+ k=j+j;
+ t = BN_CTX_get(ctx);
+ if (al == j) /* exact multiple */
+ {
+ if (bn_wexpand(t,k*2) == NULL) goto err;
+ if (bn_wexpand(rr,k*2) == NULL) goto err;
+ bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+ }
+ else
+ {
+ if (bn_wexpand(t,k*4) == NULL) goto err;
+ if (bn_wexpand(rr,k*4) == NULL) goto err;
+ bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+ }
+ rr->top=top;
+ goto end;
+ }
+#endif
+ }
+#endif /* BN_RECURSION */
+ if (bn_wexpand(rr,top) == NULL) goto err;
+ rr->top=top;
+ bn_mul_normal(rr->d,a->d,al,b->d,bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+end:
+#endif
+ bn_correct_top(rr);
+ if (r != rr) BN_copy(r,rr);
+ ret=1;
+err:
+ bn_check_top(r);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+ {
+ BN_ULONG *rr;
+
+#ifdef BN_COUNT
+ fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
+#endif
+
+ if (na < nb)
+ {
+ int itmp;
+ BN_ULONG *ltmp;
+
+ itmp=na; na=nb; nb=itmp;
+ ltmp=a; a=b; b=ltmp;
+
+ }
+ rr= &(r[na]);
+ if (nb <= 0)
+ {
+ (void)bn_mul_words(r,a,na,0);
+ return;
+ }
+ else
+ rr[0]=bn_mul_words(r,a,na,b[0]);
+
+ for (;;)
+ {
+ if (--nb <= 0) return;
+ rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+ if (--nb <= 0) return;
+ rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+ if (--nb <= 0) return;
+ rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+ if (--nb <= 0) return;
+ rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+ rr+=4;
+ r+=4;
+ b+=4;
+ }
+ }
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+ {
+#ifdef BN_COUNT
+ fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
+#endif
+ bn_mul_words(r,a,n,b[0]);
+
+ for (;;)
+ {
+ if (--n <= 0) return;
+ bn_mul_add_words(&(r[1]),a,n,b[1]);
+ if (--n <= 0) return;
+ bn_mul_add_words(&(r[2]),a,n,b[2]);
+ if (--n <= 0) return;
+ bn_mul_add_words(&(r[3]),a,n,b[3]);
+ if (--n <= 0) return;
+ bn_mul_add_words(&(r[4]),a,n,b[4]);
+ r+=4;
+ b+=4;
+ }
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_nist.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_nist.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_nist.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,836 @@
+/* crypto/bn/bn_nist.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+#include "cryptlib.h"
+
+
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
+#if BN_BITS2 == 64
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
+ };
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
+ 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
+ };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+ {0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
+ {0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
+ };
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
+ 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL
+ };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+ {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
+ {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
+ {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
+ {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
+ {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
+ };
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
+ 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
+ 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
+ };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ };
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
+ 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
+ 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
+ };
+static const BN_ULONG _nist_p_521[] =
+ {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0x00000000000001FFULL};
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+ 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+ 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
+ };
+#elif BN_BITS2 == 32
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+ };
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
+ 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+ };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+ {0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+ };
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
+ 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF
+ };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+ {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
+ 0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
+ {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
+ 0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
+ {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
+ 0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
+ {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
+ 0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
+ {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
+ 0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
+ };
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
+ 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
+ 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
+ };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ };
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
+ 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
+ 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+ };
+static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0x000001FF};
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+ 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+ 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
+ };
+#else
+#error "unsupported BN_BITS2"
+#endif
+
+
+static const BIGNUM _bignum_nist_p_192 =
+ {
+ (BN_ULONG *)_nist_p_192[0],
+ BN_NIST_192_TOP,
+ BN_NIST_192_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+ };
+
+static const BIGNUM _bignum_nist_p_224 =
+ {
+ (BN_ULONG *)_nist_p_224[0],
+ BN_NIST_224_TOP,
+ BN_NIST_224_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+ };
+
+static const BIGNUM _bignum_nist_p_256 =
+ {
+ (BN_ULONG *)_nist_p_256[0],
+ BN_NIST_256_TOP,
+ BN_NIST_256_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+ };
+
+static const BIGNUM _bignum_nist_p_384 =
+ {
+ (BN_ULONG *)_nist_p_384[0],
+ BN_NIST_384_TOP,
+ BN_NIST_384_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+ };
+
+static const BIGNUM _bignum_nist_p_521 =
+ {
+ (BN_ULONG *)_nist_p_521,
+ BN_NIST_521_TOP,
+ BN_NIST_521_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+ };
+
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+ {
+ return &_bignum_nist_p_192;
+ }
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+ {
+ return &_bignum_nist_p_224;
+ }
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+ {
+ return &_bignum_nist_p_256;
+ }
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+ {
+ return &_bignum_nist_p_384;
+ }
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+ {
+ return &_bignum_nist_p_521;
+ }
+
+
+static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+ {
+ int i;
+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+
+#ifdef BN_DEBUG
+ OPENSSL_assert(top <= max);
+#endif
+ for (i = (top); i != 0; i--)
+ *_tmp1++ = *_tmp2++;
+ for (i = (max) - (top); i != 0; i--)
+ *_tmp1++ = (BN_ULONG) 0;
+ }
+
+static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+ {
+ int i;
+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+ for (i = (top); i != 0; i--)
+ *_tmp1++ = *_tmp2++;
+ }
+
+#if BN_BITS2 == 64
+#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
+#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+ :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+#else
+#define bn_cp_64(to, n, from, m) \
+ { \
+ bn_cp_32(to, (n)*2, from, (m)*2); \
+ bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+ }
+#define bn_64_set_0(to, n) \
+ { \
+ bn_32_set_0(to, (n)*2); \
+ bn_32_set_0(to, (n)*2+1); \
+ }
+#if BN_BITS2 == 32
+#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
+#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
+#endif
+#endif /* BN_BITS2 != 64 */
+
+
+#define nist_set_192(to, from, a1, a2, a3) \
+ { \
+ bn_cp_64(to, 0, from, (a3) - 3) \
+ bn_cp_64(to, 1, from, (a2) - 3) \
+ bn_cp_64(to, 2, from, (a1) - 3) \
+ }
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+ {
+ int top = a->top, i;
+ int carry;
+ register BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_192_TOP],
+ buf[BN_NIST_192_TOP],
+ c_d[BN_NIST_192_TOP],
+ *res;
+ size_t mask;
+ static const BIGNUM _bignum_nist_p_192_sqr = {
+ (BN_ULONG *)_nist_p_192_sqr,
+ sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+ sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
+ field = &_bignum_nist_p_192; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0)
+ {
+ BN_zero(r);
+ return 1;
+ }
+ else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
+
+ if (r != a)
+ {
+ if (!bn_wexpand(r, BN_NIST_192_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+ }
+ else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
+
+ nist_set_192(t_d, buf, 0, 3, 3);
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+ nist_set_192(t_d, buf, 4, 4, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+ nist_set_192(t_d, buf, 5, 5, 5)
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
+ else
+ carry = 1;
+
+ /*
+ * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+ * as comparison implies subtraction, we can write
+ * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+ * this is what happens below, but without explicit if:-) a.
+ */
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+ r->top = BN_NIST_192_TOP;
+ bn_correct_top(r);
+
+ return 1;
+ }
+
+typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
+
+#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
+ { \
+ bn_cp_32(to, 0, from, (a7) - 7) \
+ bn_cp_32(to, 1, from, (a6) - 7) \
+ bn_cp_32(to, 2, from, (a5) - 7) \
+ bn_cp_32(to, 3, from, (a4) - 7) \
+ bn_cp_32(to, 4, from, (a3) - 7) \
+ bn_cp_32(to, 5, from, (a2) - 7) \
+ bn_cp_32(to, 6, from, (a1) - 7) \
+ }
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+ {
+ int top = a->top, i;
+ int carry;
+ BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_224_TOP],
+ buf[BN_NIST_224_TOP],
+ c_d[BN_NIST_224_TOP],
+ *res;
+ size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_224_sqr = {
+ (BN_ULONG *)_nist_p_224_sqr,
+ sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+ sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
+
+ field = &_bignum_nist_p_224; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0)
+ {
+ BN_zero(r);
+ return 1;
+ }
+ else if (i > 0)
+ return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+ if (r != a)
+ {
+ if (!bn_wexpand(r, BN_NIST_224_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+ }
+ else
+ r_d = a_d;
+
+#if BN_BITS2==64
+ /* copy upper 256 bits of 448 bit number ... */
+ nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
+ /* ... and right shift by 32 to obtain upper 224 bits */
+ nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+ /* truncate lower part to 224 bits too */
+ r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
+#else
+ nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+#endif
+ nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+
+#if BN_BITS2==64
+ carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
+#endif
+ u.f = bn_sub_words;
+ if (carry > 0)
+ {
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
+#if BN_BITS2==64
+ carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
+#endif
+ }
+ else if (carry < 0)
+ {
+ /* it's a bit more comlicated logic in this case.
+ * if bn_add_words yields no carry, then result
+ * has to be adjusted by unconditionally *adding*
+ * the modulus. but if it does, then result has
+ * to be compared to the modulus and conditionally
+ * adjusted by *subtracting* the latter. */
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+ }
+ else
+ carry = 1;
+
+ /* otherwise it's effectively same as in BN_nist_mod_192... */
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+ r->top = BN_NIST_224_TOP;
+ bn_correct_top(r);
+
+ return 1;
+ }
+
+#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
+ { \
+ bn_cp_32(to, 0, from, (a8) - 8) \
+ bn_cp_32(to, 1, from, (a7) - 8) \
+ bn_cp_32(to, 2, from, (a6) - 8) \
+ bn_cp_32(to, 3, from, (a5) - 8) \
+ bn_cp_32(to, 4, from, (a4) - 8) \
+ bn_cp_32(to, 5, from, (a3) - 8) \
+ bn_cp_32(to, 6, from, (a2) - 8) \
+ bn_cp_32(to, 7, from, (a1) - 8) \
+ }
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+ {
+ int i, top = a->top;
+ int carry = 0;
+ register BN_ULONG *a_d = a->d, *r_d;
+ BN_ULONG t_d[BN_NIST_256_TOP],
+ buf[BN_NIST_256_TOP],
+ c_d[BN_NIST_256_TOP],
+ *res;
+ size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_256_sqr = {
+ (BN_ULONG *)_nist_p_256_sqr,
+ sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+ sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
+ field = &_bignum_nist_p_256; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0)
+ {
+ BN_zero(r);
+ return 1;
+ }
+ else if (i > 0)
+ return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+ if (r != a)
+ {
+ if (!bn_wexpand(r, BN_NIST_256_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+ }
+ else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
+
+ /*S1*/
+ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
+ /*S2*/
+ nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+ /* left shift */
+ {
+ register BN_ULONG *ap,t,c;
+ ap = t_d;
+ c=0;
+ for (i = BN_NIST_256_TOP; i != 0; --i)
+ {
+ t= *ap;
+ *(ap++)=((t<<1)|c)&BN_MASK2;
+ c=(t & BN_TBIT)?1:0;
+ }
+ carry <<= 1;
+ carry |= c;
+ }
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*S3*/
+ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*S4*/
+ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*D1*/
+ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*D2*/
+ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*D3*/
+ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*D4*/
+ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
+ else if (carry < 0)
+ {
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+ }
+ else
+ carry = 1;
+
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+ r->top = BN_NIST_256_TOP;
+ bn_correct_top(r);
+
+ return 1;
+ }
+
+#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+ { \
+ bn_cp_32(to, 0, from, (a12) - 12) \
+ bn_cp_32(to, 1, from, (a11) - 12) \
+ bn_cp_32(to, 2, from, (a10) - 12) \
+ bn_cp_32(to, 3, from, (a9) - 12) \
+ bn_cp_32(to, 4, from, (a8) - 12) \
+ bn_cp_32(to, 5, from, (a7) - 12) \
+ bn_cp_32(to, 6, from, (a6) - 12) \
+ bn_cp_32(to, 7, from, (a5) - 12) \
+ bn_cp_32(to, 8, from, (a4) - 12) \
+ bn_cp_32(to, 9, from, (a3) - 12) \
+ bn_cp_32(to, 10, from, (a2) - 12) \
+ bn_cp_32(to, 11, from, (a1) - 12) \
+ }
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+ {
+ int i, top = a->top;
+ int carry = 0;
+ register BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_384_TOP],
+ buf[BN_NIST_384_TOP],
+ c_d[BN_NIST_384_TOP],
+ *res;
+ size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_384_sqr = {
+ (BN_ULONG *)_nist_p_384_sqr,
+ sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+ sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
+
+ field = &_bignum_nist_p_384; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0)
+ {
+ BN_zero(r);
+ return 1;
+ }
+ else if (i > 0)
+ return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+ if (r != a)
+ {
+ if (!bn_wexpand(r, BN_NIST_384_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+ }
+ else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
+
+ /*S1*/
+ nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
+ /* left shift */
+ {
+ register BN_ULONG *ap,t,c;
+ ap = t_d;
+ c=0;
+ for (i = 3; i != 0; --i)
+ {
+ t= *ap;
+ *(ap++)=((t<<1)|c)&BN_MASK2;
+ c=(t & BN_TBIT)?1:0;
+ }
+ *ap=c;
+ }
+ carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
+ t_d, BN_NIST_256_TOP);
+ /*S2 */
+ carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
+ /*S3*/
+ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*S4*/
+ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*S5*/
+ nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*S6*/
+ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*D1*/
+ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*D2*/
+ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*D3*/
+ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
+ else if (carry < 0)
+ {
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+ }
+ else
+ carry = 1;
+
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+ r->top = BN_NIST_384_TOP;
+ bn_correct_top(r);
+
+ return 1;
+ }
+
+#define BN_NIST_521_RSHIFT (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+ {
+ int top = a->top, i;
+ BN_ULONG *r_d, *a_d = a->d,
+ t_d[BN_NIST_521_TOP],
+ val,tmp,*res;
+ size_t mask;
+ static const BIGNUM _bignum_nist_p_521_sqr = {
+ (BN_ULONG *)_nist_p_521_sqr,
+ sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+ sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
+ field = &_bignum_nist_p_521; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0)
+ {
+ BN_zero(r);
+ return 1;
+ }
+ else if (i > 0)
+ return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+ if (r != a)
+ {
+ if (!bn_wexpand(r,BN_NIST_521_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
+ }
+ else
+ r_d = a_d;
+
+ /* upper 521 bits, copy ... */
+ nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
+ /* ... and right shift */
+ for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
+ {
+ tmp = val>>BN_NIST_521_RSHIFT;
+ val = t_d[i+1];
+ t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+ }
+ t_d[i] = val>>BN_NIST_521_RSHIFT;
+ /* lower 521 bits */
+ r_d[i] &= BN_NIST_521_TOP_MASK;
+
+ bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
+ mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+ res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d,res,BN_NIST_521_TOP);
+ r->top = BN_NIST_521_TOP;
+ bn_correct_top(r);
+
+ return 1;
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_opt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_opt.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_opt.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,87 @@
+/* crypto/bn/bn_opt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+char *BN_options(void)
+ {
+ static int init=0;
+ static char data[16];
+
+ if (!init)
+ {
+ init++;
+#ifdef BN_LLONG
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+ }
+ return(data);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_prime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_prime.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_prime.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,494 @@
+/* crypto/bn/bn_prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+/* NB: these functions have been "upgraded", the deprecated versions (which are
+ * compatibility wrappers using these functions) are in bn_depr.c.
+ * - Geoff
+ */
+
+/* The quick sieve algorithm approach to weeding out primes is
+ * Philip Zimmermann's, as implemented in PGP. I have had a read of
+ * his comments and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+ {
+ /* No callback means continue */
+ if(!cb) return 1;
+ switch(cb->ver)
+ {
+ case 1:
+ /* Deprecated-style callbacks */
+ if(!cb->cb.cb_1)
+ return 1;
+ cb->cb.cb_1(a, b, cb->arg);
+ return 1;
+ case 2:
+ /* New-style callbacks */
+ return cb->cb.cb_2(a, b, cb);
+ default:
+ break;
+ }
+ /* Unrecognised callback type */
+ return 0;
+ }
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+ {
+ BIGNUM *t;
+ int found=0;
+ int i,j,c1=0;
+ BN_CTX *ctx;
+ int checks = BN_prime_checks_for_size(bits);
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ BN_CTX_start(ctx);
+ t = BN_CTX_get(ctx);
+ if(!t) goto err;
+loop:
+ /* make a random number and set the top and bottom bits */
+ if (add == NULL)
+ {
+ if (!probable_prime(ret,bits)) goto err;
+ }
+ else
+ {
+ if (safe)
+ {
+ if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
+ goto err;
+ }
+ else
+ {
+ if (!probable_prime_dh(ret,bits,add,rem,ctx))
+ goto err;
+ }
+ }
+ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+ if(!BN_GENCB_call(cb, 0, c1++))
+ /* aborted */
+ goto err;
+
+ if (!safe)
+ {
+ i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
+ if (i == -1) goto err;
+ if (i == 0) goto loop;
+ }
+ else
+ {
+ /* for "safe prime" generation,
+ * check that (p-1)/2 is prime.
+ * Since a prime is odd, We just
+ * need to divide by 2 */
+ if (!BN_rshift1(t,ret)) goto err;
+
+ for (i=0; i<checks; i++)
+ {
+ j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
+ if (j == -1) goto err;
+ if (j == 0) goto loop;
+
+ j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
+ if (j == -1) goto err;
+ if (j == 0) goto loop;
+
+ if(!BN_GENCB_call(cb, 2, c1-1))
+ goto err;
+ /* We have a safe prime test pass */
+ }
+ }
+ /* we have a prime :-) */
+ found = 1;
+err:
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ bn_check_top(ret);
+ return found;
+ }
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
+ {
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+ }
+
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
+ {
+ int i, j, ret = -1;
+ int k;
+ BN_CTX *ctx = NULL;
+ BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+ BN_MONT_CTX *mont = NULL;
+ const BIGNUM *A = NULL;
+
+ if (BN_cmp(a, BN_value_one()) <= 0)
+ return 0;
+
+ if (checks == BN_prime_checks)
+ checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+ /* first look for small factors */
+ if (!BN_is_odd(a))
+ /* a is even => a is prime if and only if a == 2 */
+ return BN_is_word(a, 2);
+ if (do_trial_division)
+ {
+ for (i = 1; i < NUMPRIMES; i++)
+ if (BN_mod_word(a, primes[i]) == 0)
+ return 0;
+ if(!BN_GENCB_call(cb, 1, -1))
+ goto err;
+ }
+
+ if (ctx_passed != NULL)
+ ctx = ctx_passed;
+ else
+ if ((ctx=BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+
+ /* A := abs(a) */
+ if (a->neg)
+ {
+ BIGNUM *t;
+ if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+ BN_copy(t, a);
+ t->neg = 0;
+ A = t;
+ }
+ else
+ A = a;
+ A1 = BN_CTX_get(ctx);
+ A1_odd = BN_CTX_get(ctx);
+ check = BN_CTX_get(ctx);
+ if (check == NULL) goto err;
+
+ /* compute A1 := A - 1 */
+ if (!BN_copy(A1, A))
+ goto err;
+ if (!BN_sub_word(A1, 1))
+ goto err;
+ if (BN_is_zero(A1))
+ {
+ ret = 0;
+ goto err;
+ }
+
+ /* write A1 as A1_odd * 2^k */
+ k = 1;
+ while (!BN_is_bit_set(A1, k))
+ k++;
+ if (!BN_rshift(A1_odd, A1, k))
+ goto err;
+
+ /* Montgomery setup for computations mod A */
+ mont = BN_MONT_CTX_new();
+ if (mont == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, A, ctx))
+ goto err;
+
+ for (i = 0; i < checks; i++)
+ {
+ if (!BN_pseudo_rand_range(check, A1))
+ goto err;
+ if (!BN_add_word(check, 1))
+ goto err;
+ /* now 1 <= check < A */
+
+ j = witness(check, A, A1, A1_odd, k, ctx, mont);
+ if (j == -1) goto err;
+ if (j)
+ {
+ ret=0;
+ goto err;
+ }
+ if(!BN_GENCB_call(cb, 1, i))
+ goto err;
+ }
+ ret=1;
+err:
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ if (ctx_passed == NULL)
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+
+ return(ret);
+ }
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
+ {
+ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+ return -1;
+ if (BN_is_one(w))
+ return 0; /* probably prime */
+ if (BN_cmp(w, a1) == 0)
+ return 0; /* w == -1 (mod a), 'a' is probably prime */
+ while (--k)
+ {
+ if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+ return -1;
+ if (BN_is_one(w))
+ return 1; /* 'a' is composite, otherwise a previous 'w' would
+ * have been == -1 (mod 'a') */
+ if (BN_cmp(w, a1) == 0)
+ return 0; /* w == -1 (mod a), 'a' is probably prime */
+ }
+ /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
+ * and it is neither -1 nor +1 -- so 'a' cannot be prime */
+ bn_check_top(w);
+ return 1;
+ }
+
+static int probable_prime(BIGNUM *rnd, int bits)
+ {
+ int i;
+ prime_t mods[NUMPRIMES];
+ BN_ULONG delta,maxdelta;
+
+again:
+ if (!BN_rand(rnd,bits,1,1)) return(0);
+ /* we now have a random number 'rand' to test. */
+ for (i=1; i<NUMPRIMES; i++)
+ mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
+ maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
+ delta=0;
+ loop: for (i=1; i<NUMPRIMES; i++)
+ {
+ /* check that rnd is not a prime and also
+ * that gcd(rnd-1,primes) == 1 (except for 2) */
+ if (((mods[i]+delta)%primes[i]) <= 1)
+ {
+ delta+=2;
+ if (delta > maxdelta) goto again;
+ goto loop;
+ }
+ }
+ if (!BN_add_word(rnd,delta)) return(0);
+ bn_check_top(rnd);
+ return(1);
+ }
+
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+ {
+ int i,ret=0;
+ BIGNUM *t1;
+
+ BN_CTX_start(ctx);
+ if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
+
+ if (!BN_rand(rnd,bits,0,1)) goto err;
+
+ /* we need ((rnd-rem) % add) == 0 */
+
+ if (!BN_mod(t1,rnd,add,ctx)) goto err;
+ if (!BN_sub(rnd,rnd,t1)) goto err;
+ if (rem == NULL)
+ { if (!BN_add_word(rnd,1)) goto err; }
+ else
+ { if (!BN_add(rnd,rnd,rem)) goto err; }
+
+ /* we now have a random number 'rand' to test. */
+
+ loop: for (i=1; i<NUMPRIMES; i++)
+ {
+ /* check that rnd is a prime */
+ if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
+ {
+ if (!BN_add(rnd,rnd,add)) goto err;
+ goto loop;
+ }
+ }
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(rnd);
+ return(ret);
+ }
+
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+ const BIGNUM *rem, BN_CTX *ctx)
+ {
+ int i,ret=0;
+ BIGNUM *t1,*qadd,*q;
+
+ bits--;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ qadd = BN_CTX_get(ctx);
+ if (qadd == NULL) goto err;
+
+ if (!BN_rshift1(qadd,padd)) goto err;
+
+ if (!BN_rand(q,bits,0,1)) goto err;
+
+ /* we need ((rnd-rem) % add) == 0 */
+ if (!BN_mod(t1,q,qadd,ctx)) goto err;
+ if (!BN_sub(q,q,t1)) goto err;
+ if (rem == NULL)
+ { if (!BN_add_word(q,1)) goto err; }
+ else
+ {
+ if (!BN_rshift1(t1,rem)) goto err;
+ if (!BN_add(q,q,t1)) goto err;
+ }
+
+ /* we now have a random number 'rand' to test. */
+ if (!BN_lshift1(p,q)) goto err;
+ if (!BN_add_word(p,1)) goto err;
+
+ loop: for (i=1; i<NUMPRIMES; i++)
+ {
+ /* check that p and q are prime */
+ /* check that for p and q
+ * gcd(p-1,primes) == 1 (except for 2) */
+ if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
+ (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
+ {
+ if (!BN_add(p,p,padd)) goto err;
+ if (!BN_add(q,q,qadd)) goto err;
+ goto loop;
+ }
+ }
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(p);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_prime.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_prime.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_prime.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,327 @@
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef EIGHT_BIT
+#define NUMPRIMES 2048
+typedef unsigned short prime_t;
+#else
+#define NUMPRIMES 54
+typedef unsigned char prime_t;
+#endif
+static const prime_t primes[NUMPRIMES]=
+ {
+ 2, 3, 5, 7, 11, 13, 17, 19,
+ 23, 29, 31, 37, 41, 43, 47, 53,
+ 59, 61, 67, 71, 73, 79, 83, 89,
+ 97, 101, 103, 107, 109, 113, 127, 131,
+ 137, 139, 149, 151, 157, 163, 167, 173,
+ 179, 181, 191, 193, 197, 199, 211, 223,
+ 227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+ 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311,
+ 313, 317, 331, 337, 347, 349, 353, 359,
+ 367, 373, 379, 383, 389, 397, 401, 409,
+ 419, 421, 431, 433, 439, 443, 449, 457,
+ 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569,
+ 571, 577, 587, 593, 599, 601, 607, 613,
+ 617, 619, 631, 641, 643, 647, 653, 659,
+ 661, 673, 677, 683, 691, 701, 709, 719,
+ 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827,
+ 829, 839, 853, 857, 859, 863, 877, 881,
+ 883, 887, 907, 911, 919, 929, 937, 941,
+ 947, 953, 967, 971, 977, 983, 991, 997,
+ 1009,1013,1019,1021,1031,1033,1039,1049,
+ 1051,1061,1063,1069,1087,1091,1093,1097,
+ 1103,1109,1117,1123,1129,1151,1153,1163,
+ 1171,1181,1187,1193,1201,1213,1217,1223,
+ 1229,1231,1237,1249,1259,1277,1279,1283,
+ 1289,1291,1297,1301,1303,1307,1319,1321,
+ 1327,1361,1367,1373,1381,1399,1409,1423,
+ 1427,1429,1433,1439,1447,1451,1453,1459,
+ 1471,1481,1483,1487,1489,1493,1499,1511,
+ 1523,1531,1543,1549,1553,1559,1567,1571,
+ 1579,1583,1597,1601,1607,1609,1613,1619,
+ 1621,1627,1637,1657,1663,1667,1669,1693,
+ 1697,1699,1709,1721,1723,1733,1741,1747,
+ 1753,1759,1777,1783,1787,1789,1801,1811,
+ 1823,1831,1847,1861,1867,1871,1873,1877,
+ 1879,1889,1901,1907,1913,1931,1933,1949,
+ 1951,1973,1979,1987,1993,1997,1999,2003,
+ 2011,2017,2027,2029,2039,2053,2063,2069,
+ 2081,2083,2087,2089,2099,2111,2113,2129,
+ 2131,2137,2141,2143,2153,2161,2179,2203,
+ 2207,2213,2221,2237,2239,2243,2251,2267,
+ 2269,2273,2281,2287,2293,2297,2309,2311,
+ 2333,2339,2341,2347,2351,2357,2371,2377,
+ 2381,2383,2389,2393,2399,2411,2417,2423,
+ 2437,2441,2447,2459,2467,2473,2477,2503,
+ 2521,2531,2539,2543,2549,2551,2557,2579,
+ 2591,2593,2609,2617,2621,2633,2647,2657,
+ 2659,2663,2671,2677,2683,2687,2689,2693,
+ 2699,2707,2711,2713,2719,2729,2731,2741,
+ 2749,2753,2767,2777,2789,2791,2797,2801,
+ 2803,2819,2833,2837,2843,2851,2857,2861,
+ 2879,2887,2897,2903,2909,2917,2927,2939,
+ 2953,2957,2963,2969,2971,2999,3001,3011,
+ 3019,3023,3037,3041,3049,3061,3067,3079,
+ 3083,3089,3109,3119,3121,3137,3163,3167,
+ 3169,3181,3187,3191,3203,3209,3217,3221,
+ 3229,3251,3253,3257,3259,3271,3299,3301,
+ 3307,3313,3319,3323,3329,3331,3343,3347,
+ 3359,3361,3371,3373,3389,3391,3407,3413,
+ 3433,3449,3457,3461,3463,3467,3469,3491,
+ 3499,3511,3517,3527,3529,3533,3539,3541,
+ 3547,3557,3559,3571,3581,3583,3593,3607,
+ 3613,3617,3623,3631,3637,3643,3659,3671,
+ 3673,3677,3691,3697,3701,3709,3719,3727,
+ 3733,3739,3761,3767,3769,3779,3793,3797,
+ 3803,3821,3823,3833,3847,3851,3853,3863,
+ 3877,3881,3889,3907,3911,3917,3919,3923,
+ 3929,3931,3943,3947,3967,3989,4001,4003,
+ 4007,4013,4019,4021,4027,4049,4051,4057,
+ 4073,4079,4091,4093,4099,4111,4127,4129,
+ 4133,4139,4153,4157,4159,4177,4201,4211,
+ 4217,4219,4229,4231,4241,4243,4253,4259,
+ 4261,4271,4273,4283,4289,4297,4327,4337,
+ 4339,4349,4357,4363,4373,4391,4397,4409,
+ 4421,4423,4441,4447,4451,4457,4463,4481,
+ 4483,4493,4507,4513,4517,4519,4523,4547,
+ 4549,4561,4567,4583,4591,4597,4603,4621,
+ 4637,4639,4643,4649,4651,4657,4663,4673,
+ 4679,4691,4703,4721,4723,4729,4733,4751,
+ 4759,4783,4787,4789,4793,4799,4801,4813,
+ 4817,4831,4861,4871,4877,4889,4903,4909,
+ 4919,4931,4933,4937,4943,4951,4957,4967,
+ 4969,4973,4987,4993,4999,5003,5009,5011,
+ 5021,5023,5039,5051,5059,5077,5081,5087,
+ 5099,5101,5107,5113,5119,5147,5153,5167,
+ 5171,5179,5189,5197,5209,5227,5231,5233,
+ 5237,5261,5273,5279,5281,5297,5303,5309,
+ 5323,5333,5347,5351,5381,5387,5393,5399,
+ 5407,5413,5417,5419,5431,5437,5441,5443,
+ 5449,5471,5477,5479,5483,5501,5503,5507,
+ 5519,5521,5527,5531,5557,5563,5569,5573,
+ 5581,5591,5623,5639,5641,5647,5651,5653,
+ 5657,5659,5669,5683,5689,5693,5701,5711,
+ 5717,5737,5741,5743,5749,5779,5783,5791,
+ 5801,5807,5813,5821,5827,5839,5843,5849,
+ 5851,5857,5861,5867,5869,5879,5881,5897,
+ 5903,5923,5927,5939,5953,5981,5987,6007,
+ 6011,6029,6037,6043,6047,6053,6067,6073,
+ 6079,6089,6091,6101,6113,6121,6131,6133,
+ 6143,6151,6163,6173,6197,6199,6203,6211,
+ 6217,6221,6229,6247,6257,6263,6269,6271,
+ 6277,6287,6299,6301,6311,6317,6323,6329,
+ 6337,6343,6353,6359,6361,6367,6373,6379,
+ 6389,6397,6421,6427,6449,6451,6469,6473,
+ 6481,6491,6521,6529,6547,6551,6553,6563,
+ 6569,6571,6577,6581,6599,6607,6619,6637,
+ 6653,6659,6661,6673,6679,6689,6691,6701,
+ 6703,6709,6719,6733,6737,6761,6763,6779,
+ 6781,6791,6793,6803,6823,6827,6829,6833,
+ 6841,6857,6863,6869,6871,6883,6899,6907,
+ 6911,6917,6947,6949,6959,6961,6967,6971,
+ 6977,6983,6991,6997,7001,7013,7019,7027,
+ 7039,7043,7057,7069,7079,7103,7109,7121,
+ 7127,7129,7151,7159,7177,7187,7193,7207,
+ 7211,7213,7219,7229,7237,7243,7247,7253,
+ 7283,7297,7307,7309,7321,7331,7333,7349,
+ 7351,7369,7393,7411,7417,7433,7451,7457,
+ 7459,7477,7481,7487,7489,7499,7507,7517,
+ 7523,7529,7537,7541,7547,7549,7559,7561,
+ 7573,7577,7583,7589,7591,7603,7607,7621,
+ 7639,7643,7649,7669,7673,7681,7687,7691,
+ 7699,7703,7717,7723,7727,7741,7753,7757,
+ 7759,7789,7793,7817,7823,7829,7841,7853,
+ 7867,7873,7877,7879,7883,7901,7907,7919,
+ 7927,7933,7937,7949,7951,7963,7993,8009,
+ 8011,8017,8039,8053,8059,8069,8081,8087,
+ 8089,8093,8101,8111,8117,8123,8147,8161,
+ 8167,8171,8179,8191,8209,8219,8221,8231,
+ 8233,8237,8243,8263,8269,8273,8287,8291,
+ 8293,8297,8311,8317,8329,8353,8363,8369,
+ 8377,8387,8389,8419,8423,8429,8431,8443,
+ 8447,8461,8467,8501,8513,8521,8527,8537,
+ 8539,8543,8563,8573,8581,8597,8599,8609,
+ 8623,8627,8629,8641,8647,8663,8669,8677,
+ 8681,8689,8693,8699,8707,8713,8719,8731,
+ 8737,8741,8747,8753,8761,8779,8783,8803,
+ 8807,8819,8821,8831,8837,8839,8849,8861,
+ 8863,8867,8887,8893,8923,8929,8933,8941,
+ 8951,8963,8969,8971,8999,9001,9007,9011,
+ 9013,9029,9041,9043,9049,9059,9067,9091,
+ 9103,9109,9127,9133,9137,9151,9157,9161,
+ 9173,9181,9187,9199,9203,9209,9221,9227,
+ 9239,9241,9257,9277,9281,9283,9293,9311,
+ 9319,9323,9337,9341,9343,9349,9371,9377,
+ 9391,9397,9403,9413,9419,9421,9431,9433,
+ 9437,9439,9461,9463,9467,9473,9479,9491,
+ 9497,9511,9521,9533,9539,9547,9551,9587,
+ 9601,9613,9619,9623,9629,9631,9643,9649,
+ 9661,9677,9679,9689,9697,9719,9721,9733,
+ 9739,9743,9749,9767,9769,9781,9787,9791,
+ 9803,9811,9817,9829,9833,9839,9851,9857,
+ 9859,9871,9883,9887,9901,9907,9923,9929,
+ 9931,9941,9949,9967,9973,10007,10009,10037,
+ 10039,10061,10067,10069,10079,10091,10093,10099,
+ 10103,10111,10133,10139,10141,10151,10159,10163,
+ 10169,10177,10181,10193,10211,10223,10243,10247,
+ 10253,10259,10267,10271,10273,10289,10301,10303,
+ 10313,10321,10331,10333,10337,10343,10357,10369,
+ 10391,10399,10427,10429,10433,10453,10457,10459,
+ 10463,10477,10487,10499,10501,10513,10529,10531,
+ 10559,10567,10589,10597,10601,10607,10613,10627,
+ 10631,10639,10651,10657,10663,10667,10687,10691,
+ 10709,10711,10723,10729,10733,10739,10753,10771,
+ 10781,10789,10799,10831,10837,10847,10853,10859,
+ 10861,10867,10883,10889,10891,10903,10909,10937,
+ 10939,10949,10957,10973,10979,10987,10993,11003,
+ 11027,11047,11057,11059,11069,11071,11083,11087,
+ 11093,11113,11117,11119,11131,11149,11159,11161,
+ 11171,11173,11177,11197,11213,11239,11243,11251,
+ 11257,11261,11273,11279,11287,11299,11311,11317,
+ 11321,11329,11351,11353,11369,11383,11393,11399,
+ 11411,11423,11437,11443,11447,11467,11471,11483,
+ 11489,11491,11497,11503,11519,11527,11549,11551,
+ 11579,11587,11593,11597,11617,11621,11633,11657,
+ 11677,11681,11689,11699,11701,11717,11719,11731,
+ 11743,11777,11779,11783,11789,11801,11807,11813,
+ 11821,11827,11831,11833,11839,11863,11867,11887,
+ 11897,11903,11909,11923,11927,11933,11939,11941,
+ 11953,11959,11969,11971,11981,11987,12007,12011,
+ 12037,12041,12043,12049,12071,12073,12097,12101,
+ 12107,12109,12113,12119,12143,12149,12157,12161,
+ 12163,12197,12203,12211,12227,12239,12241,12251,
+ 12253,12263,12269,12277,12281,12289,12301,12323,
+ 12329,12343,12347,12373,12377,12379,12391,12401,
+ 12409,12413,12421,12433,12437,12451,12457,12473,
+ 12479,12487,12491,12497,12503,12511,12517,12527,
+ 12539,12541,12547,12553,12569,12577,12583,12589,
+ 12601,12611,12613,12619,12637,12641,12647,12653,
+ 12659,12671,12689,12697,12703,12713,12721,12739,
+ 12743,12757,12763,12781,12791,12799,12809,12821,
+ 12823,12829,12841,12853,12889,12893,12899,12907,
+ 12911,12917,12919,12923,12941,12953,12959,12967,
+ 12973,12979,12983,13001,13003,13007,13009,13033,
+ 13037,13043,13049,13063,13093,13099,13103,13109,
+ 13121,13127,13147,13151,13159,13163,13171,13177,
+ 13183,13187,13217,13219,13229,13241,13249,13259,
+ 13267,13291,13297,13309,13313,13327,13331,13337,
+ 13339,13367,13381,13397,13399,13411,13417,13421,
+ 13441,13451,13457,13463,13469,13477,13487,13499,
+ 13513,13523,13537,13553,13567,13577,13591,13597,
+ 13613,13619,13627,13633,13649,13669,13679,13681,
+ 13687,13691,13693,13697,13709,13711,13721,13723,
+ 13729,13751,13757,13759,13763,13781,13789,13799,
+ 13807,13829,13831,13841,13859,13873,13877,13879,
+ 13883,13901,13903,13907,13913,13921,13931,13933,
+ 13963,13967,13997,13999,14009,14011,14029,14033,
+ 14051,14057,14071,14081,14083,14087,14107,14143,
+ 14149,14153,14159,14173,14177,14197,14207,14221,
+ 14243,14249,14251,14281,14293,14303,14321,14323,
+ 14327,14341,14347,14369,14387,14389,14401,14407,
+ 14411,14419,14423,14431,14437,14447,14449,14461,
+ 14479,14489,14503,14519,14533,14537,14543,14549,
+ 14551,14557,14561,14563,14591,14593,14621,14627,
+ 14629,14633,14639,14653,14657,14669,14683,14699,
+ 14713,14717,14723,14731,14737,14741,14747,14753,
+ 14759,14767,14771,14779,14783,14797,14813,14821,
+ 14827,14831,14843,14851,14867,14869,14879,14887,
+ 14891,14897,14923,14929,14939,14947,14951,14957,
+ 14969,14983,15013,15017,15031,15053,15061,15073,
+ 15077,15083,15091,15101,15107,15121,15131,15137,
+ 15139,15149,15161,15173,15187,15193,15199,15217,
+ 15227,15233,15241,15259,15263,15269,15271,15277,
+ 15287,15289,15299,15307,15313,15319,15329,15331,
+ 15349,15359,15361,15373,15377,15383,15391,15401,
+ 15413,15427,15439,15443,15451,15461,15467,15473,
+ 15493,15497,15511,15527,15541,15551,15559,15569,
+ 15581,15583,15601,15607,15619,15629,15641,15643,
+ 15647,15649,15661,15667,15671,15679,15683,15727,
+ 15731,15733,15737,15739,15749,15761,15767,15773,
+ 15787,15791,15797,15803,15809,15817,15823,15859,
+ 15877,15881,15887,15889,15901,15907,15913,15919,
+ 15923,15937,15959,15971,15973,15991,16001,16007,
+ 16033,16057,16061,16063,16067,16069,16073,16087,
+ 16091,16097,16103,16111,16127,16139,16141,16183,
+ 16187,16189,16193,16217,16223,16229,16231,16249,
+ 16253,16267,16273,16301,16319,16333,16339,16349,
+ 16361,16363,16369,16381,16411,16417,16421,16427,
+ 16433,16447,16451,16453,16477,16481,16487,16493,
+ 16519,16529,16547,16553,16561,16567,16573,16603,
+ 16607,16619,16631,16633,16649,16651,16657,16661,
+ 16673,16691,16693,16699,16703,16729,16741,16747,
+ 16759,16763,16787,16811,16823,16829,16831,16843,
+ 16871,16879,16883,16889,16901,16903,16921,16927,
+ 16931,16937,16943,16963,16979,16981,16987,16993,
+ 17011,17021,17027,17029,17033,17041,17047,17053,
+ 17077,17093,17099,17107,17117,17123,17137,17159,
+ 17167,17183,17189,17191,17203,17207,17209,17231,
+ 17239,17257,17291,17293,17299,17317,17321,17327,
+ 17333,17341,17351,17359,17377,17383,17387,17389,
+ 17393,17401,17417,17419,17431,17443,17449,17467,
+ 17471,17477,17483,17489,17491,17497,17509,17519,
+ 17539,17551,17569,17573,17579,17581,17597,17599,
+ 17609,17623,17627,17657,17659,17669,17681,17683,
+ 17707,17713,17729,17737,17747,17749,17761,17783,
+ 17789,17791,17807,17827,17837,17839,17851,17863,
+#endif
+ };
Added: vendor-crypto/openssl/dist/crypto/bn/bn_prime.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_prime.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_prime.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,119 @@
+#!/usr/local/bin/perl
+# bn_prime.pl
+
+$num=2048;
+$num=$ARGV[0] if ($#ARGV >= 0);
+
+push(@primes,2);
+$p=1;
+loop: while ($#primes < $num-1)
+ {
+ $p+=2;
+ $s=int(sqrt($p));
+
+ for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++)
+ {
+ next loop if (($p%$primes[$i]) == 0);
+ }
+ push(@primes,$p);
+ }
+
+# print <<"EOF";
+# /* Auto generated by bn_prime.pl */
+# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+# * All rights reserved.
+# * Copyright remains Eric Young's, and as such any Copyright notices in
+# * the code are not to be removed.
+# * See the COPYRIGHT file in the SSLeay distribution for more details.
+# */
+#
+# EOF
+
+print <<\EOF;
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+EOF
+
+for ($i=0; $i <= $#primes; $i++)
+ {
+ if ($primes[$i] > 256)
+ {
+ $eight=$i;
+ last;
+ }
+ }
+
+printf "#ifndef EIGHT_BIT\n";
+printf "#define NUMPRIMES %d\n",$num;
+printf "typedef unsigned short prime_t;\n";
+printf "#else\n";
+printf "#define NUMPRIMES %d\n",$eight;
+printf "typedef unsigned char prime_t;\n";
+printf "#endif\n";
+print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t";
+$init=0;
+for ($i=0; $i <= $#primes; $i++)
+ {
+ printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
+ printf("\n\t") if (($i%8) == 0) && ($i != 0);
+ printf("%4d,",$primes[$i]);
+ }
+print "\n#endif\n\t};\n";
+
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_print.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_print.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,338 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char Hex[]="0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+ {
+ int i,j,v,z=0;
+ char *buf;
+ char *p;
+
+ buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+ if (buf == NULL)
+ {
+ BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p=buf;
+ if (a->neg) *(p++)='-';
+ if (BN_is_zero(a)) *(p++)='0';
+ for (i=a->top-1; i >=0; i--)
+ {
+ for (j=BN_BITS2-8; j >= 0; j-=8)
+ {
+ /* strip leading zeros */
+ v=((int)(a->d[i]>>(long)j))&0xff;
+ if (z || (v != 0))
+ {
+ *(p++)=Hex[v>>4];
+ *(p++)=Hex[v&0x0f];
+ z=1;
+ }
+ }
+ }
+ *p='\0';
+err:
+ return(buf);
+ }
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+ {
+ int i=0,num, ok = 0;
+ char *buf=NULL;
+ char *p;
+ BIGNUM *t=NULL;
+ BN_ULONG *bn_data=NULL,*lp;
+
+ /* get an upper bound for the length of the decimal integer
+ * num <= (BN_num_bits(a) + 1) * log(2)
+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ */
+ i=BN_num_bits(a)*3;
+ num=(i/10+i/1000+1)+1;
+ bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+ buf=(char *)OPENSSL_malloc(num+3);
+ if ((buf == NULL) || (bn_data == NULL))
+ {
+ BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((t=BN_dup(a)) == NULL) goto err;
+
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
+ p=buf;
+ lp=bn_data;
+ if (BN_is_zero(t))
+ {
+ *(p++)='0';
+ *(p++)='\0';
+ }
+ else
+ {
+ if (BN_is_negative(t))
+ *p++ = '-';
+
+ i=0;
+ while (!BN_is_zero(t))
+ {
+ *lp=BN_div_word(t,BN_DEC_CONV);
+ lp++;
+ }
+ lp--;
+ /* We now have a series of blocks, BN_DEC_NUM chars
+ * in length, where the last one needs truncation.
+ * The blocks need to be reversed in order. */
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
+ while (*p) p++;
+ while (lp != bn_data)
+ {
+ lp--;
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
+ while (*p) p++;
+ }
+ }
+ ok = 1;
+err:
+ if (bn_data != NULL) OPENSSL_free(bn_data);
+ if (t != NULL) BN_free(t);
+ if (!ok && buf)
+ {
+ OPENSSL_free(buf);
+ buf = NULL;
+ }
+
+ return(buf);
+ }
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+ {
+ BIGNUM *ret=NULL;
+ BN_ULONG l=0;
+ int neg=0,h,m,i,j,k,c;
+ int num;
+
+ if ((a == NULL) || (*a == '\0')) return(0);
+
+ if (*a == '-') { neg=1; a++; }
+
+ for (i=0; isxdigit((unsigned char) a[i]); i++)
+ ;
+
+ num=i+neg;
+ if (bn == NULL) return(num);
+
+ /* a is the start of the hex digits, and it is 'i' long */
+ if (*bn == NULL)
+ {
+ if ((ret=BN_new()) == NULL) return(0);
+ }
+ else
+ {
+ ret= *bn;
+ BN_zero(ret);
+ }
+
+ /* i is the number of hex digests; */
+ if (bn_expand(ret,i*4) == NULL) goto err;
+
+ j=i; /* least significant 'hex' */
+ m=0;
+ h=0;
+ while (j > 0)
+ {
+ m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
+ l=0;
+ for (;;)
+ {
+ c=a[j-m];
+ if ((c >= '0') && (c <= '9')) k=c-'0';
+ else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
+ else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
+ else k=0; /* paranoia */
+ l=(l<<4)|k;
+
+ if (--m <= 0)
+ {
+ ret->d[h++]=l;
+ break;
+ }
+ }
+ j-=(BN_BYTES*2);
+ }
+ ret->top=h;
+ bn_correct_top(ret);
+ ret->neg=neg;
+
+ *bn=ret;
+ bn_check_top(ret);
+ return(num);
+err:
+ if (*bn == NULL) BN_free(ret);
+ return(0);
+ }
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+ {
+ BIGNUM *ret=NULL;
+ BN_ULONG l=0;
+ int neg=0,i,j;
+ int num;
+
+ if ((a == NULL) || (*a == '\0')) return(0);
+ if (*a == '-') { neg=1; a++; }
+
+ for (i=0; isdigit((unsigned char) a[i]); i++)
+ ;
+
+ num=i+neg;
+ if (bn == NULL) return(num);
+
+ /* a is the start of the digits, and it is 'i' long.
+ * We chop it into BN_DEC_NUM digits at a time */
+ if (*bn == NULL)
+ {
+ if ((ret=BN_new()) == NULL) return(0);
+ }
+ else
+ {
+ ret= *bn;
+ BN_zero(ret);
+ }
+
+ /* i is the number of digests, a bit of an over expand; */
+ if (bn_expand(ret,i*4) == NULL) goto err;
+
+ j=BN_DEC_NUM-(i%BN_DEC_NUM);
+ if (j == BN_DEC_NUM) j=0;
+ l=0;
+ while (*a)
+ {
+ l*=10;
+ l+= *a-'0';
+ a++;
+ if (++j == BN_DEC_NUM)
+ {
+ BN_mul_word(ret,BN_DEC_CONV);
+ BN_add_word(ret,l);
+ l=0;
+ j=0;
+ }
+ }
+ ret->neg=neg;
+
+ bn_correct_top(ret);
+ *bn=ret;
+ bn_check_top(ret);
+ return(num);
+err:
+ if (*bn == NULL) BN_free(ret);
+ return(0);
+ }
+
+#ifndef OPENSSL_NO_BIO
+#ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ return(0);
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=BN_print(b,a);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+ {
+ int i,j,v,z=0;
+ int ret=0;
+
+ if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
+ if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
+ for (i=a->top-1; i >=0; i--)
+ {
+ for (j=BN_BITS2-4; j >= 0; j-=4)
+ {
+ /* strip leading zeros */
+ v=((int)(a->d[i]>>(long)j))&0x0f;
+ if (z || (v != 0))
+ {
+ if (BIO_write(bp,&(Hex[v]),1) != 1)
+ goto end;
+ z=1;
+ }
+ }
+ }
+ ret=1;
+end:
+ return(ret);
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn_rand.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_rand.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_rand.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,305 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ unsigned char *buf=NULL;
+ int ret=0,bit,bytes,mask;
+ time_t tim;
+
+ if (bits == 0)
+ {
+ BN_zero(rnd);
+ return 1;
+ }
+
+ bytes=(bits+7)/8;
+ bit=(bits-1)%8;
+ mask=0xff<<(bit+1);
+
+ buf=(unsigned char *)OPENSSL_malloc(bytes);
+ if (buf == NULL)
+ {
+ BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* make a random number and set the top and bottom bits */
+ time(&tim);
+ RAND_add(&tim,sizeof(tim),0.0);
+
+ if (pseudorand)
+ {
+ if (RAND_pseudo_bytes(buf, bytes) == -1)
+ goto err;
+ }
+ else
+ {
+ if (RAND_bytes(buf, bytes) <= 0)
+ goto err;
+ }
+
+#if 1
+ if (pseudorand == 2)
+ {
+ /* generate patterns that are more likely to trigger BN
+ library bugs */
+ int i;
+ unsigned char c;
+
+ for (i = 0; i < bytes; i++)
+ {
+ RAND_pseudo_bytes(&c, 1);
+ if (c >= 128 && i > 0)
+ buf[i] = buf[i-1];
+ else if (c < 42)
+ buf[i] = 0;
+ else if (c < 84)
+ buf[i] = 255;
+ }
+ }
+#endif
+
+ if (top != -1)
+ {
+ if (top)
+ {
+ if (bit == 0)
+ {
+ buf[0]=1;
+ buf[1]|=0x80;
+ }
+ else
+ {
+ buf[0]|=(3<<(bit-1));
+ }
+ }
+ else
+ {
+ buf[0]|=(1<<bit);
+ }
+ }
+ buf[0] &= ~mask;
+ if (bottom) /* set bottom bit if requested */
+ buf[bytes-1]|=1;
+ if (!BN_bin2bn(buf,bytes,rnd)) goto err;
+ ret=1;
+err:
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,bytes);
+ OPENSSL_free(buf);
+ }
+ bn_check_top(rnd);
+ return(ret);
+ }
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ return bnrand(0, rnd, bits, top, bottom);
+ }
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ return bnrand(1, rnd, bits, top, bottom);
+ }
+
+#if 1
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ return bnrand(2, rnd, bits, top, bottom);
+ }
+#endif
+
+
+/* random number r: 0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+ {
+ int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+ int n;
+ int count = 100;
+
+ if (range->neg || BN_is_zero(range))
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+ return 0;
+ }
+
+ n = BN_num_bits(range); /* n > 0 */
+
+ /* BN_is_bit_set(range, n - 1) always holds */
+
+ if (n == 1)
+ BN_zero(r);
+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
+ {
+ /* range = 100..._2,
+ * so 3*range (= 11..._2) is exactly one bit longer than range */
+ do
+ {
+ if (!bn_rand(r, n + 1, -1, 0)) return 0;
+ /* If r < 3*range, use r := r MOD range
+ * (which is either r, r - range, or r - 2*range).
+ * Otherwise, iterate once more.
+ * Since 3*range = 11..._2, each iteration succeeds with
+ * probability >= .75. */
+ if (BN_cmp(r ,range) >= 0)
+ {
+ if (!BN_sub(r, r, range)) return 0;
+ if (BN_cmp(r, range) >= 0)
+ if (!BN_sub(r, r, range)) return 0;
+ }
+
+ if (!--count)
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+ else
+ {
+ do
+ {
+ /* range = 11..._2 or range = 101..._2 */
+ if (!bn_rand(r, n, -1, 0)) return 0;
+
+ if (!--count)
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+
+ bn_check_top(r);
+ return 1;
+ }
+
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+ {
+ return bn_rand_range(0, r, range);
+ }
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+ {
+ return bn_rand_range(1, r, range);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_recp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_recp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_recp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,234 @@
+/* crypto/bn/bn_recp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+ {
+ BN_init(&(recp->N));
+ BN_init(&(recp->Nr));
+ recp->num_bits=0;
+ recp->flags=0;
+ }
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+ {
+ BN_RECP_CTX *ret;
+
+ if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
+ return(NULL);
+
+ BN_RECP_CTX_init(ret);
+ ret->flags=BN_FLG_MALLOCED;
+ return(ret);
+ }
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+ {
+ if(recp == NULL)
+ return;
+
+ BN_free(&(recp->N));
+ BN_free(&(recp->Nr));
+ if (recp->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(recp);
+ }
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+ {
+ if (!BN_copy(&(recp->N),d)) return 0;
+ BN_zero(&(recp->Nr));
+ recp->num_bits=BN_num_bits(d);
+ recp->shift=0;
+ return(1);
+ }
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+ {
+ int ret=0;
+ BIGNUM *a;
+ const BIGNUM *ca;
+
+ BN_CTX_start(ctx);
+ if ((a = BN_CTX_get(ctx)) == NULL) goto err;
+ if (y != NULL)
+ {
+ if (x == y)
+ { if (!BN_sqr(a,x,ctx)) goto err; }
+ else
+ { if (!BN_mul(a,x,y,ctx)) goto err; }
+ ca = a;
+ }
+ else
+ ca=x; /* Just do the mod */
+
+ ret = BN_div_recp(NULL,r,ca,recp,ctx);
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return(ret);
+ }
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+ {
+ int i,j,ret=0;
+ BIGNUM *a,*b,*d,*r;
+
+ BN_CTX_start(ctx);
+ a=BN_CTX_get(ctx);
+ b=BN_CTX_get(ctx);
+ if (dv != NULL)
+ d=dv;
+ else
+ d=BN_CTX_get(ctx);
+ if (rem != NULL)
+ r=rem;
+ else
+ r=BN_CTX_get(ctx);
+ if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
+
+ if (BN_ucmp(m,&(recp->N)) < 0)
+ {
+ BN_zero(d);
+ if (!BN_copy(r,m)) return 0;
+ BN_CTX_end(ctx);
+ return(1);
+ }
+
+ /* We want the remainder
+ * Given input of ABCDEF / ab
+ * we need multiply ABCDEF by 3 digests of the reciprocal of ab
+ *
+ */
+
+ /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+ i=BN_num_bits(m);
+ j=recp->num_bits<<1;
+ if (j>i) i=j;
+
+ /* Nr := round(2^i / N) */
+ if (i != recp->shift)
+ recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
+ i,ctx); /* BN_reciprocal returns i, or -1 for an error */
+ if (recp->shift == -1) goto err;
+
+ /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+ * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+ * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+ * = |m/N|
+ */
+ if (!BN_rshift(a,m,recp->num_bits)) goto err;
+ if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
+ if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
+ d->neg=0;
+
+ if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
+ if (!BN_usub(r,m,b)) goto err;
+ r->neg=0;
+
+#if 1
+ j=0;
+ while (BN_ucmp(r,&(recp->N)) >= 0)
+ {
+ if (j++ > 2)
+ {
+ BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
+ goto err;
+ }
+ if (!BN_usub(r,r,&(recp->N))) goto err;
+ if (!BN_add_word(d,1)) goto err;
+ }
+#endif
+
+ r->neg=BN_is_zero(r)?0:m->neg;
+ d->neg=m->neg^recp->N.neg;
+ ret=1;
+err:
+ BN_CTX_end(ctx);
+ bn_check_top(dv);
+ bn_check_top(rem);
+ return(ret);
+ }
+
+/* len is the expected size of the result
+ * We actually calculate with an extra word of precision, so
+ * we can do faster division if the remainder is not required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+ {
+ int ret= -1;
+ BIGNUM *t;
+
+ BN_CTX_start(ctx);
+ if((t = BN_CTX_get(ctx)) == NULL) goto err;
+
+ if (!BN_set_bit(t,len)) goto err;
+
+ if (!BN_div(r,NULL,t,m,ctx)) goto err;
+
+ ret=len;
+err:
+ bn_check_top(r);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_shift.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_shift.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_shift.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,220 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+ {
+ register BN_ULONG *ap,*rp,t,c;
+ int i;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ if (r != a)
+ {
+ r->neg=a->neg;
+ if (bn_wexpand(r,a->top+1) == NULL) return(0);
+ r->top=a->top;
+ }
+ else
+ {
+ if (bn_wexpand(r,a->top+1) == NULL) return(0);
+ }
+ ap=a->d;
+ rp=r->d;
+ c=0;
+ for (i=0; i<a->top; i++)
+ {
+ t= *(ap++);
+ *(rp++)=((t<<1)|c)&BN_MASK2;
+ c=(t & BN_TBIT)?1:0;
+ }
+ if (c)
+ {
+ *rp=1;
+ r->top++;
+ }
+ bn_check_top(r);
+ return(1);
+ }
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+ {
+ BN_ULONG *ap,*rp,t,c;
+ int i;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ if (BN_is_zero(a))
+ {
+ BN_zero(r);
+ return(1);
+ }
+ if (a != r)
+ {
+ if (bn_wexpand(r,a->top) == NULL) return(0);
+ r->top=a->top;
+ r->neg=a->neg;
+ }
+ ap=a->d;
+ rp=r->d;
+ c=0;
+ for (i=a->top-1; i>=0; i--)
+ {
+ t=ap[i];
+ rp[i]=((t>>1)&BN_MASK2)|c;
+ c=(t&1)?BN_TBIT:0;
+ }
+ bn_correct_top(r);
+ bn_check_top(r);
+ return(1);
+ }
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+ {
+ int i,nw,lb,rb;
+ BN_ULONG *t,*f;
+ BN_ULONG l;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ r->neg=a->neg;
+ nw=n/BN_BITS2;
+ if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
+ lb=n%BN_BITS2;
+ rb=BN_BITS2-lb;
+ f=a->d;
+ t=r->d;
+ t[a->top+nw]=0;
+ if (lb == 0)
+ for (i=a->top-1; i>=0; i--)
+ t[nw+i]=f[i];
+ else
+ for (i=a->top-1; i>=0; i--)
+ {
+ l=f[i];
+ t[nw+i+1]|=(l>>rb)&BN_MASK2;
+ t[nw+i]=(l<<lb)&BN_MASK2;
+ }
+ memset(t,0,nw*sizeof(t[0]));
+/* for (i=0; i<nw; i++)
+ t[i]=0;*/
+ r->top=a->top+nw+1;
+ bn_correct_top(r);
+ bn_check_top(r);
+ return(1);
+ }
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+ {
+ int i,j,nw,lb,rb;
+ BN_ULONG *t,*f;
+ BN_ULONG l,tmp;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ nw=n/BN_BITS2;
+ rb=n%BN_BITS2;
+ lb=BN_BITS2-rb;
+ if (nw >= a->top || a->top == 0)
+ {
+ BN_zero(r);
+ return(1);
+ }
+ if (r != a)
+ {
+ r->neg=a->neg;
+ if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
+ }
+ else
+ {
+ if (n == 0)
+ return 1; /* or the copying loop will go berserk */
+ }
+
+ f= &(a->d[nw]);
+ t=r->d;
+ j=a->top-nw;
+ r->top=j;
+
+ if (rb == 0)
+ {
+ for (i=j; i != 0; i--)
+ *(t++)= *(f++);
+ }
+ else
+ {
+ l= *(f++);
+ for (i=j-1; i != 0; i--)
+ {
+ tmp =(l>>rb)&BN_MASK2;
+ l= *(f++);
+ *(t++) =(tmp|(l<<lb))&BN_MASK2;
+ }
+ *(t++) =(l>>rb)&BN_MASK2;
+ }
+ bn_correct_top(r);
+ bn_check_top(r);
+ return(1);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,295 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+ {
+ int max,al;
+ int ret = 0;
+ BIGNUM *tmp,*rr;
+
+#ifdef BN_COUNT
+ fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
+#endif
+ bn_check_top(a);
+
+ al=a->top;
+ if (al <= 0)
+ {
+ r->top=0;
+ r->neg = 0;
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ rr=(a != r) ? r : BN_CTX_get(ctx);
+ tmp=BN_CTX_get(ctx);
+ if (!rr || !tmp) goto err;
+
+ max = 2 * al; /* Non-zero (from above) */
+ if (bn_wexpand(rr,max) == NULL) goto err;
+
+ if (al == 4)
+ {
+#ifndef BN_SQR_COMBA
+ BN_ULONG t[8];
+ bn_sqr_normal(rr->d,a->d,4,t);
+#else
+ bn_sqr_comba4(rr->d,a->d);
+#endif
+ }
+ else if (al == 8)
+ {
+#ifndef BN_SQR_COMBA
+ BN_ULONG t[16];
+ bn_sqr_normal(rr->d,a->d,8,t);
+#else
+ bn_sqr_comba8(rr->d,a->d);
+#endif
+ }
+ else
+ {
+#if defined(BN_RECURSION)
+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
+ {
+ BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
+ bn_sqr_normal(rr->d,a->d,al,t);
+ }
+ else
+ {
+ int j,k;
+
+ j=BN_num_bits_word((BN_ULONG)al);
+ j=1<<(j-1);
+ k=j+j;
+ if (al == j)
+ {
+ if (bn_wexpand(tmp,k*2) == NULL) goto err;
+ bn_sqr_recursive(rr->d,a->d,al,tmp->d);
+ }
+ else
+ {
+ if (bn_wexpand(tmp,max) == NULL) goto err;
+ bn_sqr_normal(rr->d,a->d,al,tmp->d);
+ }
+ }
+#else
+ if (bn_wexpand(tmp,max) == NULL) goto err;
+ bn_sqr_normal(rr->d,a->d,al,tmp->d);
+#endif
+ }
+
+ rr->neg=0;
+ /* If the most-significant half of the top word of 'a' is zero, then
+ * the square of 'a' will max-1 words. */
+ if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+ rr->top = max - 1;
+ else
+ rr->top = max;
+ if (rr != r) BN_copy(r,rr);
+ ret = 1;
+ err:
+ bn_check_top(rr);
+ bn_check_top(tmp);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+ {
+ int i,j,max;
+ const BN_ULONG *ap;
+ BN_ULONG *rp;
+
+ max=n*2;
+ ap=a;
+ rp=r;
+ rp[0]=rp[max-1]=0;
+ rp++;
+ j=n;
+
+ if (--j > 0)
+ {
+ ap++;
+ rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
+ rp+=2;
+ }
+
+ for (i=n-2; i>0; i--)
+ {
+ j--;
+ ap++;
+ rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
+ rp+=2;
+ }
+
+ bn_add_words(r,r,r,max);
+
+ /* There will not be a carry */
+
+ bn_sqr_words(tmp,a,n);
+
+ bn_add_words(r,r,tmp,max);
+ }
+
+#ifdef BN_RECURSION
+/* r is 2*n words in size,
+ * a and b are both n words in size. (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+ {
+ int n=n2/2;
+ int zero,c1;
+ BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+ fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
+#endif
+ if (n2 == 4)
+ {
+#ifndef BN_SQR_COMBA
+ bn_sqr_normal(r,a,4,t);
+#else
+ bn_sqr_comba4(r,a);
+#endif
+ return;
+ }
+ else if (n2 == 8)
+ {
+#ifndef BN_SQR_COMBA
+ bn_sqr_normal(r,a,8,t);
+#else
+ bn_sqr_comba8(r,a);
+#endif
+ return;
+ }
+ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+ {
+ bn_sqr_normal(r,a,n2,t);
+ return;
+ }
+ /* r=(a[0]-a[1])*(a[1]-a[0]) */
+ c1=bn_cmp_words(a,&(a[n]),n);
+ zero=0;
+ if (c1 > 0)
+ bn_sub_words(t,a,&(a[n]),n);
+ else if (c1 < 0)
+ bn_sub_words(t,&(a[n]),a,n);
+ else
+ zero=1;
+
+ /* The result will always be negative unless it is zero */
+ p= &(t[n2*2]);
+
+ if (!zero)
+ bn_sqr_recursive(&(t[n2]),t,n,p);
+ else
+ memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+ bn_sqr_recursive(r,a,n,p);
+ bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+
+ /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+ /* t[32] is negative */
+ c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+ /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+ * r[10] holds (a[0]*a[0])
+ * r[32] holds (a[1]*a[1])
+ * c1 holds the carry bits
+ */
+ c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+ if (c1)
+ {
+ p= &(r[n+n2]);
+ lo= *p;
+ ln=(lo+c1)&BN_MASK2;
+ *p=ln;
+
+ /* The overflow will stop before we over write
+ * words we should not overwrite */
+ if (ln < (BN_ULONG)c1)
+ {
+ do {
+ p++;
+ lo= *p;
+ ln=(lo+1)&BN_MASK2;
+ *p=ln;
+ } while (ln == 0);
+ }
+ }
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,393 @@
+/* crypto/bn/bn_sqrt.c */
+/* Written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
+ * and Bodo Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/* Returns 'ret' such that
+ * ret^2 == a (mod p),
+ * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
+ * in Algebraic Computational Number Theory", algorithm 1.5.1).
+ * 'p' must be prime!
+ */
+ {
+ BIGNUM *ret = in;
+ int err = 1;
+ int r;
+ BIGNUM *A, *b, *q, *t, *x, *y;
+ int e, i, j;
+
+ if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
+ {
+ if (BN_abs_is_word(p, 2))
+ {
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL)
+ goto end;
+ if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
+ {
+ if (ret != in)
+ BN_free(ret);
+ return NULL;
+ }
+ bn_check_top(ret);
+ return ret;
+ }
+
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ return(NULL);
+ }
+
+ if (BN_is_zero(a) || BN_is_one(a))
+ {
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL)
+ goto end;
+ if (!BN_set_word(ret, BN_is_one(a)))
+ {
+ if (ret != in)
+ BN_free(ret);
+ return NULL;
+ }
+ bn_check_top(ret);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL) goto end;
+
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL) goto end;
+
+ /* A = a mod p */
+ if (!BN_nnmod(A, a, p, ctx)) goto end;
+
+ /* now write |p| - 1 as 2^e*q where q is odd */
+ e = 1;
+ while (!BN_is_bit_set(p, e))
+ e++;
+ /* we'll set q later (if needed) */
+
+ if (e == 1)
+ {
+ /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
+ * modulo (|p|-1)/2, and square roots can be computed
+ * directly by modular exponentiation.
+ * We have
+ * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
+ * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
+ */
+ if (!BN_rshift(q, p, 2)) goto end;
+ q->neg = 0;
+ if (!BN_add_word(q, 1)) goto end;
+ if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+ if (e == 2)
+ {
+ /* |p| == 5 (mod 8)
+ *
+ * In this case 2 is always a non-square since
+ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
+ * So if a really is a square, then 2*a is a non-square.
+ * Thus for
+ * b := (2*a)^((|p|-5)/8),
+ * i := (2*a)*b^2
+ * we have
+ * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+ * = (2*a)^((p-1)/2)
+ * = -1;
+ * so if we set
+ * x := a*b*(i-1),
+ * then
+ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+ * = a^2 * b^2 * (-2*i)
+ * = a*(-i)*(2*a*b^2)
+ * = a*(-i)*i
+ * = a.
+ *
+ * (This is due to A.O.L. Atkin,
+ * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+ * November 1992.)
+ */
+
+ /* t := 2*a */
+ if (!BN_mod_lshift1_quick(t, A, p)) goto end;
+
+ /* b := (2*a)^((|p|-5)/8) */
+ if (!BN_rshift(q, p, 3)) goto end;
+ q->neg = 0;
+ if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+
+ /* y := b^2 */
+ if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+
+ /* t := (2*a)*b^2 - 1*/
+ if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
+ if (!BN_sub_word(t, 1)) goto end;
+
+ /* x = a*b*t */
+ if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+
+ if (!BN_copy(ret, x)) goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+ /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
+ * First, find some y that is not a square. */
+ if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
+ q->neg = 0;
+ i = 2;
+ do
+ {
+ /* For efficiency, try small numbers first;
+ * if this fails, try random numbers.
+ */
+ if (i < 22)
+ {
+ if (!BN_set_word(y, i)) goto end;
+ }
+ else
+ {
+ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
+ if (BN_ucmp(y, p) >= 0)
+ {
+ if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
+ }
+ /* now 0 <= y < |p| */
+ if (BN_is_zero(y))
+ if (!BN_set_word(y, i)) goto end;
+ }
+
+ r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+ if (r < -1) goto end;
+ if (r == 0)
+ {
+ /* m divides p */
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ goto end;
+ }
+ }
+ while (r == 1 && ++i < 82);
+
+ if (r != -1)
+ {
+ /* Many rounds and still no non-square -- this is more likely
+ * a bug than just bad luck.
+ * Even if p is not prime, we should have found some y
+ * such that r == -1.
+ */
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+ goto end;
+ }
+
+ /* Here's our actual 'q': */
+ if (!BN_rshift(q, q, e)) goto end;
+
+ /* Now that we have some non-square, we can find an element
+ * of order 2^e by computing its q'th power. */
+ if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
+ if (BN_is_one(y))
+ {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ goto end;
+ }
+
+ /* Now we know that (if p is indeed prime) there is an integer
+ * k, 0 <= k < 2^e, such that
+ *
+ * a^q * y^k == 1 (mod p).
+ *
+ * As a^q is a square and y is not, k must be even.
+ * q+1 is even, too, so there is an element
+ *
+ * X := a^((q+1)/2) * y^(k/2),
+ *
+ * and it satisfies
+ *
+ * X^2 = a^q * a * y^k
+ * = a,
+ *
+ * so it is the square root that we are looking for.
+ */
+
+ /* t := (q-1)/2 (note that q is odd) */
+ if (!BN_rshift1(t, q)) goto end;
+
+ /* x := a^((q-1)/2) */
+ if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
+ {
+ if (!BN_nnmod(t, A, p, ctx)) goto end;
+ if (BN_is_zero(t))
+ {
+ /* special case: a == 0 (mod p) */
+ BN_zero(ret);
+ err = 0;
+ goto end;
+ }
+ else
+ if (!BN_one(x)) goto end;
+ }
+ else
+ {
+ if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
+ if (BN_is_zero(x))
+ {
+ /* special case: a == 0 (mod p) */
+ BN_zero(ret);
+ err = 0;
+ goto end;
+ }
+ }
+
+ /* b := a*x^2 (= a^q) */
+ if (!BN_mod_sqr(b, x, p, ctx)) goto end;
+ if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
+
+ /* x := a*x (= a^((q+1)/2)) */
+ if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
+
+ while (1)
+ {
+ /* Now b is a^q * y^k for some even k (0 <= k < 2^E
+ * where E refers to the original value of e, which we
+ * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
+ *
+ * We have a*b = x^2,
+ * y^2^(e-1) = -1,
+ * b^2^(e-1) = 1.
+ */
+
+ if (BN_is_one(b))
+ {
+ if (!BN_copy(ret, x)) goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+
+ /* find smallest i such that b^(2^i) = 1 */
+ i = 1;
+ if (!BN_mod_sqr(t, b, p, ctx)) goto end;
+ while (!BN_is_one(t))
+ {
+ i++;
+ if (i == e)
+ {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+ goto end;
+ }
+ if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
+ }
+
+
+ /* t := y^2^(e - i - 1) */
+ if (!BN_copy(t, y)) goto end;
+ for (j = e - i - 1; j > 0; j--)
+ {
+ if (!BN_mod_sqr(t, t, p, ctx)) goto end;
+ }
+ if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+ if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
+ e = i;
+ }
+
+ vrfy:
+ if (!err)
+ {
+ /* verify the result -- the input might have been not a square
+ * (test added in 0.9.8) */
+
+ if (!BN_mod_sqr(x, ret, p, ctx))
+ err = 1;
+
+ if (!err && 0 != BN_cmp(x, A))
+ {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+ err = 1;
+ }
+ }
+
+ end:
+ if (err)
+ {
+ if (ret != NULL && ret != in)
+ {
+ BN_clear_free(ret);
+ }
+ ret = NULL;
+ }
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return ret;
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/bn_word.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_word.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_word.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,238 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+ {
+#ifndef BN_LLONG
+ BN_ULONG ret=0;
+#else
+ BN_ULLONG ret=0;
+#endif
+ int i;
+
+ if (w == 0)
+ return (BN_ULONG)-1;
+
+ bn_check_top(a);
+ w&=BN_MASK2;
+ for (i=a->top-1; i>=0; i--)
+ {
+#ifndef BN_LLONG
+ ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
+ ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
+#else
+ ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
+ (BN_ULLONG)w);
+#endif
+ }
+ return((BN_ULONG)ret);
+ }
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+ {
+ BN_ULONG ret = 0;
+ int i, j;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ if (!w)
+ /* actually this an error (division by zero) */
+ return (BN_ULONG)-1;
+ if (a->top == 0)
+ return 0;
+
+ /* normalize input (so bn_div_words doesn't complain) */
+ j = BN_BITS2 - BN_num_bits_word(w);
+ w <<= j;
+ if (!BN_lshift(a, a, j))
+ return (BN_ULONG)-1;
+
+ for (i=a->top-1; i>=0; i--)
+ {
+ BN_ULONG l,d;
+
+ l=a->d[i];
+ d=bn_div_words(ret,l,w);
+ ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
+ a->d[i]=d;
+ }
+ if ((a->top > 0) && (a->d[a->top-1] == 0))
+ a->top--;
+ ret >>= j;
+ bn_check_top(a);
+ return(ret);
+ }
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+ {
+ BN_ULONG l;
+ int i;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ /* degenerate case: w is zero */
+ if (!w) return 1;
+ /* degenerate case: a is zero */
+ if(BN_is_zero(a)) return BN_set_word(a, w);
+ /* handle 'a' when negative */
+ if (a->neg)
+ {
+ a->neg=0;
+ i=BN_sub_word(a,w);
+ if (!BN_is_zero(a))
+ a->neg=!(a->neg);
+ return(i);
+ }
+ for (i=0;w!=0 && i<a->top;i++)
+ {
+ a->d[i] = l = (a->d[i]+w)&BN_MASK2;
+ w = (w>l)?1:0;
+ }
+ if (w && i==a->top)
+ {
+ if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ a->top++;
+ a->d[i]=w;
+ }
+ bn_check_top(a);
+ return(1);
+ }
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+ {
+ int i;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ /* degenerate case: w is zero */
+ if (!w) return 1;
+ /* degenerate case: a is zero */
+ if(BN_is_zero(a))
+ {
+ i = BN_set_word(a,w);
+ if (i != 0)
+ BN_set_negative(a, 1);
+ return i;
+ }
+ /* handle 'a' when negative */
+ if (a->neg)
+ {
+ a->neg=0;
+ i=BN_add_word(a,w);
+ a->neg=1;
+ return(i);
+ }
+
+ if ((a->top == 1) && (a->d[0] < w))
+ {
+ a->d[0]=w-a->d[0];
+ a->neg=1;
+ return(1);
+ }
+ i=0;
+ for (;;)
+ {
+ if (a->d[i] >= w)
+ {
+ a->d[i]-=w;
+ break;
+ }
+ else
+ {
+ a->d[i]=(a->d[i]-w)&BN_MASK2;
+ i++;
+ w=1;
+ }
+ }
+ if ((a->d[i] == 0) && (i == (a->top-1)))
+ a->top--;
+ bn_check_top(a);
+ return(1);
+ }
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+ {
+ BN_ULONG ll;
+
+ bn_check_top(a);
+ w&=BN_MASK2;
+ if (a->top)
+ {
+ if (w == 0)
+ BN_zero(a);
+ else
+ {
+ ll=bn_mul_words(a->d,a->d,a->top,w);
+ if (ll)
+ {
+ if (bn_wexpand(a,a->top+1) == NULL) return(0);
+ a->d[a->top++]=ll;
+ }
+ }
+ }
+ bn_check_top(a);
+ return(1);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,272 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+
+/* X9.31 routines for prime derivation */
+
+/* X9.31 prime derivation. This is used to generate the primes pi
+ * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
+ * integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+ BN_GENCB *cb)
+ {
+ int i = 0;
+ if (!BN_copy(pi, Xpi))
+ return 0;
+ if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+ return 0;
+ for(;;)
+ {
+ i++;
+ BN_GENCB_call(cb, 0, i);
+ /* NB 27 MR is specificed in X9.31 */
+ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+ break;
+ if (!BN_add_word(pi, 2))
+ return 0;
+ }
+ BN_GENCB_call(cb, 2, i);
+ return 1;
+ }
+
+/* This is the main X9.31 prime derivation function. From parameters
+ * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
+ * not NULL they will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+ {
+ int ret = 0;
+
+ BIGNUM *t, *p1p2, *pm1;
+
+ /* Only even e supported */
+ if (!BN_is_odd(e))
+ return 0;
+
+ BN_CTX_start(ctx);
+ if (!p1)
+ p1 = BN_CTX_get(ctx);
+
+ if (!p2)
+ p2 = BN_CTX_get(ctx);
+
+ t = BN_CTX_get(ctx);
+
+ p1p2 = BN_CTX_get(ctx);
+
+ pm1 = BN_CTX_get(ctx);
+
+ if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+ goto err;
+
+ if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+ goto err;
+
+ if (!BN_mul(p1p2, p1, p2, ctx))
+ goto err;
+
+ /* First set p to value of Rp */
+
+ if (!BN_mod_inverse(p, p2, p1, ctx))
+ goto err;
+
+ if (!BN_mul(p, p, p2, ctx))
+ goto err;
+
+ if (!BN_mod_inverse(t, p1, p2, ctx))
+ goto err;
+
+ if (!BN_mul(t, t, p1, ctx))
+ goto err;
+
+ if (!BN_sub(p, p, t))
+ goto err;
+
+ if (p->neg && !BN_add(p, p, p1p2))
+ goto err;
+
+ /* p now equals Rp */
+
+ if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+ goto err;
+
+ if (!BN_add(p, p, Xp))
+ goto err;
+
+ /* p now equals Yp0 */
+
+ for (;;)
+ {
+ int i = 1;
+ BN_GENCB_call(cb, 0, i++);
+ if (!BN_copy(pm1, p))
+ goto err;
+ if (!BN_sub_word(pm1, 1))
+ goto err;
+ if (!BN_gcd(t, pm1, e, ctx))
+ goto err;
+ if (BN_is_one(t)
+ /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
+ * offering similar or better guarantees 50 MR is considerably
+ * better.
+ */
+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+ break;
+ if (!BN_add(p, p, p1p2))
+ goto err;
+ }
+
+ BN_GENCB_call(cb, 3, 0);
+
+ ret = 1;
+
+ err:
+
+ BN_CTX_end(ctx);
+
+ return ret;
+ }
+
+/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
+ * Note: nbits paramter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+ {
+ BIGNUM *t;
+ int i;
+ /* Number of bits for each prime is of the form
+ * 512+128s for s = 0, 1, ...
+ */
+ if ((nbits < 1024) || (nbits & 0xff))
+ return 0;
+ nbits >>= 1;
+ /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
+ * 2^nbits - 1. By setting the top two bits we ensure that the lower
+ * bound is exceeded.
+ */
+ if (!BN_rand(Xp, nbits, 1, 0))
+ return 0;
+
+ BN_CTX_start(ctx);
+ t = BN_CTX_get(ctx);
+
+ for (i = 0; i < 1000; i++)
+ {
+ if (!BN_rand(Xq, nbits, 1, 0))
+ return 0;
+ /* Check that |Xp - Xq| > 2^(nbits - 100) */
+ BN_sub(t, Xp, Xq);
+ if (BN_num_bits(t) > (nbits - 100))
+ break;
+ }
+
+ BN_CTX_end(ctx);
+
+ if (i < 1000)
+ return 1;
+
+ return 0;
+
+ }
+
+/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
+ * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
+ * the relevant parameter will be stored in it.
+ *
+ * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
+ * are generated using the previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb)
+ {
+ int ret = 0;
+
+ BN_CTX_start(ctx);
+ if (!Xp1)
+ Xp1 = BN_CTX_get(ctx);
+ if (!Xp2)
+ Xp2 = BN_CTX_get(ctx);
+
+ if (!BN_rand(Xp1, 101, 0, 0))
+ goto error;
+ if (!BN_rand(Xp2, 101, 0, 0))
+ goto error;
+ if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+ goto error;
+
+ ret = 1;
+
+ error:
+ BN_CTX_end(ctx);
+
+ return ret;
+
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bnspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bnspeed.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bnspeed.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,233 @@
+/* unused */
+
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START 0
+#define STOP 1
+
+static double Time_F(int s)
+ {
+ double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret < 1e-3)?1e-3:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+#endif
+ }
+
+#define NUM_SIZES 5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
+
+int main(int argc, char **argv)
+ {
+ BN_CTX *ctx;
+ BIGNUM a,b,c;
+
+ ctx=BN_CTX_new();
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ do_mul(&a,&b,&c,ctx);
+ }
+
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+ {
+ int i,j,k;
+ double tm;
+ long num;
+
+ for (i=0; i<NUM_SIZES; i++)
+ {
+ num=BASENUM;
+ if (i) num/=(i*3);
+ BN_rand(a,sizes[i],1,0);
+ for (j=i; j<NUM_SIZES; j++)
+ {
+ BN_rand(b,sizes[j],1,0);
+ Time_F(START);
+ for (k=0; k<num; k++)
+ BN_mul(r,b,a,ctx);
+ tm=Time_F(STOP);
+ printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+ }
+ }
+
+ for (i=0; i<NUM_SIZES; i++)
+ {
+ num=BASENUM;
+ if (i) num/=(i*3);
+ BN_rand(a,sizes[i],1,0);
+ Time_F(START);
+ for (k=0; k<num; k++)
+ BN_sqr(r,a,ctx);
+ tm=Time_F(STOP);
+ printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+ }
+
+ for (i=0; i<NUM_SIZES; i++)
+ {
+ num=BASENUM/10;
+ if (i) num/=(i*3);
+ BN_rand(a,sizes[i]-1,1,0);
+ for (j=i; j<NUM_SIZES; j++)
+ {
+ BN_rand(b,sizes[j],1,0);
+ Time_F(START);
+ for (k=0; k<100000; k++)
+ BN_div(r, NULL, b, a,ctx);
+ tm=Time_F(STOP);
+ printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+ }
+ }
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/bntest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bntest.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/bntest.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,2011 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+const int num0 = 100; /* number of tests */
+const int num1 = 50; /* additional tests for some functions */
+const int num2 = 5; /* number of tests for slow functions */
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_word(BIO *bp);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+static int results=0;
+
+static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+static void message(BIO *out, char *m)
+ {
+ fprintf(stderr, "test %s\n", m);
+ BIO_puts(out, "print \"test ");
+ BIO_puts(out, m);
+ BIO_puts(out, "\\n\"\n");
+ }
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx;
+ BIO *out;
+ char *outfile=NULL;
+
+ results = 0;
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-results") == 0)
+ results=1;
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) break;
+ outfile= *(++argv);
+ }
+ argc--;
+ argv++;
+ }
+
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) EXIT(1);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) EXIT(1);
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ }
+ else
+ {
+ if (!BIO_write_filename(out,outfile))
+ {
+ perror(outfile);
+ EXIT(1);
+ }
+ }
+
+ if (!results)
+ BIO_puts(out,"obase=16\nibase=16\n");
+
+ message(out,"BN_add");
+ if (!test_add(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_sub");
+ if (!test_sub(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift1");
+ if (!test_lshift1(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift (fixed)");
+ if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift");
+ if (!test_lshift(out,ctx,NULL)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_rshift1");
+ if (!test_rshift1(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_rshift");
+ if (!test_rshift(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_sqr");
+ if (!test_sqr(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mul");
+ if (!test_mul(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div");
+ if (!test_div(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div_word");
+ if (!test_div_word(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div_recp");
+ if (!test_div_recp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod");
+ if (!test_mod(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_mul");
+ if (!test_mod_mul(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mont");
+ if (!test_mont(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_exp");
+ if (!test_mod_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_exp");
+ if (!test_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_kronecker");
+ if (!test_kron(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_sqrt");
+ if (!test_sqrt(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_add");
+ if (!test_gf2m_add(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod");
+ if (!test_gf2m_mod(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_mul");
+ if (!test_gf2m_mod_mul(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_sqr");
+ if (!test_gf2m_mod_sqr(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_inv");
+ if (!test_gf2m_mod_inv(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_div");
+ if (!test_gf2m_mod_div(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_exp");
+ if (!test_gf2m_mod_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_sqrt");
+ if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_solve_quad");
+ if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ BN_CTX_free(ctx);
+ BIO_free(out);
+
+/**/
+ EXIT(0);
+err:
+ BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+ * the failure, see test_bn in test/Makefile.ssl*/
+ (void)BIO_flush(out);
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ return(1);
+ }
+
+int test_add(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ BN_bntest_rand(&a,512,0,0);
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(&b,450+i,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_add(&c,&a,&b);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," + ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ a.neg=!a.neg;
+ b.neg=!b.neg;
+ BN_add(&c,&c,&b);
+ BN_add(&c,&c,&a);
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"Add test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return(1);
+ }
+
+int test_sub(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,512,0,0);
+ BN_copy(&b,&a);
+ if (BN_set_bit(&a,i)==0) return(0);
+ BN_add_word(&b,i);
+ }
+ else
+ {
+ BN_bntest_rand(&b,400+i-num1,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ }
+ BN_sub(&c,&a,&b);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," - ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_add(&c,&c,&b);
+ BN_sub(&c,&c,&a);
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"Subtract test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return(1);
+ }
+
+int test_div(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,e;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,400,0,0);
+ BN_copy(&b,&a);
+ BN_lshift(&a,&a,i);
+ BN_add_word(&a,i);
+ }
+ else
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_div(&d,&c,&a,&b,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&d);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(&e,&d,&b,ctx);
+ BN_add(&d,&e,&c);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Division test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ return(1);
+ }
+
+static void print_word(BIO *bp,BN_ULONG w)
+ {
+#ifdef SIXTY_FOUR_BIT
+ if (sizeof(w) > sizeof(unsigned long))
+ {
+ unsigned long h=(unsigned long)(w>>32),
+ l=(unsigned long)(w);
+
+ if (h) BIO_printf(bp,"%lX%08lX",h,l);
+ else BIO_printf(bp,"%lX",l);
+ return;
+ }
+#endif
+ BIO_printf(bp,"%lX",w);
+ }
+
+int test_div_word(BIO *bp)
+ {
+ BIGNUM a,b;
+ BN_ULONG r,s;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+
+ for (i=0; i<num0; i++)
+ {
+ do {
+ BN_bntest_rand(&a,512,-1,0);
+ BN_bntest_rand(&b,BN_BITS2,-1,0);
+ s = b.d[0];
+ } while (!s);
+
+ BN_copy(&b, &a);
+ r = BN_div_word(&b, s);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ print_word(bp,s);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&b);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ print_word(bp,s);
+ BIO_puts(bp," - ");
+ }
+ print_word(bp,r);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul_word(&b,s);
+ BN_add_word(&b,r);
+ BN_sub(&b,&a,&b);
+ if(!BN_is_zero(&b))
+ {
+ fprintf(stderr,"Division (word) test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ return(1);
+ }
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,e;
+ BN_RECP_CTX recp;
+ int i;
+
+ BN_RECP_CTX_init(&recp);
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,400,0,0);
+ BN_copy(&b,&a);
+ BN_lshift(&a,&a,i);
+ BN_add_word(&a,i);
+ }
+ else
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_RECP_CTX_set(&recp,&b,ctx);
+ BN_div_recp(&d,&c,&a,&recp,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&d);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(&e,&d,&b,ctx);
+ BN_add(&d,&e,&c);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Reciprocal division test failed!\n");
+ fprintf(stderr,"a=");
+ BN_print_fp(stderr,&a);
+ fprintf(stderr,"\nb=");
+ BN_print_fp(stderr,&b);
+ fprintf(stderr,"\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_RECP_CTX_free(&recp);
+ return(1);
+ }
+
+int test_mul(BIO *bp)
+ {
+ BIGNUM a,b,c,d,e;
+ int i;
+ BN_CTX *ctx;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) EXIT(1);
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i <= num1)
+ {
+ BN_bntest_rand(&a,100,0,0);
+ BN_bntest_rand(&b,100,0,0);
+ }
+ else
+ BN_bntest_rand(&b,i-num1,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_mul(&c,&a,&b,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(&d,&e,&c,&a,ctx);
+ BN_sub(&d,&d,&b);
+ if(!BN_is_zero(&d) || !BN_is_zero(&e))
+ {
+ fprintf(stderr,"Multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_CTX_free(ctx);
+ return(1);
+ }
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,c,d,e;
+ int i;
+
+ BN_init(&a);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(&a,40+i*10,0,0);
+ a.neg=rand_neg();
+ BN_sqr(&c,&a,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(&d,&e,&c,&a,ctx);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d) || !BN_is_zero(&e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ return(1);
+ }
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,A,B;
+ BIGNUM n;
+ int i;
+ BN_MONT_CTX *mont;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&A);
+ BN_init(&B);
+ BN_init(&n);
+
+ mont=BN_MONT_CTX_new();
+
+ BN_bntest_rand(&a,100,0,0); /**/
+ BN_bntest_rand(&b,100,0,0); /**/
+ for (i=0; i<num2; i++)
+ {
+ int bits = (200*(i+1))/num2;
+
+ if (bits == 0)
+ continue;
+ BN_bntest_rand(&n,bits,0,1);
+ BN_MONT_CTX_set(mont,&n,ctx);
+
+ BN_nnmod(&a,&a,&n,ctx);
+ BN_nnmod(&b,&b,&n,ctx);
+
+ BN_to_montgomery(&A,&a,mont,ctx);
+ BN_to_montgomery(&B,&b,mont,ctx);
+
+ BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+ BN_from_montgomery(&A,&c,mont,ctx);/**/
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(&a),
+BN_num_bits(&b),
+BN_num_bits(mont->N));
+#endif
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&b);
+ BIO_puts(bp," % ");
+ BN_print(bp,&(mont->N));
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&A);
+ BIO_puts(bp,"\n");
+ }
+ BN_mod_mul(&d,&a,&b,&n,ctx);
+ BN_sub(&d,&d,&A);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Montgomery multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_MONT_CTX_free(mont);
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&A);
+ BN_free(&B);
+ BN_free(&n);
+ return(1);
+ }
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(a,1024,0,0); /**/
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(b,450+i*10,0,0); /**/
+ a->neg=rand_neg();
+ b->neg=rand_neg();
+ BN_mod(c,a,b,ctx);/**/
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," % ");
+ BN_print(bp,b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(d,e,a,b,ctx);
+ BN_sub(e,e,c);
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"Modulo test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i,j;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ for (j=0; j<3; j++) {
+ BN_bntest_rand(c,1024,0,0); /**/
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a,475+i*10,0,0); /**/
+ BN_bntest_rand(b,425+i*11,0,0); /**/
+ a->neg=rand_neg();
+ b->neg=rand_neg();
+ if (!BN_mod_mul(e,a,b,c,ctx))
+ {
+ unsigned long l;
+
+ while ((l=ERR_get_error()))
+ fprintf(stderr,"ERROR:%s\n",
+ ERR_error_string(l,NULL));
+ EXIT(1);
+ }
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ if ((a->neg ^ b->neg) && !BN_is_zero(e))
+ {
+ /* If (a*b) % c is negative, c must be added
+ * in order to obtain the normalized remainder
+ * (new with OpenSSL 0.9.7, previous versions of
+ * BN_mod_mul could generate negative results)
+ */
+ BIO_puts(bp," + ");
+ BN_print(bp,c);
+ }
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,e);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d,a,b,ctx);
+ BN_sub(d,d,e);
+ BN_div(a,b,d,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo multiply test failed!\n");
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp(d,a,b,c,ctx))
+ return(0);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+ return(00);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*d,*e,*one;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ d=BN_new();
+ e=BN_new();
+ one=BN_new();
+ BN_one(one);
+
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (BN_exp(d,a,b,ctx) <= 0)
+ return(0);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_one(e);
+ for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+ BN_mul(e,e,a,ctx);
+ BN_sub(e,e,d);
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"Exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(d);
+ BN_free(e);
+ BN_free(one);
+ return(1);
+ }
+
+int test_gf2m_add(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i, ret = 0;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_rand(&a,512,0,0);
+ BN_copy(&b, BN_value_one());
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_GF2m_add(&c,&a,&b);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,&b);
+ BIO_puts(bp," = ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+#endif
+ /* Test that two added values have the correct parity. */
+ if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
+ {
+ fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
+ goto err;
+ }
+ BN_GF2m_add(&c,&c,&c);
+ /* Test that c + c = 0. */
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return ret;
+ }
+
+int test_gf2m_mod(BIO *bp)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod(c, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp," - ");
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, a, c);
+ BN_GF2m_mod(e, d, b[j]);
+ /* Test that a + (a mod p) mod p == 0. */
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"GF(2^m) modulo test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+ }
+
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+ g=BN_new();
+ h=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ BN_bntest_rand(c, 1024, 0, 0);
+ BN_bntest_rand(d, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,c);
+ BIO_puts(bp," % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp," - ");
+ BN_print(bp,e);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, a, d);
+ BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+ BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+ BN_GF2m_add(f, e, g);
+ BN_GF2m_add(f, f, h);
+ /* Test that (a+d)*c = a*c + d*c. */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ BN_free(g);
+ BN_free(h);
+ return ret;
+ }
+
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_sqr(c, a, b[j], ctx);
+ BN_copy(d, a);
+ BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ 2 % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, " = ");
+ BN_print(bp,c);
+ BIO_puts(bp,"; a * a = ");
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, c, d);
+ /* Test that a*a = a^2. */
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+ }
+
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_inv(c, a, b[j], ctx);
+ BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " * ");
+ BN_print(bp,c);
+ BIO_puts(bp," - 1 % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ /* Test that ((1/a)*a) = 1. */
+ if(!BN_is_one(d))
+ {
+ fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+ }
+
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_div(d, a, c, b[j], ctx);
+ BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+ BN_GF2m_mod_div(f, a, e, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " = ");
+ BN_print(bp,c);
+ BIO_puts(bp," * ");
+ BN_print(bp,d);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ /* Test that ((a/c)*c)/a = 1. */
+ if(!BN_is_one(f))
+ {
+ fprintf(stderr,"GF(2^m) modular division test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ BN_bntest_rand(d, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+ BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+ BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+ BN_add(f, c, d);
+ BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " ^ (");
+ BN_print(bp,c);
+ BIO_puts(bp," + ");
+ BN_print(bp,d);
+ BIO_puts(bp, ") = ");
+ BN_print(bp,e);
+ BIO_puts(bp, "; - ");
+ BN_print(bp,f);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, e, f);
+ /* Test that a^(c+d)=a^c*a^d. */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod(c, a, b[j]);
+ BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+ BN_GF2m_mod_sqr(e, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,d);
+ BIO_puts(bp, " ^ 2 - ");
+ BN_print(bp,a);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, c, e);
+ /* Test that d^2 = a, where d = sqrt(a). */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular square root test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e;
+ int i, j, s = 0, t, ret = 0;
+ unsigned int p0[] = {163,7,6,3,0};
+ unsigned int p1[] = {193,15,0};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+ if (t)
+ {
+ s++;
+ BN_GF2m_mod_sqr(d, c, b[j], ctx);
+ BN_GF2m_add(d, c, d);
+ BN_GF2m_mod(e, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,c);
+ BIO_puts(bp, " is root of z^2 + z = ");
+ BN_print(bp,a);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(e, e, d);
+ /* Test that solution of quadratic c satisfies c^2 + c = a. */
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
+ goto err;
+ }
+
+ }
+ else
+ {
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BIO_puts(bp, "There are no roots of z^2 + z = ");
+ BN_print(bp,a);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ }
+ }
+ }
+ if (s == 0)
+ {
+ fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
+ fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
+ goto err;
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+ }
+
+static int genprime_cb(int p, int n, BN_GENCB *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ putc(c, stderr);
+ fflush(stderr);
+ return 1;
+ }
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+ {
+ BN_GENCB cb;
+ BIGNUM *a,*b,*r,*t;
+ int i;
+ int legendre, kronecker;
+ int ret = 0;
+
+ a = BN_new();
+ b = BN_new();
+ r = BN_new();
+ t = BN_new();
+ if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
+ * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
+ * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+ * So we generate a random prime b and compare these values
+ * for a number of random a's. (That is, we run the Solovay-Strassen
+ * primality test to confirm that b is prime, except that we
+ * don't want to test whether b is prime but whether BN_kronecker
+ * works.) */
+
+ if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
+ b->neg = rand_neg();
+ putc('\n', stderr);
+
+ for (i = 0; i < num0; i++)
+ {
+ if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+ a->neg = rand_neg();
+
+ /* t := (|b|-1)/2 (note that b is odd) */
+ if (!BN_copy(t, b)) goto err;
+ t->neg = 0;
+ if (!BN_sub_word(t, 1)) goto err;
+ if (!BN_rshift1(t, t)) goto err;
+ /* r := a^t mod b */
+ b->neg=0;
+
+ if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+ b->neg=1;
+
+ if (BN_is_word(r, 1))
+ legendre = 1;
+ else if (BN_is_zero(r))
+ legendre = 0;
+ else
+ {
+ if (!BN_add_word(r, 1)) goto err;
+ if (0 != BN_ucmp(r, b))
+ {
+ fprintf(stderr, "Legendre symbol computation failed\n");
+ goto err;
+ }
+ legendre = -1;
+ }
+
+ kronecker = BN_kronecker(a, b, ctx);
+ if (kronecker < -1) goto err;
+ /* we actually need BN_kronecker(a, |b|) */
+ if (a->neg && b->neg)
+ kronecker = -kronecker;
+
+ if (legendre != kronecker)
+ {
+ fprintf(stderr, "legendre != kronecker; a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", b = ");
+ BN_print_fp(stderr, b);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ ret = 1;
+ err:
+ if (a != NULL) BN_free(a);
+ if (b != NULL) BN_free(b);
+ if (r != NULL) BN_free(r);
+ if (t != NULL) BN_free(t);
+ return ret;
+ }
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+ {
+ BN_GENCB cb;
+ BIGNUM *a,*p,*r;
+ int i, j;
+ int ret = 0;
+
+ a = BN_new();
+ p = BN_new();
+ r = BN_new();
+ if (a == NULL || p == NULL || r == NULL) goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ for (i = 0; i < 16; i++)
+ {
+ if (i < 8)
+ {
+ unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+
+ if (!BN_set_word(p, primes[i])) goto err;
+ }
+ else
+ {
+ if (!BN_set_word(a, 32)) goto err;
+ if (!BN_set_word(r, 2*i + 1)) goto err;
+
+ if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
+ putc('\n', stderr);
+ }
+ p->neg = rand_neg();
+
+ for (j = 0; j < num2; j++)
+ {
+ /* construct 'a' such that it is a square modulo p,
+ * but in general not a proper square and not reduced modulo p */
+ if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+ if (!BN_nnmod(r, r, p, ctx)) goto err;
+ if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+ if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+ if (!BN_nnmod(a, a, p, ctx)) goto err;
+ if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+ if (!BN_mul(a, a, r, ctx)) goto err;
+ if (rand_neg())
+ if (!BN_sub(a, a, p)) goto err;
+
+ if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+ if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+
+ if (!BN_nnmod(a, a, p, ctx)) goto err;
+
+ if (BN_cmp(a, r) != 0)
+ {
+ fprintf(stderr, "BN_mod_sqrt failed: a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", r = ");
+ BN_print_fp(stderr, r);
+ fprintf(stderr, ", p = ");
+ BN_print_fp(stderr, p);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ }
+ ret = 1;
+ err:
+ if (a != NULL) BN_free(a);
+ if (p != NULL) BN_free(p);
+ if (r != NULL) BN_free(r);
+ return ret;
+ }
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+ {
+ BIGNUM *a,*b,*c,*d;
+ int i;
+
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ BN_one(c);
+
+ if(a_)
+ a=a_;
+ else
+ {
+ a=BN_new();
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ }
+ for (i=0; i<num0; i++)
+ {
+ BN_lshift(b,a,i+1);
+ BN_add(c,c,c);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d,a,c,ctx);
+ BN_sub(d,d,b);
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"Left shift test failed!\n");
+ fprintf(stderr,"a=");
+ BN_print_fp(stderr,a);
+ fprintf(stderr,"\nb=");
+ BN_print_fp(stderr,b);
+ fprintf(stderr,"\nc=");
+ BN_print_fp(stderr,c);
+ fprintf(stderr,"\nd=");
+ BN_print_fp(stderr,d);
+ fprintf(stderr,"\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ return(1);
+ }
+
+int test_lshift1(BIO *bp)
+ {
+ BIGNUM *a,*b,*c;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_lshift1(b,a);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * 2");
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_add(c,a,a);
+ BN_sub(a,b,c);
+ if(!BN_is_zero(a))
+ {
+ fprintf(stderr,"Left shift one test failed!\n");
+ return 0;
+ }
+
+ BN_copy(a,b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return(1);
+ }
+
+int test_rshift(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ BN_one(c);
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_rshift(b,a,i+1);
+ BN_add(c,c,c);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," / ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(d,e,a,c,ctx);
+ BN_sub(d,d,b);
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"Right shift test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_rshift1(BIO *bp)
+ {
+ BIGNUM *a,*b,*c;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_rshift1(b,a);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," / 2");
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_sub(c,a,b);
+ BN_sub(c,c,b);
+ if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
+ {
+ fprintf(stderr,"Right shift one test failed!\n");
+ return 0;
+ }
+ BN_copy(a,b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return(1);
+ }
+
+int rand_neg(void)
+ {
+ static unsigned int neg=0;
+ static int sign[8]={0,0,0,1,1,0,1,1};
+
+ return(sign[(neg++)%8]);
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/divtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/divtest.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/divtest.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int Rand(n)
+{
+ unsigned char x[2];
+ RAND_pseudo_bytes(x,2);
+ return (x[0] + 2*x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+ printf("%s!\na=",m);
+ BN_print_fp(stdout, a);
+ printf("\nb=");
+ BN_print_fp(stdout, b);
+ printf("\n");
+ fflush(stdout);
+}
+
+main()
+{
+ BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+ *C=BN_new(), *D=BN_new();
+ BN_RECP_CTX *recp=BN_RECP_CTX_new();
+ BN_CTX *ctx=BN_CTX_new();
+
+ for(;;) {
+ BN_pseudo_rand(a,Rand(),0,0);
+ BN_pseudo_rand(b,Rand(),0,0);
+ if (BN_is_zero(b)) continue;
+
+ BN_RECP_CTX_set(recp,b,ctx);
+ if (BN_div(C,D,a,b,ctx) != 1)
+ bug("BN_div failed",a,b);
+ if (BN_div_recp(c,d,a,recp,ctx) != 1)
+ bug("BN_div_recp failed",a,b);
+ else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+ bug("mismatch",a,b);
+ }
+}
Added: vendor-crypto/openssl/dist/crypto/bn/exp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exp.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/exp.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,62 @@
+/* unused */
+
+#include <stdio.h>
+#include <openssl/tmdiff.h>
+#include "bn_lcl.h"
+
+#define SIZE 256
+#define NUM (8*8*8)
+#define MOD (8*8*8*8*8)
+
+main(argc,argv)
+int argc;
+char *argv[];
+ {
+ BN_CTX ctx;
+ BIGNUM a,b,c,r,rr,t,l;
+ int j,i,size=SIZE,num=NUM,mod=MOD;
+ char *start,*end;
+ BN_MONT_CTX mont;
+ double d,md;
+
+ BN_MONT_CTX_init(&mont);
+ BN_CTX_init(&ctx);
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&r);
+
+ start=ms_time_new();
+ end=ms_time_new();
+ while (size <= 1024*8)
+ {
+ BN_rand(&a,size,0,0);
+ BN_rand(&b,size,1,0);
+ BN_rand(&c,size,0,1);
+
+ BN_mod(&a,&a,&c,&ctx);
+
+ ms_time_get(start);
+ for (i=0; i<10; i++)
+ BN_MONT_CTX_set(&mont,&c,&ctx);
+ ms_time_get(end);
+ md=ms_time_diff(start,end);
+
+ ms_time_get(start);
+ for (i=0; i<num; i++)
+ {
+ /* bn_mull(&r,&a,&b,&ctx); */
+ /* BN_sqr(&r,&a,&ctx); */
+ BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
+ }
+ ms_time_get(end);
+ d=ms_time_diff(start,end)/* *50/33 */;
+ printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
+ d,num,d/num,(int)((d/num)*mod),md/10.0);
+ num/=8;
+ mod/=8;
+ if (num <= 0) num=1;
+ size*=2;
+ }
+
+ }
Added: vendor-crypto/openssl/dist/crypto/bn/expspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/expspeed.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/expspeed.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,353 @@
+/* unused */
+
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 5000
+#define NUM_START 0
+
+
+/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
+
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+# error "choose one test"
+#endif
+
+#if defined(TEST_INV) || defined(TEST_SQRT)
+# define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+
+
+
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+ The __TMS macro will show if it was. If it wasn't defined, we should
+ undefine TIMES, since that tells the rest of the program how things
+ should be handled. -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START 0
+#define STOP 1
+
+static double Time_F(int s)
+ {
+ double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret < 1e-3)?1e-3:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+#endif
+ }
+
+#define NUM_SIZES 7
+#if NUM_START > NUM_SIZES
+# error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx);
+
+int main(int argc, char **argv)
+ {
+ BN_CTX *ctx;
+ BIGNUM *a,*b,*c,*r;
+
+#if 1
+ if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
+ abort();
+#endif
+
+ ctx=BN_CTX_new();
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ r=BN_new();
+
+ while (!RAND_status())
+ /* not enough bits */
+ RAND_SEED("I demand a manual recount!");
+
+ do_mul_exp(r,a,b,c,ctx);
+ return 0;
+ }
+
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
+ {
+ int i,k;
+ double tm;
+ long num;
+
+ num=BASENUM;
+ for (i=NUM_START; i<NUM_SIZES; i++)
+ {
+#ifdef C_PRIME
+# ifdef TEST_SQRT
+ if (!BN_set_word(a, 64)) goto err;
+ if (!BN_set_word(b, P_MOD_64)) goto err;
+# define ADD a
+# define REM b
+# else
+# define ADD NULL
+# define REM NULL
+# endif
+ if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
+ putc('\n', stderr);
+ fflush(stderr);
+#endif
+
+ for (k=0; k<num; k++)
+ {
+ if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
+ {
+ if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
+
+ if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
+
+#ifndef C_PRIME
+ if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
+#endif
+
+#ifdef TEST_SQRT
+ if (!BN_mod_sqr(a,a,c,ctx)) goto err;
+ if (!BN_mod_sqr(b,b,c,ctx)) goto err;
+#else
+ if (!BN_nnmod(a,a,c,ctx)) goto err;
+ if (!BN_nnmod(b,b,c,ctx)) goto err;
+#endif
+
+ if (k == 0)
+ Time_F(START);
+ }
+
+#if defined(TEST_EXP)
+ if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
+#elif defined(TEST_MUL)
+ {
+ int i = 0;
+ for (i = 0; i < 50; i++)
+ if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
+ }
+#elif defined(TEST_SQR)
+ {
+ int i = 0;
+ for (i = 0; i < 50; i++)
+ {
+ if (!BN_mod_sqr(r,a,c,ctx)) goto err;
+ if (!BN_mod_sqr(r,b,c,ctx)) goto err;
+ }
+ }
+#elif defined(TEST_GCD)
+ if (!BN_gcd(r,a,b,ctx)) goto err;
+ if (!BN_gcd(r,b,c,ctx)) goto err;
+ if (!BN_gcd(r,c,a,ctx)) goto err;
+#elif defined(TEST_KRON)
+ if (-2 == BN_kronecker(a,b,ctx)) goto err;
+ if (-2 == BN_kronecker(b,c,ctx)) goto err;
+ if (-2 == BN_kronecker(c,a,ctx)) goto err;
+#elif defined(TEST_INV)
+ if (!BN_mod_inverse(r,a,c,ctx)) goto err;
+ if (!BN_mod_inverse(r,b,c,ctx)) goto err;
+#else /* TEST_SQRT */
+ if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
+ if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
+#endif
+ }
+ tm=Time_F(STOP);
+ printf(
+#if defined(TEST_EXP)
+ "modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+ "50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+ "100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+ "3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+ "3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+ "2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+ "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+ " -> %8.6fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+ P_MOD_64,
+#endif
+ sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
+ num/=7;
+ if (num <= 0) num=1;
+ }
+ return;
+
+ err:
+ ERR_print_errors_fp(stderr);
+ }
+
+
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ putc(c, stderr);
+ fflush(stderr);
+ (void)n;
+ (void)arg;
+ }
+#endif
Added: vendor-crypto/openssl/dist/crypto/bn/exptest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exptest.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/exptest.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,204 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS (BN_BITS*2)
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx;
+ BIO *out=NULL;
+ int i,ret;
+ unsigned char c;
+ BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
+ * even check its return value
+ * (which we should) */
+
+ ERR_load_BN_strings();
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) EXIT(1);
+ r_mont=BN_new();
+ r_mont_const=BN_new();
+ r_recp=BN_new();
+ r_simple=BN_new();
+ a=BN_new();
+ b=BN_new();
+ m=BN_new();
+ if ( (r_mont == NULL) || (r_recp == NULL) ||
+ (a == NULL) || (b == NULL))
+ goto err;
+
+ out=BIO_new(BIO_s_file());
+
+ if (out == NULL) EXIT(1);
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+ for (i=0; i<200; i++)
+ {
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(a,NUM_BITS+c,0,0);
+
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(b,NUM_BITS+c,0,0);
+
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(m,NUM_BITS+c,0,1);
+
+ BN_mod(a,a,m,ctx);
+ BN_mod(b,b,m,ctx);
+
+ ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_recp() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_simple() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ if (BN_cmp(r_simple, r_mont) == 0
+ && BN_cmp(r_simple,r_recp) == 0
+ && BN_cmp(r_simple,r_mont_const) == 0)
+ {
+ printf(".");
+ fflush(stdout);
+ }
+ else
+ {
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont const time results differ\n");
+ if (BN_cmp(r_simple,r_recp) != 0)
+ printf("\nsimple and recp results differ\n");
+
+ printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a);
+ printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+ printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+ printf("\nsimple ="); BN_print(out,r_simple);
+ printf("\nrecp ="); BN_print(out,r_recp);
+ printf("\nmont ="); BN_print(out,r_mont);
+ printf("\nmont_ct ="); BN_print(out,r_mont_const);
+ printf("\n");
+ EXIT(1);
+ }
+ }
+ BN_free(r_mont);
+ BN_free(r_mont_const);
+ BN_free(r_recp);
+ BN_free(r_simple);
+ BN_free(a);
+ BN_free(b);
+ BN_free(m);
+ BN_CTX_free(ctx);
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks(out);
+ BIO_free(out);
+ printf(" done\n");
+ EXIT(0);
+err:
+ ERR_load_crypto_strings();
+ ERR_print_errors(out);
+#ifdef OPENSSL_SYS_NETWARE
+ printf("ERROR\n");
+#endif
+ EXIT(1);
+ return(1);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/bn/todo
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/todo (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/todo 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,3 @@
+Cache RECP_CTX values
+make the result argument independant of the inputs.
+split up the _exp_ functions
Added: vendor-crypto/openssl/dist/crypto/bn/vms-helper.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/vms-helper.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/bn/vms-helper.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,68 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+bn_div_words_abort(int i)
+{
+#ifdef BN_DEBUG
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+ abort();
+#endif
+}
Added: vendor-crypto/openssl/dist/crypto/buffer/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/buffer/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,97 @@
+#
+# OpenSSL/crypto/buffer/Makefile
+#
+
+DIR= buffer
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_str.c buf_err.c
+LIBOBJ= buffer.o buf_str.o buf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buf_err.o: buf_err.c
+buf_str.o: ../../e_os.h ../../include/openssl/bio.h
+buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c
Added: vendor-crypto/openssl/dist/crypto/buffer/buf_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buf_err.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/buffer/buf_err.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,99 @@
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+
+static ERR_STRING_DATA BUF_str_functs[]=
+ {
+{ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"},
+{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
+{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
+{ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA BUF_str_reasons[]=
+ {
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_BUF_strings(void)
+ {
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
+ {
+ ERR_load_strings(0,BUF_str_functs);
+ ERR_load_strings(0,BUF_str_reasons);
+ }
+#endif
+ }
Added: vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buf_str.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/buffer/buf_str.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,116 @@
+/* crypto/buffer/buf_str.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+char *BUF_strdup(const char *str)
+ {
+ if (str == NULL) return(NULL);
+ return BUF_strndup(str, strlen(str));
+ }
+
+char *BUF_strndup(const char *str, size_t siz)
+ {
+ char *ret;
+
+ if (str == NULL) return(NULL);
+
+ ret=OPENSSL_malloc(siz+1);
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ BUF_strlcpy(ret,str,siz+1);
+ return(ret);
+ }
+
+void *BUF_memdup(const void *data, size_t siz)
+ {
+ void *ret;
+
+ if (data == NULL) return(NULL);
+
+ ret=OPENSSL_malloc(siz);
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ return memcpy(ret, data, siz);
+ }
+
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+ {
+ size_t l = 0;
+ for(; size > 1 && *src; size--)
+ {
+ *dst++ = *src++;
+ l++;
+ }
+ if (size)
+ *dst = '\0';
+ return l + strlen(src);
+ }
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+ {
+ size_t l = 0;
+ for(; size > 0 && *dst; size--, dst++)
+ l++;
+ return l + BUF_strlcpy(dst, src, size);
+ }
Added: vendor-crypto/openssl/dist/crypto/buffer/buffer.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buffer.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/buffer/buffer.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,190 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
+BUF_MEM *BUF_MEM_new(void)
+ {
+ BUF_MEM *ret;
+
+ ret=OPENSSL_malloc(sizeof(BUF_MEM));
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->length=0;
+ ret->max=0;
+ ret->data=NULL;
+ return(ret);
+ }
+
+void BUF_MEM_free(BUF_MEM *a)
+ {
+ if(a == NULL)
+ return;
+
+ if (a->data != NULL)
+ {
+ memset(a->data,0,(unsigned int)a->max);
+ OPENSSL_free(a->data);
+ }
+ OPENSSL_free(a);
+ }
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+ {
+ char *ret;
+ unsigned int n;
+
+ if (len < 0)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (str->length >= len)
+ {
+ str->length=len;
+ return(len);
+ }
+ if (str->max >= len)
+ {
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ return(len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n=(len+3)/3*4;
+ if (str->data == NULL)
+ ret=OPENSSL_malloc(n);
+ else
+ ret=OPENSSL_realloc(str->data,n);
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ len=0;
+ }
+ else
+ {
+ str->data=ret;
+ str->max=n;
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ }
+ return(len);
+ }
+
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+ {
+ char *ret;
+ unsigned int n;
+
+ if (len < 0)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (str->length >= len)
+ {
+ memset(&str->data[len],0,str->length-len);
+ str->length=len;
+ return(len);
+ }
+ if (str->max >= len)
+ {
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ return(len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n=(len+3)/3*4;
+ if (str->data == NULL)
+ ret=OPENSSL_malloc(n);
+ else
+ ret=OPENSSL_realloc_clean(str->data,str->max,n);
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ len=0;
+ }
+ else
+ {
+ str->data=ret;
+ str->max=n;
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ }
+ return(len);
+ }
Added: vendor-crypto/openssl/dist/crypto/buffer/buffer.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buffer.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/buffer/buffer.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,118 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BUFFER_H
+#define HEADER_BUFFER_H
+
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h>
+
+#if !defined(NO_SYS_TYPES_H)
+#include <sys/types.h>
+#endif
+
+/* Already declared in ossl_typ.h */
+/* typedef struct buf_mem_st BUF_MEM; */
+
+struct buf_mem_st
+ {
+ int length; /* current number of bytes */
+ char *data;
+ int max; /* size of buffer */
+ };
+
+BUF_MEM *BUF_MEM_new(void);
+void BUF_MEM_free(BUF_MEM *a);
+int BUF_MEM_grow(BUF_MEM *str, int len);
+int BUF_MEM_grow_clean(BUF_MEM *str, int len);
+char * BUF_strdup(const char *str);
+char * BUF_strndup(const char *str, size_t siz);
+void * BUF_memdup(const void *data, size_t siz);
+
+/* safe string functions */
+size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
+size_t BUF_strlcat(char *dst,const char *src,size_t siz);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BUF_strings(void);
+
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+#define BUF_F_BUF_MEMDUP 103
+#define BUF_F_BUF_MEM_GROW 100
+#define BUF_F_BUF_MEM_GROW_CLEAN 105
+#define BUF_F_BUF_MEM_NEW 101
+#define BUF_F_BUF_STRDUP 102
+#define BUF_F_BUF_STRNDUP 104
+
+/* Reason codes. */
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Added: vendor-crypto/openssl/dist/crypto/camellia/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,106 @@
+#
+# crypto/camellia/Makefile
+#
+
+DIR= camellia
+TOP= ../..
+CC= cc
+CPP= $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CAMELLIA_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=camelliatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
+ cmll_cfb.c cmll_ctr.c
+
+LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \
+ cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= camellia.h
+HEADER= cmll_locl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+camellia.o: camellia.c camellia.h cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
+cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
+cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_cfb.o: cmll_cfb.c cmll_locl.h
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
+cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+cmll_misc.o: ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_misc.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_misc.c
+cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c
Added: vendor-crypto/openssl/dist/crypto/camellia/camellia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/camellia.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,1624 @@
+/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ * http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* Algorithm Specification
+ http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+*/
+
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "camellia.h"
+#include "cmll_locl.h"
+
+/* key constants */
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ * macros
+ */
+
+/* e is pointer of subkey */
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+do \
+ { \
+ w0 = ll; \
+ ll = (ll << bits) + (lr >> (32 - bits)); \
+ lr = (lr << bits) + (rl >> (32 - bits)); \
+ rl = (rl << bits) + (rr >> (32 - bits)); \
+ rr = (rr << bits) + (w0 >> (32 - bits)); \
+ } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+do \
+ { \
+ w0 = ll; \
+ w1 = lr; \
+ ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+ lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+ rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+ rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+ } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+do \
+ { \
+ il = xl ^ kl; \
+ ir = xr ^ kr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ yl = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ yl ^= yr; \
+ yr = CAMELLIA_RR8(yr); \
+ yr ^= yl; \
+ } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+do \
+ { \
+ t0 = kll; \
+ t0 &= ll; \
+ lr ^= CAMELLIA_RL1(t0); \
+ t1 = klr; \
+ t1 |= lr; \
+ ll ^= t1; \
+ \
+ t2 = krr; \
+ t2 |= rr; \
+ rl ^= t2; \
+ t3 = krl; \
+ t3 &= rl; \
+ rr ^= CAMELLIA_RL1(t3); \
+ } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+do \
+ { \
+ il = xl; \
+ ir = xr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ ir = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ il ^= kl; \
+ ir ^= kr; \
+ ir ^= il; \
+ il = CAMELLIA_RR8(il); \
+ il ^= ir; \
+ yl ^= ir; \
+ yr ^= il; \
+ } while(0)
+
+static const u32 camellia_sp1110[256] =
+ {
+ 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+ 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+ 0xe4e4e400,0x85858500,0x57575700,0x35353500,
+ 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+ 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+ 0x45454500,0x19191900,0xa5a5a500,0x21212100,
+ 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+ 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+ 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+ 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+ 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+ 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+ 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+ 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+ 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+ 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+ 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+ 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+ 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+ 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+ 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+ 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+ 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+ 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+ 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+ 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+ 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+ 0x53535300,0x18181800,0xf2f2f200,0x22222200,
+ 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+ 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+ 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+ 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+ 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+ 0xa1a1a100,0x89898900,0x62626200,0x97979700,
+ 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+ 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+ 0x10101000,0xc4c4c400,0x00000000,0x48484800,
+ 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+ 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+ 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+ 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+ 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+ 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+ 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+ 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+ 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+ 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+ 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+ 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+ 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+ 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+ 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+ 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+ 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+ 0xd4d4d400,0x25252500,0xababab00,0x42424200,
+ 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+ 0x72727200,0x07070700,0xb9b9b900,0x55555500,
+ 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+ 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+ 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+ 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+ 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+ 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+ 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+ };
+
+static const u32 camellia_sp0222[256] =
+ {
+ 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+ 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+ 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+ 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+ 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+ 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+ 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+ 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+ 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+ 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+ 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+ 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+ 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+ 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+ 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+ 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+ 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+ 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+ 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+ 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+ 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+ 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+ 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+ 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+ 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+ 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+ 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+ 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+ 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+ 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+ 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+ 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+ 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+ 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+ 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+ 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+ 0x00202020,0x00898989,0x00000000,0x00909090,
+ 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+ 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+ 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+ 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+ 0x009b9b9b,0x00949494,0x00212121,0x00666666,
+ 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+ 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+ 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+ 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+ 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+ 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+ 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+ 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+ 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+ 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+ 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+ 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+ 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+ 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+ 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+ 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+ 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+ 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+ 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+ 0x00777777,0x00939393,0x00868686,0x00838383,
+ 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+ 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+ };
+
+static const u32 camellia_sp3033[256] =
+ {
+ 0x38003838,0x41004141,0x16001616,0x76007676,
+ 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+ 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+ 0x75007575,0x06000606,0x57005757,0xa000a0a0,
+ 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+ 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+ 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+ 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+ 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+ 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+ 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+ 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+ 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+ 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+ 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+ 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+ 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+ 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+ 0x3a003a3a,0x09000909,0x95009595,0x10001010,
+ 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+ 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+ 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+ 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+ 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+ 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+ 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+ 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+ 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+ 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+ 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+ 0x12001212,0x04000404,0x74007474,0x54005454,
+ 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+ 0x55005555,0x68006868,0x50005050,0xbe00bebe,
+ 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+ 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+ 0x70007070,0xff00ffff,0x32003232,0x69006969,
+ 0x08000808,0x62006262,0x00000000,0x24002424,
+ 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+ 0x45004545,0x81008181,0x73007373,0x6d006d6d,
+ 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+ 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+ 0xe600e6e6,0x25002525,0x48004848,0x99009999,
+ 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+ 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+ 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+ 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+ 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+ 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+ 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+ 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+ 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+ 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+ 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+ 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+ 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+ 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+ 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+ 0x7c007c7c,0x77007777,0x56005656,0x05000505,
+ 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+ 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+ 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+ 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+ 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+ 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+ };
+
+static const u32 camellia_sp4404[256] =
+ {
+ 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+ 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+ 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+ 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+ 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+ 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+ 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+ 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+ 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+ 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+ 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+ 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+ 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+ 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+ 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+ 0x24240024,0xe8e800e8,0x60600060,0x69690069,
+ 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+ 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+ 0x10100010,0x00000000,0xa3a300a3,0x75750075,
+ 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+ 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+ 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+ 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+ 0x81810081,0x6f6f006f,0x13130013,0x63630063,
+ 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+ 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+ 0x78780078,0x06060006,0xe7e700e7,0x71710071,
+ 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+ 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+ 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+ 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+ 0x15150015,0xadad00ad,0x77770077,0x80800080,
+ 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+ 0x85850085,0x35350035,0x0c0c000c,0x41410041,
+ 0xefef00ef,0x93930093,0x19190019,0x21210021,
+ 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+ 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+ 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+ 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+ 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+ 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+ 0x12120012,0x20200020,0xb1b100b1,0x99990099,
+ 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+ 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+ 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+ 0x0f0f000f,0x16160016,0x18180018,0x22220022,
+ 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+ 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+ 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+ 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+ 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+ 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+ 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+ 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+ 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+ 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+ 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+ 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+ 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+ 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+ 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+ 0x49490049,0x68680068,0x38380038,0xa4a400a4,
+ 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+ 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+ };
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const u8 *key, u32 *subkey)
+ {
+ u32 kll, klr, krl, krr;
+ u32 il, ir, t0, t1, w0, w1;
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[26];
+ u32 subR[26];
+
+ /**
+ * k == kll || klr || krl || krr (|| is concatination)
+ */
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ /**
+ * generate KL dependent subkeys
+ */
+ /* kw1 */
+ subl(0) = kll; subr(0) = klr;
+ /* kw2 */
+ subl(1) = krl; subr(1) = krr;
+ /* rotation left shift 15bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k3 */
+ subl(4) = kll; subr(4) = klr;
+ /* k4 */
+ subl(5) = krl; subr(5) = krr;
+ /* rotation left shift 15+30bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ /* k7 */
+ subl(10) = kll; subr(10) = klr;
+ /* k8 */
+ subl(11) = krl; subr(11) = krr;
+ /* rotation left shift 15+30+15bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k10 */
+ subl(13) = krl; subr(13) = krr;
+ /* rotation left shift 15+30+15+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* kl3 */
+ subl(16) = kll; subr(16) = klr;
+ /* kl4 */
+ subl(17) = krl; subr(17) = krr;
+ /* rotation left shift 15+30+15+17+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k13 */
+ subl(18) = kll; subr(18) = klr;
+ /* k14 */
+ subl(19) = krl; subr(19) = krr;
+ /* rotation left shift 15+30+15+17+17+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k17 */
+ subl(22) = kll; subr(22) = klr;
+ /* k18 */
+ subl(23) = krl; subr(23) = krr;
+
+ /* generate KA */
+ kll = subl(0); klr = subr(0);
+ krl = subl(1); krr = subr(1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ /* current status == (kll, klr, w0, w1) */
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KA dependent subkeys */
+ /* k1, k2 */
+ subl(2) = kll; subr(2) = klr;
+ subl(3) = krl; subr(3) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k5,k6 */
+ subl(6) = kll; subr(6) = klr;
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* kl1, kl2 */
+ subl(8) = kll; subr(8) = klr;
+ subl(9) = krl; subr(9) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k9 */
+ subl(12) = kll; subr(12) = klr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k11, k12 */
+ subl(14) = kll; subr(14) = klr;
+ subl(15) = krl; subr(15) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ /* k15, k16 */
+ subl(20) = kll; subr(20) = klr;
+ subl(21) = krl; subr(21) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* kw3, kw4 */
+ subl(24) = kll; subr(24) = klr;
+ subl(25) = krl; subr(25) = krr;
+
+
+ /* absorb kw2 to other subkeys */
+/* round 2 */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+/* round 4 */
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+/* round 6 */
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9),
+ subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
+/* round 8 */
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+/* round 10 */
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+/* round 12 */
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17),
+ subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
+/* round 14 */
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+/* round 16 */
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+/* round 18 */
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+/* kw3 */
+ subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(25); kw4r = subr(25);
+/* round 17 */
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+/* round 15 */
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+/* round 13 */
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16),
+ kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+/* round 9 */
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+/* round 7 */
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8),
+ kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+/* round 3 */
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+/* round 1 */
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+/* kw1 */
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3); /* round 1 */
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), /* FL(kl1) */
+ tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), /* FLinv(kl2) */
+ tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), /* FL(kl3) */
+ tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), /* FLinv(kl4) */
+ tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ CamelliaSubkeyL(23) = subl(22); /* round 18 */
+ CamelliaSubkeyR(23) = subr(22);
+ CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
+ CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
+ dw = CAMELLIA_RL8(dw);/* round 1 */
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
+ CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
+ dw = CAMELLIA_RL8(dw);/* round 2 */
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
+ CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
+ dw = CAMELLIA_RL8(dw);/* round 3 */
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
+ CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
+ dw = CAMELLIA_RL8(dw);/* round 4 */
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
+ CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
+ dw = CAMELLIA_RL8(dw);/* round 5 */
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
+ CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
+ dw = CAMELLIA_RL8(dw);/* round 6 */
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
+ CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
+ dw = CAMELLIA_RL8(dw);/* round 7 */
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
+ CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
+ dw = CAMELLIA_RL8(dw);/* round 8 */
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
+ CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
+ dw = CAMELLIA_RL8(dw);/* round 9 */
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
+ CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
+ dw = CAMELLIA_RL8(dw);/* round 10 */
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
+ CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
+ dw = CAMELLIA_RL8(dw);/* round 11 */
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
+ CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
+ dw = CAMELLIA_RL8(dw);/* round 12 */
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
+ CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
+ dw = CAMELLIA_RL8(dw);/* round 13 */
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
+ CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
+ dw = CAMELLIA_RL8(dw);/* round 14 */
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
+ CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
+ dw = CAMELLIA_RL8(dw);/* round 15 */
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
+ CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
+ dw = CAMELLIA_RL8(dw);/* round 16 */
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
+ CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
+ dw = CAMELLIA_RL8(dw);/* round 17 */
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
+ CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
+ dw = CAMELLIA_RL8(dw);/* round 18 */
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
+ CamelliaSubkeyL(23) = dw;
+
+ return;
+ }
+
+void camellia_setup256(const u8 *key, u32 *subkey)
+ {
+ u32 kll,klr,krl,krr; /* left half of key */
+ u32 krll,krlr,krrl,krrr; /* right half of key */
+ u32 il, ir, t0, t1, w0, w1; /* temporary variables */
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[34];
+ u32 subR[34];
+
+ /**
+ * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+ * (|| is concatination)
+ */
+
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ krll = GETU32(key + 16);
+ krlr = GETU32(key + 20);
+ krrl = GETU32(key + 24);
+ krrr = GETU32(key + 28);
+
+ /* generate KL dependent subkeys */
+ /* kw1 */
+ subl(0) = kll; subr(0) = klr;
+ /* kw2 */
+ subl(1) = krl; subr(1) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+ /* k9 */
+ subl(12) = kll; subr(12) = klr;
+ /* k10 */
+ subl(13) = krl; subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* kl3 */
+ subl(16) = kll; subr(16) = klr;
+ /* kl4 */
+ subl(17) = krl; subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k17 */
+ subl(22) = kll; subr(22) = klr;
+ /* k18 */
+ subl(23) = krl; subr(23) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ /* k23 */
+ subl(30) = kll; subr(30) = klr;
+ /* k24 */
+ subl(31) = krl; subr(31) = krr;
+
+ /* generate KR dependent subkeys */
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ /* k3 */
+ subl(4) = krll; subr(4) = krlr;
+ /* k4 */
+ subl(5) = krrl; subr(5) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ /* kl1 */
+ subl(8) = krll; subr(8) = krlr;
+ /* kl2 */
+ subl(9) = krrl; subr(9) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k13 */
+ subl(18) = krll; subr(18) = krlr;
+ /* k14 */
+ subl(19) = krrl; subr(19) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+ /* k19 */
+ subl(26) = krll; subr(26) = krlr;
+ /* k20 */
+ subl(27) = krrl; subr(27) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+ /* generate KA */
+ kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+ krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ kll ^= krll; klr ^= krlr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KB */
+ krll ^= kll; krlr ^= klr;
+ krrl ^= krl; krrr ^= krr;
+ CAMELLIA_F(krll, krlr,
+ CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+ w0, w1, il, ir, t0, t1);
+ krrl ^= w0; krrr ^= w1;
+ CAMELLIA_F(krrl, krrr,
+ CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+ w0, w1, il, ir, t0, t1);
+ krll ^= w0; krlr ^= w1;
+
+ /* generate KA dependent subkeys */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k5 */
+ subl(6) = kll; subr(6) = klr;
+ /* k6 */
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ /* k11 */
+ subl(14) = kll; subr(14) = klr;
+ /* k12 */
+ subl(15) = krl; subr(15) = krr;
+ /* rotation left shift 32bit */
+ /* kl5 */
+ subl(24) = klr; subr(24) = krl;
+ /* kl6 */
+ subl(25) = krr; subr(25) = kll;
+ /* rotation left shift 49 from k11,k12 -> k21,k22 */
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+ /* k21 */
+ subl(28) = kll; subr(28) = klr;
+ /* k22 */
+ subl(29) = krl; subr(29) = krr;
+
+ /* generate KB dependent subkeys */
+ /* k1 */
+ subl(2) = krll; subr(2) = krlr;
+ /* k2 */
+ subl(3) = krrl; subr(3) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k7 */
+ subl(10) = krll; subr(10) = krlr;
+ /* k8 */
+ subl(11) = krrl; subr(11) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k15 */
+ subl(20) = krll; subr(20) = krlr;
+ /* k16 */
+ subl(21) = krrl; subr(21) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+ /* kw3 */
+ subl(32) = krll; subr(32) = krlr;
+ /* kw4 */
+ subl(33) = krrl; subr(33) = krrr;
+
+ /* absorb kw2 to other subkeys */
+/* round 2 */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+/* round 4 */
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+/* round 6 */
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9),
+ subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
+/* round 8 */
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+/* round 10 */
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+/* round 12 */
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17),
+ subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
+/* round 14 */
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+/* round 16 */
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+/* round 18 */
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(25);
+ dw = subl(1) & subl(25),
+ subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
+/* round 20 */
+ subl(27) ^= subl(1); subr(27) ^= subr(1);
+/* round 22 */
+ subl(29) ^= subl(1); subr(29) ^= subr(1);
+/* round 24 */
+ subl(31) ^= subl(1); subr(31) ^= subr(1);
+/* kw3 */
+ subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(33); kw4r = subr(33);
+/* round 23 */
+ subl(30) ^= kw4l; subr(30) ^= kw4r;
+/* round 21 */
+ subl(28) ^= kw4l; subr(28) ^= kw4r;
+/* round 19 */
+ subl(26) ^= kw4l; subr(26) ^= kw4r;
+ kw4l ^= kw4r & ~subr(24);
+ dw = kw4l & subl(24),
+ kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
+/* round 17 */
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+/* round 15 */
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+/* round 13 */
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16),
+ kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+/* round 9 */
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+/* round 7 */
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8),
+ kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+/* round 3 */
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+/* round 1 */
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+/* kw1 */
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3); /* round 1 */
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), /* FL(kl1) */
+ tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), /* FLinv(kl2) */
+ tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), /* FL(kl3) */
+ tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), /* FLinv(kl4) */
+ tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ tl = subl(26) ^ (subr(26)
+ & ~subr(24));
+ dw = tl & subl(24), /* FL(kl5) */
+ tr = subr(26) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
+ CamelliaSubkeyR(23) = subr(22) ^ tr;
+ CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
+ CamelliaSubkeyR(24) = subr(24);
+ CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
+ CamelliaSubkeyR(25) = subr(25);
+ tl = subl(23) ^ (subr(23) &
+ ~subr(25));
+ dw = tl & subl(25), /* FLinv(kl6) */
+ tr = subr(23) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
+ CamelliaSubkeyR(26) = tr ^ subr(27);
+ CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
+ CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+ CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
+ CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+ CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
+ CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+ CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
+ CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+ CamelliaSubkeyL(31) = subl(30); /* round 24 */
+ CamelliaSubkeyR(31) = subr(30);
+ CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
+ CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
+ dw = CAMELLIA_RL8(dw);/* round 1 */
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
+ CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
+ dw = CAMELLIA_RL8(dw);/* round 2 */
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
+ CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
+ dw = CAMELLIA_RL8(dw);/* round 3 */
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
+ CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
+ dw = CAMELLIA_RL8(dw);/* round 4 */
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
+ CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
+ dw = CAMELLIA_RL8(dw);/* round 5 */
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
+ CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
+ dw = CAMELLIA_RL8(dw);/* round 6 */
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
+ CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
+ dw = CAMELLIA_RL8(dw);/* round 7 */
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
+ CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
+ dw = CAMELLIA_RL8(dw);/* round 8 */
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
+ CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
+ dw = CAMELLIA_RL8(dw);/* round 9 */
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
+ CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
+ dw = CAMELLIA_RL8(dw);/* round 10 */
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
+ CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
+ dw = CAMELLIA_RL8(dw);/* round 11 */
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
+ CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
+ dw = CAMELLIA_RL8(dw);/* round 12 */
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
+ CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
+ dw = CAMELLIA_RL8(dw);/* round 13 */
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
+ CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
+ dw = CAMELLIA_RL8(dw);/* round 14 */
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
+ CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
+ dw = CAMELLIA_RL8(dw);/* round 15 */
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
+ CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
+ dw = CAMELLIA_RL8(dw);/* round 16 */
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
+ CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
+ dw = CAMELLIA_RL8(dw);/* round 17 */
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
+ CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
+ dw = CAMELLIA_RL8(dw);/* round 18 */
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
+ CamelliaSubkeyL(23) = dw;
+ dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
+ dw = CAMELLIA_RL8(dw);/* round 19 */
+ CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
+ CamelliaSubkeyL(26) = dw;
+ dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
+ dw = CAMELLIA_RL8(dw);/* round 20 */
+ CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
+ CamelliaSubkeyL(27) = dw;
+ dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
+ dw = CAMELLIA_RL8(dw);/* round 21 */
+ CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
+ CamelliaSubkeyL(28) = dw;
+ dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
+ dw = CAMELLIA_RL8(dw);/* round 22 */
+ CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
+ CamelliaSubkeyL(29) = dw;
+ dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
+ dw = CAMELLIA_RL8(dw);/* round 23 */
+ CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
+ CamelliaSubkeyL(30) = dw;
+ dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
+ dw = CAMELLIA_RL8(dw);/* round 24 */
+ CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
+ CamelliaSubkeyL(31) = dw;
+
+
+ return;
+ }
+
+void camellia_setup192(const u8 *key, u32 *subkey)
+ {
+ u8 kk[32];
+ u32 krll, krlr, krrl,krrr;
+
+ memcpy(kk, key, 24);
+ memcpy((u8 *)&krll, key+16,4);
+ memcpy((u8 *)&krlr, key+20,4);
+ krrl = ~krll;
+ krrr = ~krlr;
+ memcpy(kk+24, (u8 *)&krrl, 4);
+ memcpy(kk+28, (u8 *)&krrr, 4);
+ camellia_setup256(kk, subkey);
+ return;
+ }
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ */
+void camellia_encrypt128(const u32 *subkey, u32 *io)
+ {
+ u32 il, ir, t0, t1;
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+ /* main iteration */
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(24);
+ io[3] ^= CamelliaSubkeyR(24);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+ }
+
+void camellia_decrypt128(const u32 *subkey, u32 *io)
+ {
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(24);
+ io[1] ^= CamelliaSubkeyR(24);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+ }
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void camellia_encrypt256(const u32 *subkey, u32 *io)
+ {
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(32);
+ io[3] ^= CamelliaSubkeyR(32);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+ }
+
+void camellia_decrypt256(const u32 *subkey, u32 *io)
+ {
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(32);
+ io[1] ^= CamelliaSubkeyR(32);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/camellia/camellia.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/camellia.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,134 @@
+/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_CAMELLIA
+#error CAMELLIA is disabled.
+#endif
+
+#define CAMELLIA_ENCRYPT 1
+#define CAMELLIA_DECRYPT 0
+
+/* Because array size can't be a const in C, the following two are macros.
+ Both sizes are in bytes. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+ /* to match with WORD */
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+struct camellia_key_st
+ {
+ KEY_TABLE_TYPE rd_key;
+ int bitLength;
+ void (*enc)(const unsigned int *subkey, unsigned int *io);
+ void (*dec)(const unsigned int *subkey, unsigned int *io);
+ };
+
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+#ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key);
+#endif
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+ const int nbits,const CAMELLIA_KEY *key,
+ unsigned char *ivec,const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+ unsigned int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !HEADER_Camellia_H */
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,273 @@
+/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc) {
+
+ unsigned long n;
+ unsigned long len = length;
+ const unsigned char *iv = ivec;
+ union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
+ u8 t8 [CAMELLIA_BLOCK_SIZE]; } tmp;
+ const union { long one; char little; } camellia_endian = {1};
+
+
+ assert(in && out && key && ivec);
+ assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+
+ if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)
+ {
+ if (CAMELLIA_ENCRYPT == enc)
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ XOR4WORD2((u32 *)out,
+ (u32 *)in, (u32 *)iv);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->enc(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ iv = out;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ for(n=0; n < len; ++n)
+ out[n] = in[n] ^ iv[n];
+ for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->enc(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ iv = out;
+ }
+ memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+ }
+ else if (in != out)
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ memcpy(out,in,CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key,(u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ XOR4WORD((u32 *)out, (u32 *)iv);
+ iv = in;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for(n=0; n < len; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+ }
+ else /* in == out */
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ XOR4WORD((u32 *)out, (u32 *)ivec);
+ memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key,(u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ for(n=0; n < len; ++n)
+ out[n] ^= ivec[n];
+ for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = tmp.t8[n];
+ memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ }
+ }
+ }
+ else /* no aligned */
+ {
+ if (CAMELLIA_ENCRYPT == enc)
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] = in[n] ^ iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->enc(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ iv = out;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ for(n=0; n < len; ++n)
+ tmp.t8[n] = in[n] ^ iv[n];
+ for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] = iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->enc(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ iv = out;
+ }
+ memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+ }
+ else if (in != out)
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key,tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for(n=0; n < len; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+ }
+ else
+ {
+ while (len >= CAMELLIA_BLOCK_SIZE)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] ^= ivec[n];
+ memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len)
+ {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key,tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for(n=0; n < len; ++n)
+ tmp.t8[n] ^= ivec[n];
+ memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
+ memcpy(out,tmp.t8,len);
+ }
+ }
+ }
+}
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,235 @@
+/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include "e_os.h"
+
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+ {
+
+ unsigned int n;
+ unsigned long l = length;
+ unsigned char c;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ if (enc)
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ ivec[n] = *(out++) = *(in++) ^ ivec[n];
+ n = (n+1) % CAMELLIA_BLOCK_SIZE;
+ }
+ }
+ else
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ c = *(in);
+ *(out++) = *(in++) ^ ivec[n];
+ ivec[n] = c;
+ n = (n+1) % CAMELLIA_BLOCK_SIZE;
+ }
+ }
+
+ *num=n;
+ }
+
+/* This expects a single block of size nbits for both in and out. Note that
+ it corrupts any extra bits in the last byte of out */
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+ const int nbits,const CAMELLIA_KEY *key,
+ unsigned char *ivec,const int enc)
+ {
+ int n,rem,num;
+ unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
+
+ if (nbits<=0 || nbits>128) return;
+
+ /* fill in the first half of the new IV with the current IV */
+ memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
+ /* construct the new IV */
+ Camellia_encrypt(ivec,ivec,key);
+ num = (nbits+7)/8;
+ if (enc) /* encrypt the input */
+ for(n=0 ; n < num ; ++n)
+ out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+ else /* decrypt the input */
+ for(n=0 ; n < num ; ++n)
+ out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+ /* shift ovec left... */
+ rem = nbits%8;
+ num = nbits/8;
+ if(rem==0)
+ memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
+ else
+ for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
+ ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+ /* it is not necessary to cleanse ovec, since the IV is not secret */
+ }
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+ {
+ unsigned int n;
+ unsigned char c[1],d[1];
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ memset(out,0,(length+7)/8);
+ for(n=0 ; n < length ; ++n)
+ {
+ c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+ Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+ out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+ }
+ }
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+ {
+ unsigned int n;
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for(n=0 ; n < length ; ++n)
+ Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,143 @@
+/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code
+ * is endian-neutral. */
+/* increment counter (128-bit int) by 1 */
+static void Camellia_ctr128_inc(unsigned char *counter)
+ {
+ unsigned long c;
+
+ /* Grab bottom dword of counter and increment */
+ c = GETU32(counter + 12);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 12, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+ c = GETU32(counter + 8);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 8, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+ c = GETU32(counter + 4);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 4, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab top dword of counter and increment */
+ c = GETU32(counter + 0);
+ c++; c &= 0xFFFFFFFF;
+ PUTU32(counter + 0, c);
+ }
+
+/* The input encrypted as though 128bit counter mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf. Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to Camellia_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV. This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+ unsigned int *num)
+ {
+
+ unsigned int n;
+ unsigned long l=length;
+
+ assert(in && out && key && counter && num);
+ assert(*num < CAMELLIA_BLOCK_SIZE);
+
+ n = *num;
+
+ while (l--)
+ {
+ if (n == 0)
+ {
+ Camellia_encrypt(ivec, ecount_buf, key);
+ Camellia_ctr128_inc(ivec);
+ }
+ *(out++) = *(in++) ^ ecount_buf[n];
+ n = (n+1) % CAMELLIA_BLOCK_SIZE;
+ }
+
+ *num=n;
+ }
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,74 @@
+/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key, const int enc)
+ {
+
+ assert(in && out && key);
+ assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+
+ if (CAMELLIA_ENCRYPT == enc)
+ Camellia_encrypt(in, out, key);
+ else
+ Camellia_decrypt(in, out, key);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,165 @@
+/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ * http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+#define HEADER_CAMELLIA_LOCL_H
+
+#include "openssl/e_os2.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
+
+#else /* not windows */
+# define GETU32(pt) (((u32)(pt)[0] << 24) \
+ ^ ((u32)(pt)[1] << 16) \
+ ^ ((u32)(pt)[2] << 8) \
+ ^ ((u32)(pt)[3]))
+
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
+ (ct)[1] = (u8)((st) >> 16); \
+ (ct)[2] = (u8)((st) >> 8); \
+ (ct)[3] = (u8)(st); }
+
+#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
+#define CAMELLIA_SWAP4(x) \
+ do{\
+ asm("bswap %1" : "+r" (x));\
+ }while(0)
+#else
+#define CAMELLIA_SWAP4(x) \
+ do{\
+ x = ((u32)x << 16) + ((u32)x >> 16);\
+ x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
+ } while(0)
+#endif
+#endif
+
+#define COPY4WORD(dst, src) \
+ do \
+ { \
+ (dst)[0]=(src)[0]; \
+ (dst)[1]=(src)[1]; \
+ (dst)[2]=(src)[2]; \
+ (dst)[3]=(src)[3]; \
+ }while(0)
+
+#define SWAP4WORD(word) \
+ do \
+ { \
+ CAMELLIA_SWAP4((word)[0]); \
+ CAMELLIA_SWAP4((word)[1]); \
+ CAMELLIA_SWAP4((word)[2]); \
+ CAMELLIA_SWAP4((word)[3]); \
+ }while(0)
+
+#define XOR4WORD(a, b)/* a = a ^ b */ \
+ do \
+ { \
+ (a)[0]^=(b)[0]; \
+ (a)[1]^=(b)[1]; \
+ (a)[2]^=(b)[2]; \
+ (a)[3]^=(b)[3]; \
+ }while(0)
+
+#define XOR4WORD2(a, b, c)/* a = b ^ c */ \
+ do \
+ { \
+ (a)[0]=(b)[0]^(c)[0]; \
+ (a)[1]=(b)[1]^(c)[1]; \
+ (a)[2]=(b)[2]^(c)[2]; \
+ (a)[3]=(b)[3]^(c)[3]; \
+ }while(0)
+
+
+void camellia_setup128(const u8 *key, u32 *subkey);
+void camellia_setup192(const u8 *key, u32 *subkey);
+void camellia_setup256(const u8 *key, u32 *subkey);
+
+void camellia_encrypt128(const u32 *subkey, u32 *io);
+void camellia_decrypt128(const u32 *subkey, u32 *io);
+void camellia_encrypt256(const u32 *subkey, u32 *io);
+void camellia_decrypt256(const u32 *subkey, u32 *io);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,129 @@
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key)
+#ifdef OPENSSL_FIPS
+ {
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(CAMELLIA)
+ return private_Camellia_set_key(userKey, bits, key);
+ }
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key)
+#endif
+ {
+ if (!userKey || !key)
+ {
+ return -1;
+ }
+
+ switch(bits)
+ {
+ case 128:
+ camellia_setup128(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt128;
+ key->dec = camellia_decrypt128;
+ break;
+ case 192:
+ camellia_setup192(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt256;
+ key->dec = camellia_decrypt256;
+ break;
+ case 256:
+ camellia_setup256(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt256;
+ key->dec = camellia_decrypt256;
+ break;
+ default:
+ return -2;
+ }
+
+ key->bitLength = bits;
+ return 0;
+ }
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key)
+ {
+ u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
+ const union { long one; char little; } camellia_endian = {1};
+
+ memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little) SWAP4WORD(tmp);
+ key->enc(key->rd_key, tmp);
+ if (camellia_endian.little) SWAP4WORD(tmp);
+ memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+ }
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key)
+ {
+ u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
+ const union { long one; char little; } camellia_endian = {1};
+
+ memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little) SWAP4WORD(tmp);
+ key->dec(key->rd_key, tmp);
+ if (camellia_endian.little) SWAP4WORD(tmp);
+ memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+ }
+
Added: vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,141 @@
+/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used. The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num) {
+
+ unsigned int n;
+ unsigned long l=length;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ *(out++) = *(in++) ^ ivec[n];
+ n = (n+1) % CAMELLIA_BLOCK_SIZE;
+ }
+
+ *num=n;
+}
Added: vendor-crypto/openssl/dist/crypto/cast/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/Makefile (rev 0)
+++ vendor-crypto/openssl/dist/crypto/cast/Makefile 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,109 @@
+#
+# OpenSSL/crypto/cast/Makefile
+#
+
+DIR= cast
+TOP= ../..
+CC= cc
+CPP= $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CAST_ENC=c_enc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+# ELF
+cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@)
+# COFF
+cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@)
+# a.out
+cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
Added: vendor-crypto/openssl/dist/crypto/cast/asm/cast-586.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/asm/cast-586.pl (rev 0)
+++ vendor-crypto/openssl/dist/crypto/cast/asm/cast-586.pl 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,176 @@
+#!/usr/local/bin/perl
+
+# define for pentium pro friendly version
+$ppro=1;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
+
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+
+ at F1=("add","xor","sub");
+ at F2=("xor","sub","add");
+ at F3=("sub","add","xor");
+
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+sub CAST_encrypt {
+ local($name,$enc)=@_;
+
+ local($win_ex)=<<"EOF";
+EXTERN _CAST_S_table0:DWORD
+EXTERN _CAST_S_table1:DWORD
+EXTERN _CAST_S_table2:DWORD
+EXTERN _CAST_S_table3:DWORD
+EOF
+ &main::external_label(
+ "CAST_S_table0",
+ "CAST_S_table1",
+ "CAST_S_table2",
+ "CAST_S_table3",
+ );
+
+ &function_begin_B($name,$win_ex);
+
+ &comment("");
+
+ &push("ebp");
+ &push("ebx");
+ &mov($tmp2,&wparam(0));
+ &mov($K,&wparam(1));
+ &push("esi");
+ &push("edi");
+
+ &comment("Load the 2 words");
+ &mov($L,&DWP(0,$tmp2,"",0));
+ &mov($R,&DWP(4,$tmp2,"",0));
+
+ &comment('Get short key flag');
+ &mov($tmp3,&DWP(128,$K,"",0));
+ if($enc) {
+ &push($tmp3);
+ } else {
+ &or($tmp3,$tmp3);
+ &jnz(&label('cast_dec_skip'));
+ }
+
+ &xor($tmp3, $tmp3);
+
+ # encrypting part
+
+ if ($enc) {
+ &E_CAST( 0,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 1,$S,$R,$L,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 2,$S,$L,$R,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 3,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 4,$S,$L,$R,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 5,$S,$R,$L,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 6,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 7,$S,$R,$L,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 8,$S,$L,$R,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 9,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(10,$S,$L,$R,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(11,$S,$R,$L,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &comment('test short key flag');
+ &pop($tmp4);
+ &or($tmp4,$tmp4);
+ &jnz(&label('cast_enc_done'));
+ &E_CAST(12,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(13,$S,$R,$L,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(14,$S,$L,$R,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(15,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ } else {
+ &E_CAST(15,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(14,$S,$R,$L,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(13,$S,$L,$R,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(12,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &set_label('cast_dec_skip');
+ &E_CAST(11,$S,$L,$R,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST(10,$S,$R,$L,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 9,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 8,$S,$R,$L,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 7,$S,$L,$R,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 6,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 5,$S,$L,$R,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 4,$S,$R,$L,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 3,$S,$L,$R,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 2,$S,$R,$L,$K, at F3,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 1,$S,$L,$R,$K, at F2,$tmp1,$tmp2,$tmp3,$tmp4);
+ &E_CAST( 0,$S,$R,$L,$K, at F1,$tmp1,$tmp2,$tmp3,$tmp4);
+ }
+
+ &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+ &nop();
+ &mov($tmp3,&wparam(0));
+ &mov(&DWP(4,$tmp3,"",0),$L);
+ &mov(&DWP(0,$tmp3,"",0),$R);
+ &function_end($name);
+}
+
+sub E_CAST {
+ local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+ # Ri needs to have 16 pre added.
+
+ &comment("round $i");
+ &mov( $tmp4, &DWP($i*8,$K,"",1));
+
+ &mov( $tmp1, &DWP($i*8+4,$K,"",1));
+ &$OP1( $tmp4, $R);
+
+ &rotl( $tmp4, &LB($tmp1));
+
+ if ($ppro) {
+ &mov( $tmp2, $tmp4); # B
+ &xor( $tmp1, $tmp1);
+
+ &movb( &LB($tmp1), &HB($tmp4)); # A
+ &and( $tmp2, 0xff);
+
+ &shr( $tmp4, 16); #
+ &xor( $tmp3, $tmp3);
+ } else {
+ &mov( $tmp2, $tmp4); # B
+ &movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD
+
+ &shr( $tmp4, 16); #
+ &and( $tmp2, 0xff);
+ }
+
+ &movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD
+ &and( $tmp4, 0xff); # D
+
+ &mov( $tmp1, &DWP($S1,"",$tmp1,4));
+ &mov( $tmp2, &DWP($S2,"",$tmp2,4));
+
+ &$OP2( $tmp1, $tmp2);
+ &mov( $tmp2, &DWP($S3,"",$tmp3,4));
+
+ &$OP3( $tmp1, $tmp2);
+ &mov( $tmp2, &DWP($S4,"",$tmp4,4));
+
+ &$OP1( $tmp1, $tmp2);
+ # XXX
+
+ &xor( $L, $tmp1);
+ # XXX
+}
+
Added: vendor-crypto/openssl/dist/crypto/cast/asm/readme
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/asm/readme (rev 0)
+++ vendor-crypto/openssl/dist/crypto/cast/asm/readme 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+
+This flag makes the inner loop one cycle longer, but generates
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium. By default, this flag is on.
+
Added: vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,121 @@
+/* crypto/cast/c_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used. The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule, unsigned char *ivec,
+ int *num, int enc)
+ {
+ register CAST_LONG v0,v1,t;
+ register int n= *num;
+ register long l=length;
+ CAST_LONG ti[2];
+ unsigned char *iv,c,cc;
+
+ iv=ivec;
+ if (enc)
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ n2l(iv,v0); ti[0]=v0;
+ n2l(iv,v1); ti[1]=v1;
+ CAST_encrypt((CAST_LONG *)ti,schedule);
+ iv=ivec;
+ t=ti[0]; l2n(t,iv);
+ t=ti[1]; l2n(t,iv);
+ iv=ivec;
+ }
+ c= *(in++)^iv[n];
+ *(out++)=c;
+ iv[n]=c;
+ n=(n+1)&0x07;
+ }
+ }
+ else
+ {
+ while (l--)
+ {
+ if (n == 0)
+ {
+ n2l(iv,v0); ti[0]=v0;
+ n2l(iv,v1); ti[1]=v1;
+ CAST_encrypt((CAST_LONG *)ti,schedule);
+ iv=ivec;
+ t=ti[0]; l2n(t,iv);
+ t=ti[1]; l2n(t,iv);
+ iv=ivec;
+ }
+ cc= *(in++);
+ c=iv[n];
+ iv[n]=cc;
+ *(out++)=c^cc;
+ n=(n+1)&0x07;
+ }
+ }
+ v0=v1=ti[0]=ti[1]=t=c=cc=0;
+ *num=n;
+ }
Added: vendor-crypto/openssl/dist/crypto/cast/c_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_ecb.c (rev 0)
+++ vendor-crypto/openssl/dist/crypto/cast/c_ecb.c 2014-10-12 20:29:54 UTC (rev 6868)
@@ -0,0 +1,79 @@
+/* crypto/cast/c_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply