diff options
| author | Dariusz Michaluk <d.michaluk@samsung.com> | 2018-11-22 11:55:26 +0100 |
|---|---|---|
| committer | Dariusz Michaluk <d.michaluk@samsung.com> | 2018-11-22 13:47:50 +0100 |
| commit | 111e264fd888ce206c52b23f5b2ba2aaacd9871d (patch) | |
| tree | 9e60a99f41af60d3d51d79c1359cd52dcfc70b15 | |
| parent | e563b86134091e0ad20fb66418f803acc20e210e (diff) | |
| parent | 1f964107cef6adef924015b1d3c73722fb809a5c (diff) | |
| download | openssl-111e264fd888ce206c52b23f5b2ba2aaacd9871d.tar.gz openssl-111e264fd888ce206c52b23f5b2ba2aaacd9871d.tar.bz2 openssl-111e264fd888ce206c52b23f5b2ba2aaacd9871d.zip | |
Merge branch 'upstream' into tizen_basesubmit/tizen_base/20181122.132101submit/tizen_5.0_base/20181122.132113accepted/tizen/base/20181123.165027
Change-Id: If02e1fb86dfbd1760b7dbc2cfc31fd5145ce5991
181 files changed, 4436 insertions, 8039 deletions
diff --git a/.travis-create-release.sh b/.travis-create-release.sh deleted file mode 100644 index 0404fc1..0000000 --- a/.travis-create-release.sh +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -# $1 is expected to be $TRAVIS_OS_NAME - -if [ "$1" == osx ]; then - make -f Makefile.org \ - DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist -else - make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist -fi diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index c3e035e..0000000 --- a/.travis.yml +++ /dev/null @@ -1,69 +0,0 @@ -language: c - -addons: - apt_packages: - - binutils-mingw-w64 - - gcc-mingw-w64 - -os: - - linux - -compiler: - - clang - - gcc - - i686-w64-mingw32-gcc - - x86_64-w64-mingw32-gcc - -env: - - CONFIG_OPTS="" - - CONFIG_OPTS="shared" - - CONFIG_OPTS="-d --strict-warnings" - -matrix: - exclude: - - os: osx - compiler: i686-w64-mingw32-gcc - - os: osx - compiler: x86_64-w64-mingw32-gcc - - compiler: i686-w64-mingw32-gcc - env: CONFIG_OPTS="-d --strict-warnings" - - compiler: x86_64-w64-mingw32-gcc - env: CONFIG_OPTS="-d --strict-warnings" - -before_script: - - sh .travis-create-release.sh $TRAVIS_OS_NAME - - tar -xvzf _srcdist.tar.gz - - cd _srcdist - - if [ "$CC" == i686-w64-mingw32-gcc ]; then - export CROSS_COMPILE=${CC%%gcc}; unset CC; - ./Configure mingw $CONFIG_OPTS; - elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then - export CROSS_COMPILE=${CC%%gcc}; unset CC; - ./Configure mingw64 $CONFIG_OPTS; - else - if [ "$CC" == gcc ]; then - export CONFIG_OPTS="$CONFIG_OPTS -Wno-error=shadow"; - fi; - ./config $CONFIG_OPTS; - fi - - cd .. - -script: - - cd _srcdist - - if make ; then - echo -e '+\057 MAKE OK'; - else - echo -e '+\057 MAKE FAILED'; false; - fi; - - if [ -z "$CROSS_COMPILE" ]; then - if make test; then - echo -e '+\057\057 MAKE TEST OK'; - else - echo -e '+\057\057 MAKE TEST FAILED'; false; - fi; - fi - - cd .. - -notifications: - email: - secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" @@ -7,6 +7,94 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2p and 1.0.2q [20 Nov 2018] + + *) Microarchitecture timing vulnerability in ECC scalar multiplication + + OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been + shown to be vulnerable to a microarchitecture timing side channel attack. + An attacker with sufficient access to mount local timing attacks during + ECDSA signature generation could recover the private key. + + This issue was reported to OpenSSL on 26th October 2018 by Alejandro + Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and + Nicola Tuveri. + (CVE-2018-5407) + [Billy Brumley] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object + Module, accidentally introduced while backporting security fixes from the + development branch and hindering the use of ECC in FIPS mode. + [Nicola Tuveri] + + Changes between 1.0.2o and 1.0.2p [14 Aug 2018] + + *) Client DoS due to large DH parameter + + During key agreement in a TLS handshake using a DH(E) based ciphersuite a + malicious server can send a very large prime value to the client. This will + cause the client to spend an unreasonably long period of time generating a + key for this prime resulting in a hang until the client has finished. This + could be exploited in a Denial Of Service attack. + + This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken + (CVE-2018-0732) + [Guido Vranken] + + *) Cache timing vulnerability in RSA Key Generation + + The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to + a cache timing side channel attack. An attacker with sufficient access to + mount cache timing attacks during the RSA key generation process could + recover the private key. + + This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera + Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. + (CVE-2018-0737) + [Billy Brumley] + + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str + parameter is no longer accepted, as it leads to a corrupt table. NULL + pem_str is reserved for alias entries only. + [Richard Levitte] + + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia Käsper] + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] *) Constructed ASN.1 types with a recursive definition could exceed the stack diff --git a/CONTRIBUTING b/CONTRIBUTING index f734d77..efcb0b8 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,26 +1,26 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------- +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. - 1. Anything other than trivial contributions will require a contributor - licensing agreement, giving us permission to use your code. See - https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + + 1. Anything other than a trivial contribution requires a Contributor + License Agreement (CLA), giving us permission to use your code. See + https://www.openssl.org/policies/cla.html for details. If your + contribution is too small to require a CLA, put "CLA: trivial" on a + line by itself in your commit message body. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -34,21 +34,21 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase - often. We do not accept merge commits; You will be asked to remove - them before a patch is considered acceptable. + often. We do not accept merge commits, you will have to remove them + (usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see - https://www.openssl.org/policies/codingstyle.html) and compile without - warnings. Where gcc or clang is availble you should use the + https://www.openssl.org/policies/codingstyle.html) and compile + without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. - Clean builds via Travis and AppVeyor are expected, and done whenever - a PR is created or updated. + platforms: try to ensure you only use portable features. Clean builds + via Travis and AppVeyor are required, and they are started automatically + whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/apps, doc/crypto - and doc/ssl for examples of our style. + documentation. Please look at the "pod" files in doc for + examples of our style. @@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled)) $depflags .= " -DOPENSSL_NO_$ALGO"; } } + if (/^comp$/) { $zlib = 0; } } print "\n"; @@ -1671,6 +1672,13 @@ while (<PIPE>) { } close(PIPE); +# Xcode did not handle $cc -M before clang support +my $cc_as_makedepend = 0; +if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__}) + && !defined($predefined{__clang__}))) { + $cc_as_makedepend = 1; +} + if ($strict_warnings) { my $wopt; @@ -1730,14 +1738,14 @@ while (<IN>) s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -4,18 +4,18 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2o +VERSION=1.0.2q MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 -SHLIB_EXT= -PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=dist -SHLIB_TARGET= +SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +PLATFORM=linux-x86_64 +OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack +SHLIB_TARGET=linux-shared # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -59,11 +59,11 @@ OPENSSLDIR=/usr/local/ssl # equal 4. # PKCS1_CHECK - pkcs1 tests. -CC= cc -CFLAG= -O +CC= gcc +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= -EX_LIBS= +EX_LIBS= -ldl EXE_EXT= ARFLAGS= AR= ar $(ARFLAGS) r @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG= cc +MAKEDEPPROG= gcc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in @@ -89,23 +89,23 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= mem_clr.o -BN_ASM= bn_asm.o -EC_ASM= +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes_core.o aes_cbc.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o rc4_skey.o +RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o RMD160_ASM_OBJ= -WP_ASM_OBJ= wp_block.o -CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o -MODES_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_ASM_OBJ= -PERLASM_SCHEME= +PERLASM_SCHEME= elf # KRB5 stuff KRB5_INCLUDES= @@ -177,8 +177,8 @@ LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= +SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so +SHARED_LDFLAGS=-m64 GENERAL= Makefile BASENAME= openssl diff --git a/Makefile.bak b/Makefile.bak index 1920c3c..1de4ac3 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -4,18 +4,18 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2o +VERSION=1.0.2q-dev MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 -SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -PLATFORM=linux-x86_64 -OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack -SHLIB_TARGET=linux-shared +SHLIB_EXT= +PLATFORM=gcc +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=gcc +SHLIB_TARGET= # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -60,10 +60,10 @@ OPENSSLDIR=/usr/local/ssl # PKCS1_CHECK - pkcs1 tests. CC= gcc -CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM +CFLAG= -O3 DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= -EX_LIBS= -ldl +EX_LIBS= EXE_EXT= ARFLAGS= AR= ar $(ARFLAGS) r @@ -89,23 +89,23 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= x86_64cpuid.o -BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o +CPUID_OBJ= mem_clr.o +BN_ASM= bn_asm.o +EC_ASM= DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +AES_ENC= aes_core.o aes_cbc.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o +RC4_ENC= rc4_enc.o rc4_skey.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= md5-x86_64.o -SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +MD5_ASM_OBJ= +SHA1_ASM_OBJ= RMD160_ASM_OBJ= -WP_ASM_OBJ= wp-x86_64.o -CMLL_ENC= cmll-x86_64.o cmll_misc.o -MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o +WP_ASM_OBJ= wp_block.o +CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o +MODES_ASM_OBJ= ENGINES_ASM_OBJ= -PERLASM_SCHEME= elf +PERLASM_SCHEME= # KRB5 stuff KRB5_INCLUDES= @@ -177,8 +177,8 @@ LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= -SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so -SHARED_LDFLAGS=-m64 +SHARED_LIBS_LINK_EXTS= +SHARED_LDFLAGS= GENERAL= Makefile BASENAME= openssl @@ -5,6 +5,16 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] + + o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + + Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] + + o Client DoS due to large DH parameter (CVE-2018-0732) + o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] o Constructed ASN.1 types with a recursive definition could exceed the @@ -1,7 +1,7 @@ - OpenSSL 1.0.2o 27 Mar 2018 + OpenSSL 1.0.2q 20 Nov 2018 - Copyright (c) 1998-2015 The OpenSSL Project + Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -1,6767 +0,0 @@ -Output of `Configure TABLE': - -*** BC-32 -$cc = bcc32 -$cflags = -$unistd = -$thread_cflag = -$sys_id = WIN32 -$lflags = -$bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** BS2000-OSD -$cc = c89 -$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** BSD-generic32 -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-generic64 -$cc = gcc -$cflags = -O3 -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-ia64 -$cc = gcc -$cflags = -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-sparc64 -$cc = gcc -$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-sparcv8 -$cc = gcc -$cflags = -DB_ENDIAN -O3 -mcpu=v8 -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-x86 -$cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = a.out -$dso_scheme = dlfcn -$shared_target= bsd-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-x86-elf -$cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** BSD-x86_64 -$cc = cc -$cflags = -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** Cygwin -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -$unistd = -$thread_cflag = -$sys_id = CYGWIN -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = coff -$dso_scheme = dlfcn -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -$shared_ldflag = -shared -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - -*** Cygwin-x86_64 -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -$sys_id = CYGWIN -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = mingw64 -$dso_scheme = dlfcn -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -$shared_ldflag = -shared -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - -*** DJGPP -$cc = gcc -$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = MSDOS -$lflags = -L/dev/env/WATT_ROOT/lib -lwatt -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = a.out -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** MPE/iX-gcc -$cc = gcc -$cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB -$unistd = -$thread_cflag = (unknown) -$sys_id = MPE -$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** OS2-EMX -$cc = gcc -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** OS390-Unix -$cc = c89.sh -$cflags = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** QNX6 -$cc = gcc -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -lsocket -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** QNX6-i386 -$cc = gcc -$cflags = -DL_ENDIAN -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -lsocket -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** ReliantUNIX -$cc = cc -$cflags = -KPIC -g -DTERMIOS -DB_ENDIAN -$unistd = -$thread_cflag = -Kthread -$sys_id = SNI -$lflags = -lsocket -lnsl -lc -L/usr/ucblib -lucb -$bn_ops = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= reliantunix-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** SINIX -$cc = cc -$cflags = -O -$unistd = -$thread_cflag = (unknown) -$sys_id = SNI -$lflags = -lsocket -lnsl -lc -L/usr/ucblib -lucb -$bn_ops = RC4_INDEX RC4_CHAR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** SINIX-N -$cc = /usr/ucb/cc -$cflags = -O2 -misaligned -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lucb -$bn_ops = RC4_INDEX RC4_CHAR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** UWIN -$cc = cc -$cflags = -DTERMIOS -DL_ENDIAN -O -Wall -$unistd = -$thread_cflag = -$sys_id = UWIN -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** VC-CE -$cc = cl -$cflags = -$unistd = -$thread_cflag = -$sys_id = WINCE -$lflags = -$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** VC-WIN32 -$cc = cl -$cflags = -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN32 -$lflags = -$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = win32n -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** VC-WIN64A -$cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN64A -$lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = x86_64cpuid.o -$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = auto -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** VC-WIN64I -$cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN64I -$lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = ia64cpuid.o -$bn_obj = ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = ias -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** aix-cc -$cc = cc -$cflags = -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -$unistd = -$thread_cflag = -qthreaded -D_THREAD_SAFE -$sys_id = AIX -$lflags = -$bn_ops = BN_LLONG RC4_CHAR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = aix32 -$dso_scheme = dlfcn -$shared_target= aix-shared -$shared_cflag = -$shared_ldflag = -q32 -G -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -X 32 -$multilib = - -*** aix-gcc -$cc = gcc -$cflags = -O -DB_ENDIAN -$unistd = -$thread_cflag = -pthread -$sys_id = AIX -$lflags = -$bn_ops = BN_LLONG RC4_CHAR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = aix32 -$dso_scheme = dlfcn -$shared_target= aix-shared -$shared_cflag = -$shared_ldflag = -shared -Wl,-G -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -X32 -$multilib = - -*** aix3-cc -$cc = cc -$cflags = -O -DB_ENDIAN -qmaxmem=16384 -$unistd = -$thread_cflag = (unknown) -$sys_id = AIX -$lflags = -$bn_ops = BN_LLONG RC4_CHAR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** aix64-cc -$cc = cc -$cflags = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -$unistd = -$thread_cflag = -qthreaded -D_THREAD_SAFE -$sys_id = AIX -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = aix64 -$dso_scheme = dlfcn -$shared_target= aix-shared -$shared_cflag = -$shared_ldflag = -q64 -G -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -X 64 -$multilib = - -*** aix64-gcc -$cc = gcc -$cflags = -maix64 -O -DB_ENDIAN -$unistd = -$thread_cflag = -pthread -$sys_id = AIX -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = aix64 -$dso_scheme = dlfcn -$shared_target= aix-shared -$shared_cflag = -$shared_ldflag = -maix64 -shared -Wl,-G -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -X64 -$multilib = - -*** android -$cc = gcc -$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** android-armv7 -$cc = gcc -$cflags = -march=armv7-a -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = armcap.o armv4cpuid.o -$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-armv4.o ghashv8-armx.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** android-mips -$cc = gcc -$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = o32 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** android-x86 -$cc = gcc -$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = android -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** aux3-gcc -$cc = gcc -$cflags = -O2 -DTERMIO -$unistd = -$thread_cflag = (unknown) -$sys_id = AUX -$lflags = -lbsd -$bn_ops = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** beos-x86-bone -$cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = BEOS -$lflags = -lbe -lbind -lsocket -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = beos -$shared_target= beos-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** beos-x86-r5 -$cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = BEOS -$lflags = -lbe -lnet -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = beos -$shared_target= beos-shared -$shared_cflag = -fPIC -DPIC -$shared_ldflag = -shared -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** bsdi-elf-gcc -$cc = gcc -$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** cc -$cc = cc -$cflags = -O -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** cray-j90 -$cc = cc -$cflags = -DBIT_FIELD_LIMITS -DTERMIOS -$unistd = -$thread_cflag = (unknown) -$sys_id = CRAY -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** cray-t3e -$cc = cc -$cflags = -DBIT_FIELD_LIMITS -DTERMIOS -$unistd = -$thread_cflag = (unknown) -$sys_id = CRAY -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** darwin-i386-cc -$cc = cc -$cflags = -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch i386 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** darwin-ppc-cc -$cc = cc -$cflags = -arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = osx32 -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch ppc -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** darwin64-ppc-cc -$cc = cc -$cflags = -arch ppc64 -O3 -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = osx64 -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch ppc64 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** darwin64-x86_64-cc -$cc = cc -$cflags = -arch x86_64 -O3 -DL_ENDIAN -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch x86_64 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lefence -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-BSD-x86-elf -$cc = gcc -$cflags = -DL_ENDIAN -O3 -Wall -g -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-VC-WIN32 -$cc = cl -$cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN32 -$lflags = -$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = win32n -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-VC-WIN64A -$cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN64A -$lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = x86_64cpuid.o -$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = auto -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-VC-WIN64I -$cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN64I -$lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = ia64cpuid.o -$bn_obj = ia64.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = ias -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-darwin64 -$cc = cc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch x86_64 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-ben-debug -$cc = gcc44 -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-debug-64 -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-ben-debug-64-clang -$cc = clang -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-ben-macos -$cc = cc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -Wl,-search_paths_first -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-macos-gcc46 -$cc = gcc-mp-4.6 -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-no-opt -$cc = gcc -$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3 -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-openbsd -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-openbsd-debug -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-ben-strict -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-bodo -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** debug-darwin-i386-cc -$cc = cc -$cflags = -arch i386 -g3 -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch i386 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-darwin-ppc-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = osx32 -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -$shared_ldflag = -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-darwin64-x86_64-cc -$cc = cc -$cflags = -arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch x86_64 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-geoff32 -$cc = gcc -$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-geoff64 -$cc = gcc -$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-elf -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-elf-extreme -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-noasm -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-noasm-extreme -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-elf -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lefence -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-elf-noefence -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-generic32 -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-generic64 -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-ia32-aes -$cc = gcc -$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes_x86core.o aes_cbc.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-pentium -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-linux-ppro -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-linux-x86_64 -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** debug-linux-x86_64-clang -$cc = clang -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** debug-rse -$cc = cc -$cflags = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv8-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv8-gcc -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv9-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv9-gcc -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-steve-opt -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-steve32 -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -rdynamic -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-steve64 -$cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-vos-gcc -$cc = gcc -$cflags = -O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -$unistd = -$thread_cflag = (unknown) -$sys_id = VOS -$lflags = -Wl,-map -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** dgux-R3-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = RC4_INDEX DES_UNROLL -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** dgux-R4-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lnsl -lsocket -$bn_ops = RC4_INDEX DES_UNROLL -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** dgux-R4-x86-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -DL_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lnsl -lsocket -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** dist -$cc = cc -$cflags = -O -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** gcc -$cc = gcc -$cflags = -O3 -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** hpux-cc -$cc = cc -$cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-gcc -$cc = gcc -$cflags = -DB_ENDIAN -DBN_DIV2W -O3 -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-ia64-cc -$cc = cc -$cflags = -Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = +DD32 -b -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /hpux32 - -*** hpux-ia64-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = -fpic -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /hpux32 - -*** hpux-parisc-cc -$cc = cc -$cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-parisc-cc-o4 -$cc = cc -$cflags = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldld -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-parisc-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-parisc1_1-cc -$cc = cc -$cflags = +DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = pariscid.o -$bn_obj = bn_asm.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa1.1 - -*** hpux-parisc1_1-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = pariscid.o -$bn_obj = bn_asm.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa1.1 - -*** hpux-parisc2-cc -$cc = cc -$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = pariscid.o -$bn_obj = pa-risc2.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_32 - -*** hpux-parisc2-gcc -$cc = gcc -$cflags = -march=2.0 -O3 -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -Wl,+s -ldld -$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = pariscid.o -$bn_obj = pa-risc2.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_32 - -*** hpux64-ia64-cc -$cc = cc -$cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = +DD64 -b -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /hpux64 - -*** hpux64-ia64-gcc -$cc = gcc -$cflags = -mlp64 -O3 -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = -fpic -$shared_ldflag = -mlp64 -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /hpux64 - -*** hpux64-parisc2-cc -$cc = cc -$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = pariscid.o -$bn_obj = pa-risc2W.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 64 -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = +DD64 -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_64 - -*** hpux64-parisc2-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -D_REENTRANT -$unistd = -$thread_cflag = -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = -$bn_obj = pa-risc2W.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= hpux-shared -$shared_cflag = -fpic -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_64 - -*** hurd-x86 -$cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** iphoneos-cross -$cc = llvm-gcc -$cflags = -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = iOS -$lflags = -Wl,-search_paths_first% -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** irix-cc -$cc = cc -$cflags = -O2 -use_readonly_const -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = o32 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** irix-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = o32 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** irix-mips3-cc -$cc = cc -$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W -$unistd = -$thread_cflag = -D_SGI_MP_SOURCE -$sys_id = -$lflags = -$bn_ops = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = n32 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -n32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 32 - -*** irix-mips3-gcc -$cc = gcc -$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W -$unistd = -$thread_cflag = -D_SGI_MP_SOURCE -$sys_id = -$lflags = -$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = n32 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -mabi=n32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 32 - -*** irix64-mips4-cc -$cc = cc -$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W -$unistd = -$thread_cflag = -D_SGI_MP_SOURCE -$sys_id = -$lflags = -$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = 64 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** irix64-mips4-gcc -$cc = gcc -$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W -$unistd = -$thread_cflag = -D_SGI_MP_SOURCE -$sys_id = -$lflags = -$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = 64 -$dso_scheme = dlfcn -$shared_target= irix-shared -$shared_cflag = -$shared_ldflag = -mabi=64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux-aarch64 -$cc = gcc -$cflags = -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashv8-armx.o -$engines_obj = -$perlasm_scheme = linux64 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-alpha+bwx-ccc -$cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** linux-alpha+bwx-gcc -$cc = gcc -$cflags = -O3 -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-alpha-ccc -$cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** linux-alpha-gcc -$cc = gcc -$cflags = -O3 -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-aout -$cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = a.out -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** linux-armv4 -$cc = gcc -$cflags = -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = armcap.o armv4cpuid.o -$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-armv4.o ghashv8-armx.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-elf -$cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-generic32 -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-generic64 -$cc = gcc -$cflags = -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-ia32-icc -$cc = icc -$cflags = -DL_ENDIAN -O2 -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -no_cpprt -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -KPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-ia64 -$cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-ia64-icc -$cc = icc -$cflags = -DL_ENDIAN -O2 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -no_cpprt -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT -$cpuid_obj = ia64cpuid.o -$bn_obj = bn-ia64.o ia64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ia64.o -$bf_obj = -$md5_obj = md5-ia64.o -$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o -$cast_obj = -$rc4_obj = rc4-ia64.o rc4_skey.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-ia64.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-mips32 -$cc = gcc -$cflags = -mabi=32 -O3 -Wall -DBN_DIV3W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = o32 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-mips64 -$cc = gcc -$cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = n32 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -mabi=n32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 32 - -*** linux-ppc -$cc = gcc -$cflags = -DB_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = linux32 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-ppc64 -$cc = gcc -$cflags = -m64 -DB_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = linux64 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux-ppc64le -$cc = gcc -$cflags = -m64 -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = linux64le -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-sparcv8 -$cc = gcc -$cflags = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-sparcv9 -$cc = gcc -$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** linux-x32 -$cc = gcc -$cflags = -mx32 -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -mx32 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = x32 - -*** linux-x86_64 -$cc = gcc -$cflags = -m64 -DL_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux-x86_64-clang -$cc = clang -$cflags = -m64 -DL_ENDIAN -O3 -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux-x86_64-icc -$cc = icc -$cflags = -DL_ENDIAN -O2 -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -no_cpprt -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux32-s390x -$cc = gcc -$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = s390xcap.o s390xcpuid.o -$bn_obj = bn_asm.o s390x-mont.o s390x-gf2m.o -$ec_obj = -$des_obj = -$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o -$cast_obj = -$rc4_obj = rc4-s390x.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-s390x.o -$engines_obj = -$perlasm_scheme = 31 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m31 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /highgprs - -*** linux64-mips64 -$cc = gcc -$cflags = -mabi=64 -O3 -Wall -DBN_DIV3W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = 64 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -mabi=64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux64-s390x -$cc = gcc -$cflags = -m64 -DB_ENDIAN -O3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = s390xcap.o s390xcpuid.o -$bn_obj = bn-s390x.o s390x-mont.o s390x-gf2m.o -$ec_obj = -$des_obj = -$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o -$cast_obj = -$rc4_obj = rc4-s390x.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-s390x.o -$engines_obj = -$perlasm_scheme = 64 -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** linux64-sparcv9 -$cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - -*** mingw -$cc = gcc -$cflags = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall -$unistd = -$thread_cflag = -D_MT -$sys_id = MINGW32 -$lflags = -lws2_32 -lgdi32 -lcrypt32 -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = coff -$dso_scheme = win32 -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -DOPENSSL_USE_APPLINK -$shared_ldflag = -mno-cygwin -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - -*** mingw64 -$cc = gcc -$cflags = -mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -$unistd = -$thread_cflag = -D_MT -$sys_id = MINGW64 -$lflags = -lws2_32 -lgdi32 -lcrypt32 -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = mingw64 -$dso_scheme = win32 -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -$shared_ldflag = -mno-cygwin -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - -*** ncr-scde -$cc = cc -$cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -lc89 -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-clib -$cc = mwccnlm -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-clib-bsdsock -$cc = mwccnlm -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-clib-bsdsock-gcc -$cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-clib-gcc -$cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-libc -$cc = mwccnlm -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-libc-bsdsock -$cc = mwccnlm -$cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-libc-bsdsock-gcc -$cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** netware-libc-gcc -$cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** newsos4-gcc -$cc = gcc -$cflags = -O -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = NEWS4 -$lflags = -lmld -liberty -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** nextstep -$cc = cc -$cflags = -O -Wall -$unistd = <libc.h> -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** nextstep3.3 -$cc = cc -$cflags = -O3 -Wall -$unistd = <libc.h> -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** osf1-alpha-cc -$cc = cc -$cflags = -std1 -tune host -O4 -readonly_strings -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= alpha-osf1-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** osf1-alpha-gcc -$cc = gcc -$cflags = -O3 -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1 -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= alpha-osf1-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** purify -$cc = purify gcc -$cflags = -g -DPURIFY -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** qnx4 -$cc = cc -$cflags = -DL_ENDIAN -DTERMIO -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** rhapsody-ppc-cc -$cc = cc -$cflags = -O3 -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = MACOSX_RHAPSODY -$lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** sco5-cc -$cc = cc -$cflags = -belf -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf-1 -$dso_scheme = dlfcn -$shared_target= svr3-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** sco5-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf-1 -$dso_scheme = dlfcn -$shared_target= svr3-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv7-cc -$cc = cc -$cflags = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv7-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv8-cc -$cc = cc -$cflags = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv8-gcc -$cc = gcc -$cflags = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv9-cc -$cc = cc -$cflags = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv9-gcc -$cc = gcc -$cflags = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-x86-cc -$cc = cc -$cflags = -fast -xarch=generic -O -Xa -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-x86-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris64-sparcv9-cc -$cc = cc -$cflags = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -xarch=v9 -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /64 - -*** solaris64-sparcv9-gcc -$cc = gcc -$cflags = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /64 - -*** solaris64-x86_64-cc -$cc = cc -$cflags = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -xarch=amd64 -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /64 - -*** solaris64-x86_64-gcc -$cc = gcc -$cflags = -m64 -O3 -Wall -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -shared -static-libgcc -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /64 - -*** sunos-gcc -$cc = gcc -$cflags = -O3 -mcpu=v8 -Dssize_t=int -$unistd = -$thread_cflag = (unknown) -$sys_id = SUNOS -$lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** tandem-c89 -$cc = c89 -$cflags = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = THIRTY_TWO_BIT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** tru64-alpha-cc -$cc = cc -$cflags = -std1 -tune host -fast -readonly_strings -$unistd = -$thread_cflag = -pthread -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= alpha-osf1-shared -$shared_cflag = -$shared_ldflag = -msym -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** uClinux-dist -$cc = -$cflags = $(CFLAGS) -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = $(LDFLAGS) $(LDLIBS) -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** uClinux-dist64 -$cc = -$cflags = $(CFLAGS) -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = $(LDFLAGS) $(LDLIBS) -$bn_ops = SIXTY_FOUR_BIT_LONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** ultrix-cc -$cc = cc -$cflags = -std1 -O -Olimit 2500 -DL_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** ultrix-gcc -$cc = gcc -$cflags = -O3 -DL_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** unixware-2.0 -$cc = cc -$cflags = -DFILIO_H -DNO_STRINGS_H -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** unixware-2.1 -$cc = cc -$cflags = -O -DFILIO_H -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** unixware-7 -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf-1 -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** unixware-7-gcc -$cc = gcc -$cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = -$perlasm_scheme = elf-1 -$dso_scheme = dlfcn -$shared_target= gnu-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** vos-gcc -$cc = gcc -$cflags = -O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = VOS -$lflags = -Wl,-map -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** vxworks-mips -$cc = ccmips -$cflags = -mrtp -mips2 -O -G 0 -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/h/wrn/coreip -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = VXWORKS -$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon -$bn_ops = -$cpuid_obj = -$bn_obj = bn-mips.o mips-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_cbc.o aes-mips.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-mips.o sha256-mips.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = o32 -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = ranlibmips -$arflags = -$multilib = - -*** vxworks-ppc405 -$cc = ccppc -$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -r -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-ppc60x -$cc = ccppc -$cflags = -D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/common -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-ppc750 -$cc = ccppc -$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h $(DEBUG_FLAG) -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -r -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-ppc750-debug -$cc = ccppc -$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -r -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-ppc860 -$cc = ccppc -$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -r -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-ppcgen -$cc = ccppc -$cflags = -D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** vxworks-simlinux -$cc = ccpentium -$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK -$unistd = -$thread_cflag = -$sys_id = VXWORKS -$lflags = -r -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = ranlibpentium -$arflags = -$multilib = diff --git a/apps/CA.pl b/apps/CA.pl new file mode 100644 index 0000000..43c20b2 --- /dev/null +++ b/apps/CA.pl @@ -0,0 +1,188 @@ +#!/usr/bin/perl +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq[-nodes] ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# 27-Apr-98 snh Translation into perl, fix existing CA bug. +# +# +# Steve Henson +# shenson@bigfoot.com + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + +$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; + +$CATOP="./demoCA"; +$CAKEY="cakey.pem"; +$CAREQ="careq.pem"; +$CACERT="cacert.pem"; + +$DIRMODE = 0777; + +$RET = 0; + +foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); + $RET=$?; + print "Certificate is in newcert.pem, private key is in newkey.pem\n" + } elsif (/^-newreq$/) { + # create a certificate request + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request is in newreq.pem, private key is in newkey.pem\n"; + } elsif (/^-newreq-nodes$/) { + # create a certificate request + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request is in newreq.pem, private key is in newkey.pem\n"; + } elsif (/^-newca$/) { + # if explicitly asked for or it doesn't exist then setup the + # directory structure that Eric likes to manage things + $NEW="1"; + if ( "$NEW" || ! -f "${CATOP}/serial" ) { + # create the directory hierarchy + mkdir $CATOP, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + } + if ( ! -f "${CATOP}/private/$CAKEY" ) { + print "CA certificate filename (or enter to create)\n"; + $FILE = <STDIN>; + + chop $FILE; + + # ask user for existing CA certificate + if ($FILE) { + cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + $RET=$?; + } else { + print "Making CA certificate ...\n"; + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); + $RET=$?; + } + } + } elsif (/^-pkcs12$/) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . + "-certfile ${CATOP}/$CACERT -out newcert.p12 " . + "-export -name \"$cname\""); + $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; + exit $RET; + } elsif (/^-xsign$/) { + system ("$CA -policy policy_anything -infiles newreq.pem"); + $RET=$?; + } elsif (/^(-sign|-signreq)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles newreq.pem"); + $RET=$?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^(-signCA)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-extensions v3_ca -infiles newreq.pem"); + $RET=$?; + print "Signed CA certificate is in newcert.pem\n"; + } elsif (/^-signcert$/) { + system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . + "-out tmp.pem"); + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles tmp.pem"); + $RET = $?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-verify$/) { + if (shift) { + foreach $j (@ARGV) { + system ("$VERIFY -CAfile $CATOP/$CACERT $j"); + $RET=$? if ($? != 0); + } + exit $RET; + } else { + system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); + $RET=$?; + exit 0; + } + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + exit 1; + } +} + +exit $RET; + +sub cp_pem { +my ($infile, $outfile, $bound) = @_; +open IN, $infile; +open OUT, ">$outfile"; +my $flag = 0; +while (<IN>) { + $flag = 1 if (/^-----BEGIN.*$bound/) ; + print OUT $_ if ($flag); + if (/^-----END.*$bound/) { + close IN; + close OUT; + return; + } +} +} diff --git a/apps/CA.pl.bak b/apps/CA.pl.bak new file mode 100644 index 0000000..43c20b2 --- /dev/null +++ b/apps/CA.pl.bak @@ -0,0 +1,188 @@ +#!/usr/bin/perl +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq[-nodes] ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# 27-Apr-98 snh Translation into perl, fix existing CA bug. +# +# +# Steve Henson +# shenson@bigfoot.com + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + +$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; + +$CATOP="./demoCA"; +$CAKEY="cakey.pem"; +$CAREQ="careq.pem"; +$CACERT="cacert.pem"; + +$DIRMODE = 0777; + +$RET = 0; + +foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); + $RET=$?; + print "Certificate is in newcert.pem, private key is in newkey.pem\n" + } elsif (/^-newreq$/) { + # create a certificate request + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request is in newreq.pem, private key is in newkey.pem\n"; + } elsif (/^-newreq-nodes$/) { + # create a certificate request + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request is in newreq.pem, private key is in newkey.pem\n"; + } elsif (/^-newca$/) { + # if explicitly asked for or it doesn't exist then setup the + # directory structure that Eric likes to manage things + $NEW="1"; + if ( "$NEW" || ! -f "${CATOP}/serial" ) { + # create the directory hierarchy + mkdir $CATOP, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + } + if ( ! -f "${CATOP}/private/$CAKEY" ) { + print "CA certificate filename (or enter to create)\n"; + $FILE = <STDIN>; + + chop $FILE; + + # ask user for existing CA certificate + if ($FILE) { + cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + $RET=$?; + } else { + print "Making CA certificate ...\n"; + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); + $RET=$?; + } + } + } elsif (/^-pkcs12$/) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . + "-certfile ${CATOP}/$CACERT -out newcert.p12 " . + "-export -name \"$cname\""); + $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; + exit $RET; + } elsif (/^-xsign$/) { + system ("$CA -policy policy_anything -infiles newreq.pem"); + $RET=$?; + } elsif (/^(-sign|-signreq)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles newreq.pem"); + $RET=$?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^(-signCA)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-extensions v3_ca -infiles newreq.pem"); + $RET=$?; + print "Signed CA certificate is in newcert.pem\n"; + } elsif (/^-signcert$/) { + system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . + "-out tmp.pem"); + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles tmp.pem"); + $RET = $?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-verify$/) { + if (shift) { + foreach $j (@ARGV) { + system ("$VERIFY -CAfile $CATOP/$CACERT $j"); + $RET=$? if ($? != 0); + } + exit $RET; + } else { + system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); + $RET=$?; + exit 0; + } + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + exit 1; + } +} + +exit $RET; + +sub cp_pem { +my ($infile, $outfile, $bound) = @_; +open IN, $infile; +open OUT, ">$outfile"; +my $flag = 0; +while (<IN>) { + $flag = 1 if (/^-----BEGIN.*$bound/) ; + print OUT $_ if ($flag); + if (/^-----END.*$bound/) { + close IN; + close OUT; + return; + } +} +} diff --git a/apps/apps.c b/apps/apps.c index c5a5152..fc1bae0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 0a6b990..5b0def7 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -295,7 +295,7 @@ int MAIN(int argc, char **argv) ASN1_TYPE *atmp; int typ; j = atoi(sk_OPENSSL_STRING_value(osk, i)); - if (j == 0) { + if (j <= 0 || j >= tmplen) { BIO_printf(bio_err, "'%s' is an invalid number\n", sk_OPENSSL_STRING_value(osk, i)); continue; @@ -327,14 +327,14 @@ int MAIN(int argc, char **argv) num = tmplen; } - if (offset >= num) { - BIO_printf(bio_err, "Error: offset too large\n"); + if (offset < 0 || offset >= num) { + BIO_printf(bio_err, "Error: offset out of range\n"); goto end; } num -= offset; - if ((length == 0) || ((long)length > num)) + if (length == 0 || length > (unsigned int)num) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { @@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv) if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto err; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto err; } } diff --git a/apps/ocsp.c b/apps/ocsp.c index 654eebc..678e993 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -787,7 +787,6 @@ int MAIN(int argc, char **argv) OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; - ret = 0; goto end; } diff --git a/apps/passwd.c b/apps/passwd.c index 56e10ad..718f0e0 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) out_buf[0] = '$'; out_buf[1] = 0; assert(strlen(magic) <= 4); /* "1" or "apr1" */ - strncat(out_buf, magic, 4); - strncat(out_buf, "$", 1); - strncat(out_buf, salt, 8); + BUF_strlcat(out_buf, magic, sizeof(out_buf)); + BUF_strlcat(out_buf, "$", sizeof(out_buf)); + BUF_strlcat(out_buf, salt, sizeof(out_buf)); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); @@ -659,8 +659,7 @@ int MAIN(int argc, char **argv) } } - BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - newkey, keyalgstr); + BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); diff --git a/apps/s_apps.h b/apps/s_apps.h index 5ba1e1d..cbb61ba 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -152,9 +152,8 @@ typedef fd_mask fd_set; #define PROTOCOL "tcp" int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif diff --git a/apps/s_client.c b/apps/s_client.c index c855668..b455d90 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -337,7 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err, " -prexit - print session information even on connection failure\n"); BIO_printf(bio_err, - " -showcerts - show all certificates in the chain\n"); + " -showcerts - Show all certificates sent by the server\n"); BIO_printf(bio_err, " -debug - extra output\n"); #ifdef WATT32 BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); diff --git a/apps/s_server.c b/apps/s_server.c index 83918fb..ce7a1d6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -209,9 +209,9 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif -static int sv_body(char *hostname, int s, int stype, unsigned char *context); -static int www_body(char *hostname, int s, int stype, unsigned char *context); -static int rev_body(char *hostname, int s, int stype, unsigned char *context); +static int sv_body(int s, int stype, unsigned char *context); +static int www_body(int s, int stype, unsigned char *context); +static int rev_body(int s, int stype, unsigned char *context); static void close_accept_socket(void); static void sv_usage(void); static int init_ssl_connection(SSL *s); @@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[]) char *chCApath = NULL, *chCAfile = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL; unsigned char *context = NULL; +#ifndef OPENSSL_NO_DH char *dhfile = NULL; + int no_dhe = 0; +#endif int badop = 0; int ret = 1; int build_chain = 0; - int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; + int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0; int state = 0; const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; @@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_chain_file = *(++argv); - } else if (strcmp(*argv, "-dhparam") == 0) { + } +#ifndef OPENSSL_NO_DH + else if (strcmp(*argv, "-dhparam") == 0) { if (--argc < 1) goto bad; dhfile = *(++argv); - } else if (strcmp(*argv, "-dcertform") == 0) { + } +#endif + else if (strcmp(*argv, "-dcertform") == 0) { if (--argc < 1) goto bad; s_dcert_format = str2fmt(*(++argv)); @@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[]) verify_quiet = 1; } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { no_tmp_rsa = 1; - } else if (strcmp(*argv, "-no_dhe") == 0) { + } +#ifndef OPENSSL_NO_DH + else if (strcmp(*argv, "-no_dhe") == 0) { no_dhe = 1; - } else if (strcmp(*argv, "-no_ecdhe") == 0) { + } +#endif + else if (strcmp(*argv, "-no_ecdhe") == 0) { no_ecdhe = 1; } else if (strcmp(*argv, "-no_resume_ephemeral") == 0) { no_resume_ephemeral = 1; @@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(char *hostname, int s, int stype, unsigned char *context) +static int sv_body(int s, int stype, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file) } #endif -static int www_body(char *hostname, int s, int stype, unsigned char *context) +static int www_body(int s, int stype, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) return (ret); } -static int rev_body(char *hostname, int s, int stype, unsigned char *context) +static int rev_body(int s, int stype, unsigned char *context) { char *buf = NULL; int i; diff --git a/apps/s_socket.c b/apps/s_socket.c index 83624ca..b3848dd 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -109,7 +109,7 @@ static int ssl_sock_init(void); static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port, char *ip, int type); -static int do_accept(int acc_sock, int *sock, char **host); +static int do_accept(int acc_sock, int *sock); static int host_ip(char *str, unsigned char ip[4]); # ifdef OPENSSL_SYS_WIN16 @@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) } int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept) { int sock; - char *name = NULL; int accept_socket = 0; int i; @@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret, } for (;;) { if (type == SOCK_STREAM) { - if (do_accept(accept_socket, &sock, &name) == 0) { + if (do_accept(accept_socket, &sock) == 0) { SHUTDOWN(accept_socket); return (0); } } else sock = accept_socket; - i = (*cb) (name, sock, type, context); - if (name != NULL) - OPENSSL_free(name); + i = (*cb) (sock, type, context); if (type == SOCK_STREAM) SHUTDOWN2(sock); if (naccept != -1) @@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type) return (init_server_long(sock, port, NULL, type)); } -static int do_accept(int acc_sock, int *sock, char **host) +static int do_accept(int acc_sock, int *sock) { int ret; - struct hostent *h1, *h2; - static struct sockaddr_in from; - int len; -/* struct linger ling; */ if (!ssl_sock_init()) - return (0); + return 0; # ifndef OPENSSL_SYS_WINDOWS redoit: # endif - memset((char *)&from, 0, sizeof(from)); - len = sizeof(from); /* * Note: under VMS with SOCKETSHR the fourth parameter is currently of * type (int *) whereas under other systems it is (void *) if you don't * have a cast it will choke the compiler: if you do have a cast then you * can either go for (int *) or (void *). */ - ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); + ret = accept(acc_sock, NULL, NULL); if (ret == INVALID_SOCKET) { # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) int i; @@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **host) fprintf(stderr, "errno=%d ", errno); perror("accept"); # endif - return (0); + return 0; } -/*- - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); - if (i < 0) { perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } -*/ - - if (host == NULL) - goto end; -# ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ - h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, - sizeof(from.sin_addr.s_addr), AF_INET); -# else - h1 = gethostbyaddr((char *)&from.sin_addr, - sizeof(struct in_addr), AF_INET); -# endif - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; - /* return(0); */ - } else { - if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) { - perror("OPENSSL_malloc"); - closesocket(ret); - return (0); - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - - h2 = GetHostByName(*host); - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } - if (h2->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); - closesocket(ret); - return (0); - } - } - end: *sock = ret; - return (1); + return 1; } int extract_host_port(char *str, char **host_ptr, unsigned char *ip, diff --git a/apps/verify.c b/apps/verify.c index c4bd197..180ccf4 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { ERR_print_errors(bio_err); + X509_STORE_CTX_free(csc); goto end; } if (tchain) @@ -992,5 +992,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) diff --git a/crypto/Makefile b/crypto/Makefile index 7869996..180707e 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -36,16 +36,18 @@ TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \ + getenv.c LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \ + $(CPUID_OBJ) SRC= $(LIBSRC) EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ - constant_time_locl.h $(EXHEADER) + constant_time_locl.h bn_int.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -178,6 +180,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c +getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h +getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +getenv.o: getenv.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c index 1b85bc9..3bf676e 100644 --- a/crypto/asn1/a_bool.c +++ b/crypto/asn1/a_bool.c @@ -63,17 +63,31 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) { int r; - unsigned char *p; + unsigned char *p, *allocated = NULL; r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); if (pp == NULL) return (r); - p = *pp; + + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(r)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); - *(p++) = (unsigned char)a; - *pp = p; - return (r); + *p = (unsigned char)a; + + + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + 1; + return r; } int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index ad6b12a..ce05cf4 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -66,7 +66,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { - unsigned char *p; + unsigned char *p, *allocated = NULL; int objsize; if ((a == NULL) || (a->data == NULL)) @@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) if (pp == NULL || objsize == -1) return objsize; - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); memcpy(p, a->data, a->length); - p += a->length; - *pp = p; - return (objsize); + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + a->length; + return objsize; } int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 95f0416..11b21c2 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned char orflags, *p, *q; unsigned long c; p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 43ddebb..cc8f9a8 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -3,7 +3,7 @@ * 2006. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, } else ameth->info = NULL; + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; + if (pem_str) { ameth->pem_str = BUF_strdup(pem_str); if (!ameth->pem_str) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 35a2b2a..36e79d5 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_DO_BUF 221 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_BOOLEAN 223 +# define ASN1_F_I2D_ASN1_OBJECT 222 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 # define ASN1_F_I2D_DSA_PUBKEY 161 @@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cfc1512..9e273dc 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, + {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 081a9d5..1824b2f 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; + if (cont == NULL || len == 0) + return -1; break; case V_ASN1_NULL: diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 5bad0a2..d32b76b 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +#define _DEFAULT_SOURCE +#define _BSD_SOURCE + #include <stdio.h> #include <stdlib.h> #include <errno.h> @@ -83,6 +86,11 @@ NETDB_DEFINE_CONTEXT static int wsa_init_done = 0; # endif +# if defined(__GLIBC__) +# define HAVE_GETHOSTBYNAME_R +# define GETHOSTNAME_R_BUF (2 * 1024) +# endif + /* * WSAAPI specifier is required to make indirect calls to run-time * linked WinSock 2 functions used in this module, to be specific @@ -116,7 +124,12 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) int i; int err = 1; int locked = 0; - struct hostent *he; + struct hostent *he = NULL; +# ifdef HAVE_GETHOSTBYNAME_R + char buf[GETHOSTNAME_R_BUF]; + struct hostent hostent; + int h_errnop; +# endif i = get_ip(str, ip); if (i < 0) { @@ -138,10 +151,18 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) if (i > 0) return (1); + /* if gethostbyname_r is supported, use it. */ +# ifdef HAVE_GETHOSTBYNAME_R + memset(&hostent, 0x00, sizeof(hostent)); + /* gethostbyname_r() sets |he| to NULL on error, we check it further down */ + gethostbyname_r(str, &hostent, buf, sizeof(buf), &he, &h_errnop); +# else /* do a gethostbyname */ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); locked = 1; he = BIO_gethostbyname(str); +# endif + if (he == NULL) { BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); goto err; diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 1283a52..1b063fc 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -1,6 +1,6 @@ /* crypto/bio/bss_log.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index b0394a9..6ccb8e2 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl) } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bm->length; if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) goto end; diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 20e8ef0..9fc4447 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h +bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c +bn_add.o: bn_lcl.h bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h +bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c +bn_asm.o: bn_lcl.h bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h +bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h +bn_blind.o: bn_blind.c bn_lcl.h bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_const.o: ../../include/openssl/opensslconf.h bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h +bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c +bn_ctx.o: bn_lcl.h bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h +bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h +bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c +bn_div.o: bn_lcl.h bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h +bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c +bn_exp2.o: bn_lcl.h bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h +bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c +bn_gcd.o: bn_lcl.h bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h +bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c +bn_gf2m.o: bn_lcl.h bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h +bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c +bn_kron.o: bn_lcl.h bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c +bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_lib.o: bn_lib.c bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c +bn_mod.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_mod.o: bn_mod.c bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c +bn_mont.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_mont.o: bn_mont.c bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c +bn_mpi.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_mpi.o: bn_mpi.c bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c +bn_mul.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_mul.o: bn_mul.c bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c +bn_nist.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_nist.o: bn_nist.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -331,14 +346,15 @@ bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h +bn_prime.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c +bn_print.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_print.o: bn_print.c bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -346,42 +362,47 @@ bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c +bn_rand.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_rand.c bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c +bn_recp.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_recp.o: bn_recp.c bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c +bn_shift.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_shift.o: bn_shift.c bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c +bn_sqr.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_sqr.o: bn_sqr.c bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c +bn_sqrt.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_sqrt.o: bn_sqrt.c bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c +bn_word.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_word.o: bn_word.c bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl index 03596e2..f80cca2 100644 --- a/crypto/bn/asm/alpha-mont.pl +++ b/crypto/bn/asm/alpha-mont.pl @@ -287,15 +287,12 @@ bn_mul_mont: mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 1d330e9..8961180 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -216,14 +216,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy add sp,$num,#4 @ skip over tp[num+1] diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index e258658..7dae817 100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -332,19 +332,19 @@ bn_mul_mont_general: { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index a33cdf4..9b80e84 100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -377,15 +377,13 @@ $code.=<<___; $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index c02ef6f..53e179d 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -510,7 +510,6 @@ L\$sub stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -525,21 +524,19 @@ L\$sub extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy - std,ma $hi0,8($rp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy + std,ma $hi0,8($rp) ___ if ($BN_SZ==4) { # PA-RISC 1.1 code-path @@ -849,17 +846,16 @@ L\$sub_pa11 stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index 6930a3a..ac3b4a4 100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -294,15 +294,16 @@ Lsub: $LDX $tj,$tp,$j li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index 595fc6d..6cf99c5 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1494,16 +1494,14 @@ Lsub: ldx $t0,$tp,$i li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1512,6 +1510,12 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1554,20 +1558,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1576,6 +1581,18 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 2b3f8b0..d4124a8 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -97,7 +97,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index 9fd64e8..46188eb 100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -245,16 +245,16 @@ $code.=<<___; brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index 71b4500..cac60f9 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -878,19 +878,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1126,19 +1124,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index d866287..2043ab0 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -255,7 +255,6 @@ $fname: .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -268,15 +267,14 @@ $fname: add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy @@ -485,6 +483,9 @@ $code.=<<___; mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index c046a51..9179421 100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -203,18 +203,15 @@ $sp=&DWP(28,"esp"); &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 263ac02..002c00c 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -299,23 +299,23 @@ $code.=<<___; sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 1c4003e..d72eb00 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -592,16 +592,18 @@ $sbit=$num; &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 1729b47..aa94a13 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -55,12 +55,6 @@ * machine. */ -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - # undef mul # undef mul_add diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 80492d8..2074fd8 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -293,30 +293,30 @@ $code.=<<___; xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesnn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -686,10 +686,10 @@ ___ my @ri=("%rax","%rdx",$m0,$m1); $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp + lea -4($num),$j mov 0(%rsp),@ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp),@ri[1] # tp[1] - shr \$2,$num # num/=4 + shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp xor $i,$i # i=0 and clear CF! @@ -697,9 +697,7 @@ $code.=<<___; mov 16($ap),@ri[2] # tp[2] mov 24($ap),@ri[3] # tp[3] sbb 8($np),@ri[1] - lea -1($num),$j # j=num/4-1 - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -726,34 +724,35 @@ $code.=<<___; sbb \$0,@ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -1($num),$j - or $np,$ap # ap=borrow?tp:rp - - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 + jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - shl \$2,$num - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 42178e4..f8ff822 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -405,18 +405,19 @@ $code.=<<___; jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 633d1b1..d4b9f27 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) @@ -773,6 +824,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ /* We only need assert() when debugging */ # include <assert.h> +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # ifdef BN_DEBUG_RAND /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ # ifndef RAND_pseudo_bytes @@ -805,8 +866,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - assert((_bnum2->top == 0) || \ - (_bnum2->d[_bnum2->top - 1] != 0)); \ + int _top = _bnum2->top; \ + assert((_top == 0) || \ + (_bnum2->flags & BN_FLG_FIXED_TOP) || \ + (_bnum2->d[_top - 1] != 0)); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -824,6 +887,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index d448daa..a1e5e13 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_blind.c */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -206,10 +206,15 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { - if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) - goto err; - if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) - goto err; + if (b->m_ctx != NULL) { + if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx) + || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx)) + goto err; + } else { + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx) + || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; + } } ret = 1; @@ -241,13 +246,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) else if (!BN_BLINDING_update(b, ctx)) return (0); - if (r != NULL) { - if (!BN_copy(r, b->Ai)) - ret = 0; - } + if (r != NULL && (BN_copy(r, b->Ai) == NULL)) + return 0; - if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) - ret = 0; + if (b->m_ctx != NULL) + ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx); + else + ret = BN_mod_mul(n, n, b->A, b->mod, ctx); return ret; } @@ -264,14 +269,29 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, bn_check_top(n); - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else { - if (b->Ai == NULL) { - BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); - return (0); + if (r == NULL && (r = b->Ai) == NULL) { + BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); + return 0; + } + + if (b->m_ctx != NULL) { + /* ensure that BN_mod_mul_montgomery takes pre-defined path */ + if (n->dmax >= r->top) { + size_t i, rtop = r->top, ntop = n->top; + BN_ULONG mask; + + for (i = 0; i < rtop; i++) { + mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1)); + n->d[i] &= mask; + } + mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); + /* always true, if (rtop >= ntop) n->top = r->top; */ + n->top = (int)(rtop & ~mask) | (ntop & mask); + n->flags |= (BN_FLG_FIXED_TOP & ~mask); } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx); + } else { + ret = BN_mod_mul(n, n, r, b->mod, ctx); } bn_check_top(n); @@ -366,14 +386,19 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, } while (1); if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp - (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) goto err; } + if (ret->m_ctx != NULL) { + if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx) + || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx)) + goto err; + } + return ret; err: if (b == NULL && ret != NULL) { diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index bc37671..460d8b7 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; + wnum.flags = BN_FLG_STATIC_DATA; /* * only needed when BN_ucmp messes up the values between top and max */ diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 40115fc..36b7ba6 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -473,17 +473,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) + if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) + !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } @@ -505,19 +505,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, for (i = 1; i < j; i++) r->d[i] = (~m->d[i]) & BN_MASK2; r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } if (wstart == 0) @@ -548,12 +544,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ @@ -563,6 +559,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (wstart < 0) break; } + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { j = mont->N.top; /* borrow j */ @@ -681,7 +682,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, } b->top = top; - bn_correct_top(b); + b->flags |= BN_FLG_FIXED_TOP; return 1; } @@ -733,8 +734,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -852,16 +853,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; } else #endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_mod(&am, a, m, ctx)) goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) @@ -1128,14 +1129,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, window)) @@ -1159,7 +1160,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Scan the window, squaring the result as we go */ for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); } @@ -1172,12 +1173,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) goto err; } } - /* Convert the final result from montgomery to standard format */ + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { am.d[0] = 1; /* borrow am */ @@ -1247,8 +1252,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1369,9 +1374,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 2c61da1..1d8a271 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -36,7 +36,7 @@ */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -103,30 +103,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 00f4f09..6f7335b 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -113,6 +113,7 @@ # define HEADER_BN_LCL_H # include <openssl/bn.h> +# include "bn_int.h" #ifdef __cplusplus extern "C" { diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 2108cc2..9b95e5f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,8 +263,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -398,8 +396,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -433,7 +429,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) assert(A == &(b->d[b->dmax])); } #endif - bn_check_top(b); return b; } @@ -497,15 +492,18 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0) - BN_set_flags(a, BN_FLG_CONSTTIME); - - a->top = b->top; a->neg = b->neg; + a->top = b->top; + a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); return (a); } +#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ + | BN_FLG_CONSTTIME \ + | BN_FLG_FIXED_TOP)) +#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) + void BN_swap(BIGNUM *a, BIGNUM *b) { int flags_old_a, flags_old_b; @@ -533,10 +531,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) b->dmax = tmp_dmax; b->neg = tmp_neg; - a->flags = - (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = - (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b); + b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a); bn_check_top(a); bn_check_top(b); } @@ -548,6 +544,7 @@ void BN_clear(BIGNUM *a) OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); a->top = 0; a->neg = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } BN_ULONG BN_get_word(const BIGNUM *a) @@ -568,6 +565,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); + a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); return (1); } @@ -616,6 +614,55 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* ignore negative */ +static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + int n; + size_t i, lasti, j, atop, mask; + BN_ULONG l; + + /* + * In case |a| is fixed-top, BN_num_bytes can return bogus length, + * but it's assumed that fixed-top inputs ought to be "nominated" + * even for padded output, so it works out... + */ + n = BN_num_bytes(a); + if (tolen == -1) { + tolen = n; + } else if (tolen < n) { /* uncommon/unlike case */ + BIGNUM temp = *a; + + bn_correct_top(&temp); + n = BN_num_bytes(&temp); + if (tolen < n) + return -1; + } + + /* Swipe through whole available data and don't give away padded zero. */ + atop = a->dmax * BN_BYTES; + if (atop == 0) { + OPENSSL_cleanse(to, tolen); + return tolen; + } + + lasti = atop - 1; + atop = a->top * BN_BYTES; + for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + l = a->d[i / BN_BYTES]; + mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); + *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ + } + + return tolen; +} + +int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + if (tolen < 0) + return -1; + return bn2binpad(a, to, tolen); +} + int BN_bn2bin(const BIGNUM *a, unsigned char *to) { int n, i; @@ -714,6 +761,7 @@ int BN_set_bit(BIGNUM *a, int n) for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; + a->flags &= ~BN_FLG_FIXED_TOP; } a->d[i] |= (((BN_ULONG)1) << j); @@ -855,6 +903,38 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) a->top ^= t; b->top ^= t; + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it + */ + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; + a->flags ^= t; + b->flags ^= t; + #define BN_CONSTTIME_SWAP(ind) \ do { \ t = (a->d[ind] ^ b->d[ind]) & condition; \ diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index ffbce89..255e6e4 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -4,7 +4,7 @@ * for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -149,18 +149,74 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, /* * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m + * less than m. The original algorithm was + * + * if (!BN_uadd(r, a, b)) + * return 0; + * if (BN_ucmp(r, m) >= 0) + * return BN_usub(r, r, m); + * + * which is replaced with addition, subtracting modulus, and conditional + * move depending on whether or not subtraction borrowed. */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) { - if (!BN_uadd(r, a, b)) + size_t i, ai, bi, mtop = m->top; + BN_ULONG storage[1024 / BN_BITS2]; + BN_ULONG carry, temp, mask, *rp, *tp = storage; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, m->top) == NULL) return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); + + if (mtop > sizeof(storage) / sizeof(storage[0]) + && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) + return 0; + + ap = a->d != NULL ? a->d : tp; + bp = b->d != NULL ? b->d : tp; + + for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + temp = ((ap[ai] & mask) + carry) & BN_MASK2; + carry = (temp < carry); + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; + carry += (tp[i] < temp); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + rp = r->d; + carry -= bn_sub_words(rp, tp, m->d, mtop); + for (i = 0; i < mtop; i++) { + rp[i] = (carry & tp[i]) | (~carry & rp[i]); + ((volatile BN_ULONG *)tp)[i] = 0; + } + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + if (tp != storage) + OPENSSL_free(tp); + return 1; } +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + int ret = bn_mod_add_fixed_top(r, a, b, m); + + if (ret) + bn_correct_top(r); + + return ret; +} + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) { @@ -170,6 +226,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, } /* + * BN_mod_sub variant that may be used if both a and b are non-negative, + * a is less than m, while b is of same bit width as m. It's implemented + * as subtraction followed by two conditional additions. + * + * 0 <= a < m + * 0 <= b < 2^w < 2*m + * + * after subtraction + * + * -2*m < r = a - b < m + * + * Thus it takes up to two conditional additions to make |r| positive. + */ +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + size_t i, ai, bi, mtop = m->top; + BN_ULONG borrow, carry, ta, tb, mask, *rp; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, m->top) == NULL) + return 0; + + rp = r->d; + ap = a->d != NULL ? a->d : rp; + bp = b->d != NULL ? b->d : rp; + + for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + ta = ap[ai] & mask; + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tb = bp[bi] & mask; + rp[i] = ta - tb - borrow; + if (ta != tb) + borrow = (ta < tb); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + ap = m->d; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + borrow -= carry; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + return 1; +} + +/* * BN_mod_sub variant that may be used if both a and b are non-negative and * less than m */ diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c170365..76eca50 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -123,12 +123,23 @@ #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { + int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) +{ BIGNUM *tmp; int ret = 0; #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) @@ -140,8 +151,8 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; - bn_correct_top(r); - return (1); + r->flags |= BN_FLG_FIXED_TOP; + return 1; } } #endif @@ -153,21 +164,20 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(tmp); if (a == b) { - if (!BN_sqr(tmp, a, ctx)) + if (!bn_sqr_fixed_top(tmp, a, ctx)) goto err; } else { - if (!BN_mul(tmp, a, b, ctx)) + if (!bn_mul_fixed_top(tmp, a, b, ctx)) goto err; } /* reduce from aRR to aR */ #ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) + if (!bn_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif - bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -175,11 +185,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; + unsigned int rtop; n = &(mont->N); nl = n->top; @@ -197,14 +208,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif + for (rtop = r->top, i = 0; i < max; i++) { + v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); + rp[i] &= v; + } r->top = max; + r->flags |= BN_FLG_FIXED_TOP; n0 = mont->n0[0]; /* @@ -223,6 +233,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) if (bn_wexpand(ret, nl) == NULL) return (0); ret->top = nl; + ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; rp = ret->d; @@ -233,20 +244,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) */ ap = &(r->d[nl]); + carry -= bn_sub_words(rp, ap, np, nl); /* - * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| - * cannot be -1. That would imply the subtraction did not fit in |nl| words, - * and we know at most one subtraction is needed. + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. */ - v = bn_sub_words(rp, ap, np, nl) - carry; - v = 0 - v; for (i = 0; i < nl; i++) { - rp[i] = (v & ap[i]) | (~v & rp[i]); + rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); return (1); } @@ -255,13 +262,26 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { + int retn; + + retn = bn_from_mont_fixed_top(ret, a, mont, ctx); + bn_correct_top(ret); + bn_check_top(ret); + + return retn; +} + +int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ int retn = 0; #ifdef MONT_WORD BIGNUM *t; BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { + retn = bn_from_montgomery_word(ret, t, mont); + } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; @@ -299,6 +319,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, return (retn); } +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); +} + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; @@ -335,7 +361,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - int ret = 0; + int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) @@ -466,6 +492,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; + for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) + mont->RR.d[i] = 0; + mont->RR.top = ret; + mont->RR.flags |= BN_FLG_FIXED_TOP; + ret = 1; err: BN_CTX_end(ctx); diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 6b455a7..f44e5e5 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -936,6 +936,16 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { + int ret = bn_mul_fixed_top(r, a, b, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ int ret = 0; int top, al, bl; BIGNUM *rr; @@ -1042,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 256d26e..44bc554 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -66,6 +66,16 @@ */ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { + int ret = bn_sqr_fixed_top(r, a, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ int max, al; int ret = 0; BIGNUM *tmp, *rr; @@ -135,14 +145,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index f444af3..e40241f 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -4,7 +4,7 @@ * 2005. */ /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -223,8 +223,10 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } diff --git a/crypto/bn_int.h b/crypto/bn_int.h new file mode 100644 index 0000000..a552cc2 --- /dev/null +++ b/crypto/bn_int.h @@ -0,0 +1,21 @@ +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); + +int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index d5f5c58..cd436f7 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -80,12 +80,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. conf_api.o: ../../e_os.h ../../include/openssl/bio.h -conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +conf_api.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h +conf_api.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -conf_api.o: ../../include/openssl/symhacks.h conf_api.c +conf_api.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 4cf7553..480781d 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -66,6 +66,7 @@ #include <assert.h> #include <stdlib.h> #include <string.h> +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/conf_api.h> #include "e_os.h" @@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, if (v != NULL) return (v->value); if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return (p); } @@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, else return (NULL); } else - return (getenv(name)); + return (ossl_safe_getenv(name)); } #if 0 /* There's no way to provide error checking @@ -290,6 +291,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; ok = 1; err: if (!ok) { diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e2a9a81..1df463d 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -4,7 +4,7 @@ * 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void) char *file; int len; - file = getenv("OPENSSL_CONF"); + file = ossl_safe_getenv("OPENSSL_CONF"); if (file) return BUF_strdup(file); diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index fba180a..cdbddf1 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; +char *ossl_safe_getenv(const char *); + #ifdef __cplusplus } #endif diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 37dc418..efed110 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -214,7 +214,8 @@ $! The contents of these variables are copied from the LIBOBJ variable in the $! corresponding Makefile from each corresponding subdirectory, with .o stripped $! and spaces replaced with commas. $ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,cpt_err,ebcdic,"+ - - "uid,o_time,o_str,o_dir,o_fips,o_init,fips_ers,mem_clr" + "uid,o_time,o_str,o_dir,o_fips,o_init,fips_ers,mem_clr,"+ - + "getenv" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" diff --git a/crypto/des/t/test b/crypto/des/t/test deleted file mode 100644 index 97acd05..0000000 --- a/crypto/des/t/test +++ /dev/null @@ -1,27 +0,0 @@ -#!./perl - -BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); } - -use DES; - -$key='00000000'; -$ks=DES::set_key($key); -@a=split(//,$ks); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - - -$key=DES::random_key(); -print "($_)\n"; -@a=split(//,$key); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -$str="this is and again into the breach"; -($k1,$k2)=DES::string_to_2keys($str); -@a=split(//,$k1); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -@a=split(//,$k2); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 6452482..162753a 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -3,7 +3,7 @@ * 2006. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; } #endif - return 1; + return 0; } const EVP_PKEY_METHOD dh_pkey_meth = { diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 545358f..3e6984e 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -307,6 +309,7 @@ void ERR_load_DSA_strings(void); # define DSA_F_I2D_DSA_SIG 111 # define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 127 # define DSA_F_PKEY_DSA_KEYGEN 121 # define DSA_F_SIG_CB 114 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index f5ddc66..7e507fa 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"}, {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"}, + {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "PKEY_DSA_CTRL_STR"}, {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"}, {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, {0, NULL} diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 21af2e1..e55d585 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -146,9 +146,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* invalid q size */ return 0; - if (evpmd == NULL) - /* use SHA1 as default */ - evpmd = EVP_sha1(); + if (evpmd == NULL) { + if (qsize == SHA_DIGEST_LENGTH) + evpmd = EVP_sha1(); + else if (qsize == SHA224_DIGEST_LENGTH) + evpmd = EVP_sha224(); + else + evpmd = EVP_sha256(); + } else { + qsize = EVP_MD_size(evpmd); + } if (bits < 512) bits = 512; @@ -428,6 +435,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, EVP_MD_CTX_init(&mctx); + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index aa10dd1..c887c3c 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -73,6 +73,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -133,17 +135,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL, *r = NULL, *s = NULL; - BIGNUM m; - BIGNUM xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int noredo = 0; - BN_init(&m); - BN_init(&xr); - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -154,6 +152,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if ((dsa->kinv == NULL) || (dsa->r == NULL)) { if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) @@ -173,20 +178,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) * 4.2 */ dlen = BN_num_bytes(dsa->q); - if (BN_bin2bn(dgst, dlen, &m) == NULL) + if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(s, &xr, &m)) - goto err; /* s = m + xr */ - if (BN_cmp(s, dsa->q) > 0) - if (!BN_sub(s, s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(s, s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -210,13 +247,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BN_free(r); BN_free(s); } - if (ctx != NULL) - BN_CTX_free(ctx); - BN_clear_free(&m); - BN_clear_free(&xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - return (ret); + BN_CTX_free(ctx); + BN_clear_free(kinv); + return ret; } static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, @@ -248,7 +281,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; /* Preallocate space */ - q_bits = BN_num_bits(dsa->q); + q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; if (!BN_set_bit(&k, q_bits) || !BN_set_bit(&l, q_bits) || !BN_set_bit(&m, q_bits)) @@ -262,9 +295,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); + BN_set_flags(&l, BN_FLG_CONSTTIME); } - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, CRYPTO_LOCK_DSA, dsa->p, ctx)) @@ -302,8 +335,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(&k, dsa->q, ctx)) == NULL) goto err; if (*kinvp != NULL) @@ -437,3 +470,31 @@ static int dsa_finish(DSA *dsa) BN_MONT_CTX_free(dsa->method_mont_p); return (1); } + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_init(&e); + + if (BN_set_word(r, 2) + && BN_sub(&e, q, r) + && BN_mod_exp_mont(r, k, &e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_free(&e); + return res; +} diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 7872483..7f00e97 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -3,7 +3,7 @@ * 2006. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -230,10 +230,16 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); } - if (!strcmp(type, "dsa_paramgen_md")) { + if (strcmp(type, "dsa_paramgen_md") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); + + if (md == NULL) { + DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)EVP_get_digestbyname(value)); + (void *)md); } return -2; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 2c41c6e..aa5f305 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -3,7 +3,7 @@ * 2006. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { - ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; - if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { + const ASN1_STRING *pstr = pval; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { - ASN1_OBJECT *poid = pval; - EC_GROUP *group; + const ASN1_OBJECT *poid = pval; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) return eckey; ecerr: - if (eckey) - EC_KEY_free(eckey); + EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 969fd14..8665a4c 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -214,7 +214,7 @@ struct ec_group_st { int asn1_flag; /* flag to control the asn1 encoding */ /* * Kludge: upper bit of ans1_flag is used to denote structure - * version. Is set, then last field is present. This is done + * version. If set, then last field is present. This is done * for interoperation with FIPS code. */ #define EC_GROUP_ASN1_FLAG_MASK 0x7fffffff @@ -549,7 +549,6 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); #endif -int ec_precompute_mont_data(EC_GROUP *); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 3241aa5..df56484 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,10 @@ const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; +/* local function prototypes */ + +static int ec_precompute_mont_data(EC_GROUP *group); + /* functions for EC_GROUP objects */ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) @@ -318,12 +322,24 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } else BN_zero(&group->cofactor); - /* - * We ignore the return value because some groups have an order with - * factors of two, which makes the Montgomery setup fail. - * |group->mont_data| will be NULL in this case. + /*- + * Access to the `mont_data` field of an EC_GROUP struct should always be + * guarded by an EC_GROUP_VERSION(group) check to avoid OOB accesses, as the + * group might come from the FIPS module, which does not define the + * `mont_data` field inside the EC_GROUP structure. */ - ec_precompute_mont_data(group); + if (EC_GROUP_VERSION(group)) { + /*- + * Some groups have an order with + * factors of two, which makes the Montgomery setup fail. + * |group->mont_data| will be NULL in this case. + */ + if (BN_is_odd(&group->order)) + return ec_precompute_mont_data(group); + + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; + } return 1; } @@ -1094,18 +1110,23 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group) * been performed */ } -/* +/*- * ec_precompute_mont_data sets |group->mont_data| from |group->order| and * returns one on success. On error it returns zero. + * + * Note: this function must be called only after verifying that + * EC_GROUP_VERSION(group) returns true. + * The reason for this is that access to the `mont_data` field of an EC_GROUP + * struct should always be guarded by an EC_GROUP_VERSION(group) check to avoid + * OOB accesses, as the group might come from the FIPS module, which does not + * define the `mont_data` field inside the EC_GROUP structure. */ +static int ec_precompute_mont_data(EC_GROUP *group) { BN_CTX *ctx = BN_CTX_new(); int ret = 0; - if (!EC_GROUP_VERSION(group)) - goto err; - if (group->mont_data) { BN_MONT_CTX_free(group->mont_data); group->mont_data = NULL; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 2231f99..da71526 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -310,6 +310,224 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) return r; } +#define EC_POINT_BN_set_flags(P, flags) do { \ + BN_set_flags(&(P)->X, (flags)); \ + BN_set_flags(&(P)->Y, (flags)); \ + BN_set_flags(&(P)->Z, (flags)); \ +} while(0) + +/*- + * This functions computes (in constant time) a point multiplication over the + * EC group. + * + * At a high level, it is Montgomery ladder with conditional swaps. + * + * It performs either a fixed scalar point multiplication + * (scalar * generator) + * when point is NULL, or a generic scalar point multiplication + * (scalar * point) + * when point is not NULL. + * + * scalar should be in the range [0,n) otherwise all constant time bets are off. + * + * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, + * which of course are not constant time themselves. + * + * The product is stored in r. + * + * Returns 1 on success, 0 otherwise. + */ +static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) +{ + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *s = NULL; + BIGNUM *k = NULL; + BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + + s = EC_POINT_new(group); + if (s == NULL) + goto err; + + if (point == NULL) { + if (!EC_POINT_copy(s, group->generator)) + goto err; + } else { + if (!EC_POINT_copy(s, point)) + goto err; + } + + EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); + + cardinality = BN_CTX_get(ctx); + lambda = BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + if (k == NULL || !BN_mul(cardinality, &group->order, &group->cofactor, ctx)) + goto err; + + /* + * Group cardinalities are often on a word boundary. + * So when we pad the scalar, some timing diff might + * pop if it needs to be expanded due to carries. + * So expand ahead of time. + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = cardinality->top; + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) + goto err; + + if (!BN_copy(k, scalar)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { + /*- + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(k, k, cardinality, ctx)) + goto err; + } + + if (!BN_add(lambda, k, cardinality)) + goto err; + BN_set_flags(lambda, BN_FLG_CONSTTIME); + if (!BN_add(k, lambda, cardinality)) + goto err; + /* + * lambda := scalar + cardinality + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); + BN_consttime_swap(kbit, k, lambda, group_top + 2); + + group_top = group->field.top; + if ((bn_wexpand(&s->X, group_top) == NULL) + || (bn_wexpand(&s->Y, group_top) == NULL) + || (bn_wexpand(&s->Z, group_top) == NULL) + || (bn_wexpand(&r->X, group_top) == NULL) + || (bn_wexpand(&r->Y, group_top) == NULL) + || (bn_wexpand(&r->Z, group_top) == NULL)) + goto err; + + /* top bit is a 1, in a fixed pos */ + if (!EC_POINT_copy(r, s)) + goto err; + + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); + + if (!EC_POINT_dbl(group, s, s, ctx)) + goto err; + + pbit = 0; + +#define EC_POINT_CSWAP(c, a, b, w, t) do { \ + BN_consttime_swap(c, &(a)->X, &(b)->X, w); \ + BN_consttime_swap(c, &(a)->Y, &(b)->Y, w); \ + BN_consttime_swap(c, &(a)->Z, &(b)->Z, w); \ + t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ + (a)->Z_is_one ^= (t); \ + (b)->Z_is_one ^= (t); \ +} while(0) + + /*- + * The ladder step, with branches, is + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * Swapping R, S conditionally on k[i] leaves you with state + * + * k[i] == 0: T, U = R, S + * k[i] == 1: T, U = S, R + * + * Then perform the ECC ops. + * + * U = add(T, U) + * T = dbl(T) + * + * Which leaves you with state + * + * k[i] == 0: U = add(R, S), T = dbl(R) + * k[i] == 1: U = add(S, R), T = dbl(S) + * + * Swapping T, U conditionally on k[i] leaves you with state + * + * k[i] == 0: R, S = T, U + * k[i] == 1: R, S = U, T + * + * Which leaves you with state + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * So we get the same logic, but instead of a branch it's a + * conditional swap, followed by ECC ops, then another conditional swap. + * + * Optimization: The end of iteration i and start of i-1 looks like + * + * ... + * CSWAP(k[i], R, S) + * ECC + * CSWAP(k[i], R, S) + * (next iteration) + * CSWAP(k[i-1], R, S) + * ECC + * CSWAP(k[i-1], R, S) + * ... + * + * So instead of two contiguous swaps, you can merge the condition + * bits and do a single swap. + * + * k[i] k[i-1] Outcome + * 0 0 No Swap + * 0 1 Swap + * 1 0 Swap + * 1 1 No Swap + * + * This is XOR. pbit tracks the previous bit of k. + */ + + for (i = cardinality_bits - 1; i >= 0; i--) { + kbit = BN_is_bit_set(k, i) ^ pbit; + EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); + if (!EC_POINT_add(group, s, r, s, ctx)) + goto err; + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + /* + * pbit logic merges this cswap with that of the + * next iteration + */ + pbit ^= kbit; + } + /* one final cswap to move the right value into r */ + EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); +#undef EC_POINT_CSWAP + + ret = 1; + + err: + EC_POINT_free(s); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + return ret; +} + +#undef EC_POINT_BN_set_flags + /* * TODO: table should be optimised for the wNAF-based implementation, * sometimes smaller windows will give better performance (thus the @@ -369,6 +587,34 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return EC_POINT_set_to_infinity(group, r); } + if (!BN_is_zero(&group->order) && !BN_is_zero(&group->cofactor)) { + /*- + * Handle the common cases where the scalar is secret, enforcing a constant + * time scalar multiplication algorithm. + */ + if ((scalar != NULL) && (num == 0)) { + /*- + * In this case we want to compute scalar * GeneratorPoint: this + * codepath is reached most prominently by (ephemeral) key generation + * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH + * keygen/first half), where the scalar is always secret. This is why + * we ignore if BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return ec_mul_consttime(group, r, scalar, NULL, ctx); + } + if ((scalar == NULL) && (num == 1)) { + /*- + * In this case we want to compute scalar * GenericPoint: this codepath + * is reached most prominently by the second half of ECDH, where the + * secret scalar is multiplied by the peer's public point. To protect + * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and + * we always call the constant time version. + */ + return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + } + } + for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 9a53a39..0579cac 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM x, y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; + BIGNUM x, y, z; int ret = 0; - memcpy(d_x, in->X, sizeof(d_x)); - x.d = d_x; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + x.d = (BN_ULONG *)in->X; x.dmax = x.top = P256_LIMBS; x.neg = 0; x.flags = BN_FLG_STATIC_DATA; - memcpy(d_y, in->Y, sizeof(d_y)); - y.d = d_y; + y.d = (BN_ULONG *)in->Y; y.dmax = y.top = P256_LIMBS; y.neg = 0; y.flags = BN_FLG_STATIC_DATA; - ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx); + z.d = (BN_ULONG *)ONE; + z.dmax = z.top = P256_LIMBS; + z.neg = 0; + z.flags = BN_FLG_STATIC_DATA; + + if ((ret = (BN_copy(&out->X, &x) != NULL)) + && (ret = (BN_copy(&out->Y, &y) != NULL)) + && (ret = (BN_copy(&out->Z, &z) != NULL))) + out->Z_is_one = 1; return ret; } diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 4ce00e8..2875ddd 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -114,7 +114,7 @@ ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_ossl.o: ../../include/openssl/opensslconf.h ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c +ecs_ossl.o: ../../include/openssl/symhacks.h ../bn_int.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 0f301f8..4350afb 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -137,7 +137,7 @@ int restore_rand(void) return 1; } -static int fbytes_counter = 0; +static int fbytes_counter = 0, use_fake = 0; static const char *numbers[8] = { "651056770906015076056810763456358567190100156695615665659", "6140507067065001063065065565667405560006161556565665656654", @@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num) int ret; BIGNUM *tmp = NULL; + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + if (fbytes_counter >= 8) return 0; tmp = BN_new(); @@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) goto x962_int_err; + use_fake = 1; if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* create the signature */ + use_fake = 1; signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 16d4f59..63c1827 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -60,6 +60,7 @@ #include <openssl/err.h> #include <openssl/obj_mac.h> #include <openssl/bn.h> +#include "bn_int.h" static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, const BIGNUM *, const BIGNUM *, @@ -251,13 +252,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; ECDSA_SIG *ret; ECDSA_DATA *ecdsa; const BIGNUM *priv_key; + BN_MONT_CTX *mont_data; ecdsa = ecdsa_check(eckey); group = EC_KEY_get0_group(eckey); @@ -276,7 +278,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, s = ret->s; if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + (m = BN_new()) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -285,6 +287,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } + mont_data = EC_GROUP_get_mont_data(group); + i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -315,15 +319,27 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + /* + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. + */ + if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) { goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } @@ -353,8 +369,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, BN_CTX_free(ctx); if (m) BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); if (order) BN_free(order); if (kinv) diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index dc2abd2..e605b97 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 83c95d5..5d7eee4 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -62,6 +62,7 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ +#include "cryptlib.h" #include "eng_int.h" /* @@ -369,10 +370,10 @@ ENGINE *ENGINE_by_id(const char *id) */ if (strcmp(id, "dynamic")) { # ifdef OPENSSL_SYS_VMS - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; # else - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; # endif iterator = ENGINE_by_id("dynamic"); diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index a1a9b88..04cb466 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -215,7 +215,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) && + if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) && !strncasecmp(ameth->pem_str, lk->str, lk->len)) { lk->e = e; lk->ameth = ameth; diff --git a/crypto/getenv.c b/crypto/getenv.c new file mode 100644 index 0000000..53f1dfd --- /dev/null +++ b/crypto/getenv.c @@ -0,0 +1,31 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include <stdlib.h> +#include "cryptlib.h" + +char *ossl_safe_getenv(const char *name) +{ +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define SECURE_GETENV + return secure_getenv(name); +# endif +#endif + +#ifndef SECURE_GETENV + if (OPENSSL_issetugid()) + return NULL; + return getenv(name); +#endif +} diff --git a/crypto/o_time.c b/crypto/o_time.c index 6192743..a763b2c 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -109,6 +109,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 + if (gmtime_s(result, timer)) + return NULL; + ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); if (ts == NULL) diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h new file mode 100644 index 0000000..ac0ad50 --- /dev/null +++ b/crypto/opensslconf.h @@ -0,0 +1,270 @@ +/* opensslconf.h */ +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + +#ifdef __cplusplus +extern "C" { +#endif +/* OpenSSL was configured with the following options: */ +#ifndef OPENSSL_DOING_MAKEDEPEND + + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif +#ifndef OPENSSL_NO_JPAKE +# define OPENSSL_NO_JPAKE +#endif +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif +#ifndef OPENSSL_NO_LIBUNBOUND +# define OPENSSL_NO_LIBUNBOUND +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ + +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) +# define NO_EC_NISTP_64_GCC_128 +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) +# define NO_JPAKE +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) +# define NO_LIBUNBOUND +# endif +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) +# define NO_SCTP +# endif +# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) +# define NO_SSL_TRACE +# endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE +# endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif +# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) +# define NO_WEAK_SSL_CIPHERS +# endif +#endif + +#define OPENSSL_CPUID_OBJ + +/* crypto/opensslconf.h.in */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/local/ssl/lib/engines" +#define OPENSSLDIR "/usr/local/ssl" +#endif +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD <unistd.h> + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman <pgut001@cs.auckland.ac.nz> + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/crypto/opensslconf.h.bak b/crypto/opensslconf.h.bak new file mode 100644 index 0000000..9cb0f3f --- /dev/null +++ b/crypto/opensslconf.h.bak @@ -0,0 +1,265 @@ +/* opensslconf.h */ +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + +#ifdef __cplusplus +extern "C" { +#endif +/* OpenSSL was configured with the following options: */ +#ifndef OPENSSL_DOING_MAKEDEPEND + + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif +#ifndef OPENSSL_NO_JPAKE +# define OPENSSL_NO_JPAKE +#endif +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif +#ifndef OPENSSL_NO_LIBUNBOUND +# define OPENSSL_NO_LIBUNBOUND +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) +# define NO_EC_NISTP_64_GCC_128 +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) +# define NO_JPAKE +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) +# define NO_LIBUNBOUND +# endif +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) +# define NO_SCTP +# endif +# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) +# define NO_SSL_TRACE +# endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE +# endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif +# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) +# define NO_WEAK_SSL_CIPHERS +# endif +#endif + +/* crypto/opensslconf.h.in */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/local/ssl/lib/engines" +#define OPENSSLDIR "/usr/local/ssl" +#endif +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD <unistd.h> + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned long +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman <pgut001@cs.auckland.ac.nz> + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 77f124e..73d22b3 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020ffL +# define OPENSSL_VERSION_NUMBER 0x1000211fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q 20 Nov 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index aac72fb..9c1d939 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -int PEM_def_callback(char *buf, int num, int w, void *key); +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4d5f053..4ccc676 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); int pem_check_suffix(const char *pem_str, const char *suffix); -int PEM_def_callback(char *buf, int num, int w, void *key) +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) { -#ifdef OPENSSL_NO_FP_API - /* - * We should not ever call the default callback routine from windows. - */ - PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); -#else - int i, j; + int i, min_len; const char *prompt; - if (key) { - i = strlen(key); + + /* We assume that the user passes a default password as userdata */ + if (userdata) { + i = strlen(userdata); i = (i > num) ? num : i; - memcpy(buf, key, i); - return (i); + memcpy(buf, userdata, i); + return i; } prompt = EVP_get_pw_prompt(); if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - /* - * We assume that w == 0 means decryption, - * while w == 1 means encryption - */ - int min_len = w ? MIN_LENGTH : 0; + /* + * rwflag == 0 means decryption + * rwflag == 1 means encryption + * + * We assume that for encryption, we want a minimum length, while for + * decryption, we cannot know any minimum length, so we assume zero. + */ + min_len = rwflag ? MIN_LENGTH : 0; - i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); - return (-1); - } - j = strlen(buf); - if (min_len && j < min_len) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - min_len); - } else - break; + i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); + return -1; } - return (j); -#endif + return strlen(buf); } void PEM_proc_type(char *buf, int type) @@ -459,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else klen = callback(buf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return (0); } @@ -499,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char **header_pp = &header; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return (1); if (strncmp(header, "Proc-Type: ", 11) != 0) { diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index daf210f..ae18d26 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index e8b3a1b..a189cd2 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 1ce5a1e..f376f59 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -3,7 +3,7 @@ * 2005. */ /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 370ddbd..78c7f40 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -4,7 +4,7 @@ * 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -100,7 +100,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 0322df9..a074b94 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -4,7 +4,7 @@ * 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,7 +70,8 @@ PKCS12 *PKCS12_init(int mode) PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } - ASN1_INTEGER_set(pkcs12->version, 3); + if (!ASN1_INTEGER_set(pkcs12->version, 3)) + goto err; pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 0c5fcaa..866a863 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -185,7 +185,6 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) goto err; p7->d.signed_and_enveloped->enc_data->content_type diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index df44369..1643a74 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -157,10 +157,11 @@ rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_win.o: rand_win.c -randfile.o: ../../e_os.h ../../include/openssl/buffer.h -randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -randfile.o: ../../include/openssl/opensslconf.h +randfile.o: ../../e_os.h ../../include/openssl/bio.h +randfile.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +randfile.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -randfile.o: randfile.c +randfile.o: ../cryptlib.h randfile.c diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index a7af9f9..2983a3f 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -345,7 +345,6 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) static volatile int stirred_pool = 0; int i, j, k; size_t num_ceil, st_idx, st_num; - int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; EVP_MD_CTX m; @@ -400,14 +399,13 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) if (!initialized) { RAND_poll(); - initialized = 1; + initialized = (entropy >= ENTROPY_NEEDED); } if (!stirred_pool) do_stir_pool = 1; - ok = (entropy >= ENTROPY_NEEDED); - if (!ok) { + if (!initialized) { /* * If the PRNG state is not yet unpredictable, then seeing the PRNG * output may help attackers to determine the new state; thus we have @@ -446,7 +444,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); n -= MD_DIGEST_LENGTH; } - if (ok) + if (initialized) stirred_pool = 1; } @@ -539,7 +537,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); EVP_MD_CTX_cleanup(&m); - if (ok) + if (initialized) return (1); else if (pseudo) return 0; @@ -555,6 +553,18 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) return (0); } +/* + * Returns ssleay_rand_bytes(), enforcing a reseeding from the + * system entropy sources using RAND_poll() before generating +`* the random bytes. + */ + +int ssleay_rand_bytes_from_system(unsigned char *buf, int num) +{ + initialized = 0; + return ssleay_rand_bytes(buf, num, 0, 0); +} + static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) { return ssleay_rand_bytes(buf, num, 0, 1); @@ -600,10 +610,10 @@ static int ssleay_rand_status(void) if (!initialized) { RAND_poll(); - initialized = 1; + initialized = (entropy >= ENTROPY_NEEDED); } - ret = entropy >= ENTROPY_NEEDED; + ret = initialized; if (!do_not_lock) { /* before unlocking, we must clear 'crypto_lock_rand' */ diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index f9fda3e..7b4dbcf 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -154,5 +154,5 @@ # endif int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); - +int ssleay_rand_bytes_from_system(unsigned char *buf, int num); #endif diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 88a78d3..6094c83 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -185,7 +185,7 @@ int RAND_status(void) /* * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather - * entropy internally through RAND_poll(). + * entropy internally through RAND_poll()). */ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, @@ -196,6 +196,24 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, *pout = OPENSSL_malloc(min_len); if (!*pout) return 0; + + /* Enforces a reseed of the SSLEAY PRNG before generating random bytes */ + if (ssleay_rand_bytes_from_system(*pout, min_len) <= 0) { + OPENSSL_free(*pout); + *pout = NULL; + return 0; + } + return min_len; +} + +static size_t drbg_get_nonce(DRBG_CTX *ctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len) +{ + /* Round up request to multiple of block size */ + min_len = ((min_len + 19) / 20) * 20; + *pout = OPENSSL_malloc(min_len); + if (!*pout) + return 0; if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { OPENSSL_free(*pout); *pout = NULL; @@ -281,7 +299,7 @@ int RAND_init_fips(void) FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, 20, - drbg_get_entropy, drbg_free_entropy); + drbg_get_nonce, drbg_free_entropy); FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, drbg_rand_seed, drbg_rand_add); /* Personalisation string: a string followed by date time vector */ diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 728fd0a..c93812c 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -61,6 +61,7 @@ #include <stdlib.h> #include <string.h> +#include "cryptlib.h" #include "e_os.h" #include <openssl/crypto.h> #include <openssl/rand.h> @@ -327,14 +328,12 @@ const char *RAND_file_name(char *buf, size_t size) struct stat sb; #endif - if (OPENSSL_issetugid() == 0) - s = getenv("RANDFILE"); + s = ossl_safe_getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { if (BUF_strlcpy(buf, s, size) >= size) return NULL; } else { - if (OPENSSL_issetugid() == 0) - s = getenv("HOME"); + s = ossl_safe_getenv("HOME"); #ifdef DEFAULT_HOME if (s == NULL) { s = DEFAULT_HOME; diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index e292e84..6be73ed 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -153,7 +153,7 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index b147fff..be948a4 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -114,6 +114,7 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> +#include "bn_int.h" #ifndef RSA_NULL @@ -156,7 +157,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -223,8 +224,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, @@ -232,15 +233,10 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(ret); - i = BN_bn2bin(ret, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = bn_bn2binpad(ret, to, num); err: if (ctx != NULL) { BN_CTX_end(ctx); @@ -349,7 +345,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -436,8 +432,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, d = rsa->d; if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, @@ -459,15 +455,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, res = ret; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(res); - i = BN_bn2bin(res, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = bn_bn2binpad(res, to, num); err: if (ctx != NULL) { BN_CTX_end(ctx); @@ -485,7 +476,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int j, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -564,8 +554,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, d = rsa->d; if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) @@ -576,8 +566,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; - p = buf; - j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ + j = bn_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -592,7 +581,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, j, num); + memcpy(to, buf, (r = j)); break; default: RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -619,7 +608,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int i, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -672,8 +660,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, @@ -684,8 +672,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, if (!BN_sub(ret, rsa->n, ret)) goto err; - p = buf; - i = BN_bn2bin(ret, p); + i = bn_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -695,7 +682,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, i, num); + memcpy(to, buf, (r = i)); break; default: RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -721,7 +708,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BIGNUM *r1, *m1, *vrfy; BIGNUM local_dmp1, local_dmq1, local_c, local_r1; BIGNUM *dmp1, *dmq1, *c, *pr1; - int ret = 0; + int ret = 0, smooth = 0; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); @@ -750,20 +737,64 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) } if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, + p, ctx)) goto err; - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, + q, ctx)) goto err; + + smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) + && (BN_num_bits(q) == BN_num_bits(p)); } } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) + goto err; + + if (smooth) { + /* + * Conversion from Montgomery domain, a.k.a. Montgomery reduction, + * accepts values in [0-m*2^w) range. w is m's bit width rounded up + * to limb width. So that at the very least if |I| is fully reduced, + * i.e. less than p*q, we can count on from-to round to perform + * below modulo operations on |I|. Unlike BN_mod it's constant time. + */ + if (/* m1 = I moq q */ + !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx) + || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx) + /* m1 = m1^dmq1 mod q */ + || !BN_mod_exp_mont_consttime(m1, m1, rsa->dmq1, rsa->q, ctx, + rsa->_method_mod_q) + /* r1 = I mod p */ + || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx) + || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) + /* r1 = r1^dmp1 mod p */ + || !BN_mod_exp_mont_consttime(r1, r1, rsa->dmp1, rsa->p, ctx, + rsa->_method_mod_p) + /* r1 = (r1 - m1) mod p */ + /* + * bn_mod_sub_fixed_top is not regular modular subtraction, + * it can tolerate subtrahend to be larger than modulus, but + * not bit-wise wider. This makes up for uncommon q>p case, + * when |m1| can be larger than |rsa->p|. + */ + || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p) + + /* r1 = r1 * iqmp mod p */ + || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) + || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p, + ctx) + /* r0 = r1 * q + m1 */ + || !bn_mul_fixed_top(r0, r1, rsa->q, ctx) + || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n)) goto err; + goto tail; + } + /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { c = &local_c; @@ -841,10 +872,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0, r1, m1)) goto err; + tail: if (rsa->e && rsa->n) { - if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) - goto err; + if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { + if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + } else { + bn_correct_top(r0); + if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + } /* * If 'I' was greater than (or equal to) rsa->n, the operation will * be equivalent to using 'I mod n'. However, the result of the @@ -853,6 +892,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ if (!BN_sub(vrfy, vrfy, I)) goto err; + if (BN_is_zero(vrfy)) { + bn_correct_top(r0); + ret = 1; + goto err; /* not actually error */ + } if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; if (BN_is_negative(vrfy)) @@ -878,6 +922,15 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; } } + /* + * It's unfortunate that we have to bn_correct_top(r0). What hopefully + * saves the day is that correction is highly unlike, and private key + * operations are customarily performed on blinded message. Which means + * that attacker won't observe correlation with chosen plaintext. + * Secondly, remaining code would still handle it in same computational + * time and even conceal memory access pattern around corrected top. + */ + bn_correct_top(r0); ret = 1; err: BN_CTX_end(ctx); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 9a01b4a..3fb8f6b 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int plen, const EVP_MD *md, const EVP_MD *mgf1md) { - int i, dblen, mlen = -1, one_index = 0, msg_index; + int i, dblen = 0, mlen = -1, one_index = 0, msg_index; unsigned int good, found_one_byte; const unsigned char *maskedseed, *maskeddb; /* @@ -153,32 +153,41 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); - em = OPENSSL_malloc(num); - if (db == NULL || em == NULL) { + if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); goto cleanup; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); + if (flen != num) { + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memset(em, 0, num); + memcpy(em + num - flen, from, flen); + from = em; + } /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(em[0]); + good = constant_time_is_zero(from[0]); - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; + maskedseed = from + 1; + maskeddb = from + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 50397c3..5d7882a 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -98,6 +98,27 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, const unsigned char *p; p = from; + + /* + * The format is + * 00 || 01 || PS || 00 || D + * PS - padding string, at least 8 bytes of FF + * D - data. + */ + + if (num < 11) + return -1; + + /* Accept inputs with and without the leading 0-byte. */ + if (num == flen) { + if ((*p++) != 0x00) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, + RSA_R_INVALID_PADDING); + return -1; + } + flen--; + } + if ((num != (flen + 1)) || (*(p++) != 01)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_BLOCK_TYPE_IS_NOT_01); @@ -203,28 +224,31 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_malloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; + if (flen != num) { + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memset(em, 0, num); + memcpy(em + num - flen, from, flen); + from = em; } - memset(em, 0, num); - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memcpy(em + num - flen, from, flen); - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); + unsigned int equals0 = constant_time_is_zero(from[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -232,7 +256,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * PS must be at least 8 bytes long, and it starts two bytes into |from|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -261,7 +285,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, goto err; } - memcpy(to, em + msg_index, mlen); + memcpy(to, from + msg_index, mlen); err: if (em != NULL) { diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 82ca832..b7fff43 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, return 0; } #endif - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } /* Special case: SSL signature, just check the length */ @@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { + if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 746e01f..831f75a 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -112,6 +112,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return (-1); } + /* Accept even zero-padded input */ + if (flen == num) { + if (*(p++) != 0) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); + return -1; + } + flen--; + } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); return (-1); diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index e0b5d83..e29c33a 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -131,7 +131,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index e907714..1c3fb00 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -83,7 +83,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8a43590..4b4eb81 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -4,7 +4,7 @@ * OpenSSL project 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -509,6 +509,24 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef ENXIO + /* + * Solaris can return ENXIO. + * This should be ok + */ + if (errno == ENXIO) + is_a_tty = 0; + else +# endif +# ifdef EIO + /* + * Linux can return EIO. + * This should be ok + */ + if (errno == EIO) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), @@ -567,17 +585,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 6f0209a..9212076 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -128,7 +128,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir = (char *)getenv(X509_get_default_cert_dir_env()); + dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env()); if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 82ce4e8..e6d0e6e 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -97,7 +97,8 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = getenv(X509_get_default_cert_file_env()); + file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 49c71b9..2d82f8f 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b742480..3d18ea9 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -311,7 +311,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp, *tmp; int i, j; + if (ctx == NULL) + return 0; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); @@ -506,6 +510,10 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk; X509 *x; X509_OBJECT *obj; + + if (ctx->ctx == NULL) + return NULL; + sk = sk_X509_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); @@ -551,6 +559,11 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk; X509_CRL *x; X509_OBJECT *obj, xobj; + + + if (ctx->ctx == NULL) + return NULL; + sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); @@ -651,6 +664,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free_contents(&obj); + if (ctx->ctx == NULL) + return 0; + /* Else find index of first cert accepted by 'check_issued' */ ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b147201..da778d4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <ctype.h> #include <stdio.h> #include <time.h> #include <errno.h> @@ -620,7 +621,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) * A hack to keep people who don't want to modify their software * happy */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) + if (ossl_safe_getenv("OPENSSL_ALLOW_PROXY_CERTS")) allow_proxy_certs = 1; purpose = ctx->param->purpose; } @@ -693,10 +694,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) goto end; } } - /* Check pathlen if not self issued */ - if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) { + /* Check pathlen */ + if ((i > 1) && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; @@ -704,8 +704,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!ok) goto end; } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) + /* Increment path length if not a self issued intermediate CA */ + if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* * If this certificate is a proxy certificate, the next certificate @@ -1937,119 +1937,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24], buff2[24], *p; - int i, j, remaining; + static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; + static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; + ASN1_TIME *asn1_cmp_time = NULL; + int i, day, sec, ret = 0; - p = buff1; - remaining = ctm->length; - str = (char *)ctm->data; /* - * Note that the following (historical) code allows much more slack in the - * time format than RFC5280. In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC5280. + * In RFC5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ + * + * We do NOT currently enforce the following RFC 5280 requirement: + * "CAs conforming to this profile MUST always encode certificate + * validity dates through the year 2049 as UTCTime; certificate validity + * dates in 2050 or later MUST be encoded as GeneralizedTime." */ - if (ctm->type == V_ASN1_UTCTIME) { - /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ - int min_length = sizeof("YYMMDDHHMMZ") - 1; - int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + switch (ctm->type) { + case V_ASN1_UTCTIME: + if (ctm->length != (int)(utctime_length)) return 0; - memcpy(p, str, 10); - p += 10; - str += 10; - remaining -= 10; - } else { - /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ - int min_length = sizeof("YYYYMMDDHHMMZ") - 1; - int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + break; + case V_ASN1_GENERALIZEDTIME: + if (ctm->length != (int)(generalizedtime_length)) return 0; - memcpy(p, str, 12); - p += 12; - str += 12; - remaining -= 12; + break; + default: + return 0; } - if ((*str == 'Z') || (*str == '-') || (*str == '+')) { - *(p++) = '0'; - *(p++) = '0'; - } else { - /* SS (seconds) */ - if (remaining < 2) + /** + * Verify the format: the ASN.1 functions we use below allow a more + * flexible format than what's mandated by RFC 5280. + * Digit and date ranges will be verified in the conversion methods. + */ + for (i = 0; i < ctm->length - 1; i++) { + if (!isdigit(ctm->data[i])) return 0; - *(p++) = *(str++); - *(p++) = *(str++); - remaining -= 2; - /* - * Skip any (up to three) fractional seconds... - * TODO(emilia): in RFC5280, fractional seconds are forbidden. - * Can we just kill them altogether? - */ - if (remaining && *str == '.') { - str++; - remaining--; - for (i = 0; i < 3 && remaining; i++, str++, remaining--) { - if (*str < '0' || *str > '9') - break; - } - } - } - *(p++) = 'Z'; - *(p++) = '\0'; - - /* We now need either a terminating 'Z' or an offset. */ - if (!remaining) + if (ctm->data[ctm->length - 1] != 'Z') return 0; - if (*str == 'Z') { - if (remaining != 1) - return 0; - offset = 0; - } else { - /* (+-)HHMM */ - if ((*str != '+') && (*str != '-')) - return 0; - /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ - if (remaining != 5) - return 0; - if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || - str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') - return 0; - offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; - offset += (str[3] - '0') * 10 + (str[4] - '0'); - if (*str == '-') - offset = -offset; - } - atm.type = ctm->type; - atm.flags = 0; - atm.length = sizeof(buff2); - atm.data = (unsigned char *)buff2; - if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) - return 0; + /* + * There is ASN1_UTCTIME_cmp_time_t but no + * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, + * so we go through ASN.1 + */ + asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); + if (asn1_cmp_time == NULL) + goto err; + if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) + goto err; - if (ctm->type == V_ASN1_UTCTIME) { - i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); - if (i < 50) - i += 100; /* cf. RFC 2459 */ - j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); - if (j < 50) - j += 100; - - if (i < j) - return -1; - if (i > j) - return 1; - } - i = strcmp(buff1, buff2); - if (i == 0) /* wait a second then return younger :-) */ - return -1; - else - return i; + /* + * X509_cmp_time comparison is <=. + * The return value 0 is reserved for errors. + */ + ret = (day >= 0 && sec >= 0) ? -1 : 1; + + err: + ASN1_TIME_free(asn1_cmp_time); + return ret; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 96e629a..6d3aa8f 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -4,7 +4,7 @@ * 2001. */ /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -128,11 +128,10 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + + x509v3_cache_extensions(x); + + /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -397,10 +396,14 @@ static void x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; X509_EXTENSION *ex; - int i; - if (x->ex_flags & EXFLAG_SET) + + CRYPTO_w_lock(CRYPTO_LOCK_X509); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509); return; + } + #ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); #endif @@ -536,6 +539,7 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } /*- @@ -578,11 +582,7 @@ static int check_ca(const X509 *x) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -796,6 +796,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 4a7783d..dd6ae6e 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -335,6 +335,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B<must> be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> use subject key identifier to identify certificates instead of issuer name and @@ -648,17 +651,14 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B<keyopt> option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B<keyopt> option was first added in OpenSSL 1.0.2. -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. The -no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/doc/apps/config.pod b/doc/apps/config.pod index 3f607d3..b1300a9 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -21,7 +21,7 @@ started or end of file is reached. A section name can consist of alphanumeric characters and underscores. The first section of a configuration file is special and is referred -to as the B<default> section this is usually unnamed and is from the +to as the B<default> section. This section is usually unnamed and spans from the start of file until the first named section. When a name is being looked up it is first looked up in a named section (if any) and then the default section. diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index cdced1c..92efbf4 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -115,7 +115,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -text -noout + openssl crl -in crl.der -inform DER -text -noout =head1 BUGS diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 4d09fc0..2e24400 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -11,7 +11,7 @@ B<openssl> B<genpkey> [B<-out filename>] [B<-outform PEM|DER>] [B<-pass arg>] -[B<-cipher>] +[B<-I<cipher>>] [B<-engine id>] [B<-paramfile file>] [B<-algorithm alg>] @@ -34,21 +34,21 @@ used. =item B<-outform DER|PEM> -This specifies the output format DER or PEM. +This specifies the output format DER or PEM. The default format is PEM. =item B<-pass arg> -the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +The output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. -=item B<-cipher> +=item B<-I<cipher>> This option encrypts the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. =item B<-engine id> -specifying an engine (by its unique B<id> string) will cause B<genpkey> +Specifying an engine (by its unique B<id> string) will cause B<genpkey> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. If used this option should precede all other @@ -56,20 +56,33 @@ options. =item B<-algorithm alg> -public key algorithm to use such as RSA, DSA or DH. If used this option must +Public key algorithm to use such as RSA, DSA or DH. If used this option must precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> -are mutually exclusive. +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. + +Valid built-in algorithm names for private key generation are RSA and EC. + +Valid built-in algorithm names for parameter generation (see the B<-genparam> +option) are DH, DSA and EC. + +Note that the algorithm name X9.42 DH may be used as a synonym for the DH +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3 +or X9.42 DH parameters are required. See L<DH Parameter Generation Options> +below for more details. =item B<-pkeyopt opt:value> -set the public key algorithm option B<opt> to B<value>. The precise set of +Set the public key algorithm option B<opt> to B<value>. The precise set of options supported depends on the public key algorithm used and its -implementation. See B<KEY GENERATION OPTIONS> below for more details. +implementation. See L<KEY GENERATION OPTIONS> and +L<PARAMETER GENERATION OPTIONS> below for more details. =item B<-genparam> -generate a set of parameters instead of a private key. If used this option must -precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. +Generate a set of parameters instead of a private key. If used this option must +precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. =item B<-paramfile filename> @@ -92,7 +105,7 @@ The options supported by each algorith and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. -=head1 RSA KEY GENERATION OPTIONS +=head2 RSA Key Generation Options =over 4 @@ -107,48 +120,92 @@ hexadecimal value if preceded by B<0x>. Default value is 65537. =back -=head1 DSA PARAMETER GENERATION OPTIONS +=head2 EC Key Generation Options + +The EC key generation options can also be used for parameter generation. + +=over 4 + +=item B<ec_paramgen_curve:curve> + +The EC curve to use. OpenSSL supports NIST curve names such as "P-256". + +=item B<ec_param_enc:encoding> + +The encoding to use for parameters. The "encoding" parameter must be either +"named_curve" or "explicit". The default value is "named_curve". + +=back + +=head1 PARAMETER GENERATION OPTIONS + +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. + +=head2 DSA Parameter Generation Options =over 4 =item B<dsa_paramgen_bits:numbits> -The number of bits in the generated parameters. If not specified 1024 is used. +The number of bits in the generated prime. If not specified 1024 is used. + +=item B<dsa_paramgen_q_bits:numbits> + +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 160 is used. + +=item B<dsa_paramgen_md:digest> + +The digest to use during parameter generation. Must be one of B<sha1>, B<sha224> +or B<sha256>. If set, then the number of bits in B<q> will match the output size +of the specified digest and the B<dsa_paramgen_q_bits> parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224 +or B<sha256> if it is 256. =back -=head1 DH PARAMETER GENERATION OPTIONS +=head2 DH Parameter Generation Options =over 4 =item B<dh_paramgen_prime_len:numbits> -The number of bits in the prime parameter B<p>. +The number of bits in the prime parameter B<p>. The default is 1024. + +=item B<dh_paramgen_subprime_len:numbits> + +The number of bits in the sub prime parameter B<q>. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters. =item B<dh_paramgen_generator:value> -The value to use for the generator B<g>. +The value to use for the generator B<g>. The default is 2. + +=item B<dh_paramgen_type:value> + +The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0. =item B<dh_rfc5114:num> -If this option is set then the appropriate RFC5114 parameters are used +If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value B<num> can take the values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of 1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections -2.1, 2.2 and 2.3 respectively. +2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter +options. =back -=head1 EC PARAMETER GENERATION OPTIONS - -=over 4 - -=item B<ec_paramgen_curve:curve> - -the EC curve to use. +=head2 EC Parameter Generation Options -=back +The EC parameter generation options are the same as for key generation. See +L<EC Key Generation Options> above. =head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS @@ -179,8 +236,6 @@ numeric OID. Following parameter sets are supported: =back - - =head1 NOTES The use of the genpkey program is encouraged over the algorithm specific @@ -202,19 +257,25 @@ Generate a 2048 bit RSA key using 3 as the public exponent: openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ -pkeyopt rsa_keygen_pubexp:3 -Generate 1024 bit DSA parameters: +Generate 2048 bit DSA parameters: openssl genpkey -genparam -algorithm DSA -out dsap.pem \ - -pkeyopt dsa_paramgen_bits:1024 + -pkeyopt dsa_paramgen_bits:2048 Generate DSA key from parameters: openssl genpkey -paramfile dsap.pem -out dsakey.pem -Generate 1024 bit DH parameters: +Generate 2048 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ - -pkeyopt dh_paramgen_prime_len:1024 + -pkeyopt dh_paramgen_prime_len:2048 + +Generate 2048 bit X9.42 DH parameters: + + openssl genpkey -genparam -algorithm DH -out dhpx.pem \ + -pkeyopt dh_paramgen_prime_len:2048 \ + -pkeyopt dh_paramgen_type:1 Output RFC5114 2048 bit DH parameters with 224 bit subgroup: @@ -224,6 +285,16 @@ Generate DH key from parameters: openssl genpkey -paramfile dhp.pem -out dhkey.pem +Generate EC key directly: + + openssl genpkey -algorithm EC -out eckey.pem \ + -pkeyopt ec_paramgen_curve:P-384 \ + -pkeyopt ec_param_enc:named_curve + +=head1 HISTORY + +The ability to use NIST curve names, and to generate an EC key directly, +were added in OpenSSL 1.0.2. =cut diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 20b2f39..01c1c2e 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -393,8 +393,7 @@ option. For compatibility B<encrypt_rsa_key> is an equivalent option. =item B<default_md> This option specifies the digest algorithm to use. Possible values -include B<md5 sha1 mdc2>. If not present then MD5 is used. This -option can be overridden on the command line. +include B<md5 sha1 mdc2>. This option can be overridden on the command line. =item B<string_mask> diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index d2cad29..77cc071 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -141,8 +141,9 @@ pauses 1 second between each read and write call. =item B<-showcerts> -display the whole server certificate chain: normally only the server -certificate itself is displayed. +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +B<not> a verified chain. =item B<-prexit> @@ -354,7 +355,8 @@ a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the -B<-showcerts> option can be used to show the whole chain. +B<-showcerts> option can be used to show all the certificates sent by the +server. Since the SSLv23 client hello cannot include compression methods or extensions these will only be supported if its use is disabled, for example by using the diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 9916fc3..84777ee 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -49,6 +49,7 @@ B<openssl> B<s_server> [B<-no_ssl3>] [B<-no_tls1>] [B<-no_dhe>] +[B<-no_ecdhe>] [B<-bugs>] [B<-hack>] [B<-www>] @@ -144,6 +145,11 @@ a static set of parameters hard coded into the s_server program will be used. if this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites. +=item B<-no_ecdhe> + +if this option is set then no ECDH parameters will be selected, effectively +disabling the ephemeral ECDH cipher suites. + =item B<-no_tmp_rsa> certain export cipher suites sometimes use a temporary RSA key, this option diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod index b1de1d1..2830134 100644 --- a/doc/crypto/BIO_s_fd.pod +++ b/doc/crypto/BIO_s_fd.pod @@ -60,7 +60,7 @@ BIO_s_fd() returns the file descriptor BIO method. BIO_reset() returns zero for success and -1 if an error occurred. BIO_seek() and BIO_tell() return the current file position or -1 -is an error occurred. These values reflect the underlying lseek() +if an error occurred. These values reflect the underlying lseek() behaviour. BIO_set_fd() always returns 1. diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 88c7a79..02e5486 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -91,7 +91,9 @@ BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> BN_mul(). BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p % -m>). This function uses less time and space than BN_exp(). +m>). This function uses less time and space than BN_exp(). Do not call this +function when B<m> is even and any of the parameters have the +B<BN_FLG_CONSTTIME> flag set. BN_gcd() computes the greatest common divisor of I<a> and I<b> and places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index f6bb484..075aec3 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -39,8 +39,8 @@ numbers, the string is prefaced with a leading '-'. The string must be freed later using OPENSSL_free(). BN_hex2bn() converts the string B<str> containing a hexadecimal number -to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new -B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's +to a B<BIGNUM> and stores it in **B<a>. If *B<a> is NULL, a new +B<BIGNUM> is created. If B<a> is NULL, it only computes the number's length in hexadecimal digits. If the string starts with '-', the number is negative. A "negative zero" is converted to zero. diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index bf1b530..003d123 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -90,7 +90,17 @@ If B<do_trial_division == 0>, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B<nchecks> iterations. If B<nchecks == BN_prime_checks>, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B<nchecks> should be set to +64. If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called after the j-th iteration (j = 0, 1, ...). B<ctx> is a diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 1ee5b27..88e44d4 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -18,9 +18,8 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index b46c0e0..69fde81 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -51,7 +51,7 @@ CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set CMS_verify() can be used. -Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if +Although CMS_get0_SignerInfos() can return NULL if an error occurs B<or> if there are no signers this is not a problem in practice because the only error which can occur is if the B<cms> structure is not of type signedData due to application error. diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod index f546376..7a483ec 100644 --- a/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -48,7 +48,7 @@ CMS_verify(). CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred. -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. +CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred. CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index 5dfc733..340d195 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -20,8 +20,8 @@ digest B<dgst> using the private key B<dsa> and returns it in a newly allocated B<DSA_SIG> structure. L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part -of the signing operation in case signature generation is -time-critical. +of the signing operation for each signature in case signature generation +is time-critical. DSA_do_verify() verifies that the signature B<sig> matches a given message digest B<dgst> of size B<len>. B<dsa> is the signer's public diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index 97389e8..cd45ec5 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -31,6 +31,10 @@ in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing the old ones unless *B<kinvp> and *B<rp> are NULL. These values may be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>. B<ctx> is a pre-allocated B<BN_CTX> or NULL. +The precomputed values from DSA_sign_setup() B<MUST NOT be used> for +more than one signature: using the same B<dsa-E<gt>kinv> and +B<dsa-E<gt>r> pair twice under the same private key on different +plaintexts will result in permanently exposing the DSA private key. DSA_verify() verifies that the signature B<sigbuf> of size B<siglen> matches a given message digest B<dgst> of size B<len>. diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index 83e6589..7a3e84d 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with -EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B<type> may be NULL if the signing algorithm supports it. EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the signature context B<ctx>. This function can be called several times on the diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index 347c511..2e2c0fd 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized -with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the verification context B<ctx>. This function can be called several times on the diff --git a/doc/crypto/EVP_PKEY_verify_recover.pod b/doc/crypto/EVP_PKEY_verify_recover.pod index 399120e..23a28a9 100644 --- a/doc/crypto/EVP_PKEY_verify_recover.pod +++ b/doc/crypto/EVP_PKEY_verify_recover.pod @@ -29,7 +29,7 @@ B<rout> and the amount of data written to B<routlen>. =head1 NOTES Normally an application is only interested in whether a signature verification -operation is successful in those cases the EVP_verify() function should be +operation is successful in those cases the EVP_verify() function should be used. Sometimes however it is useful to obtain the data originally signed using a @@ -58,7 +58,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: EVP_PKEY_CTX *ctx; unsigned char *rout, *sig; - size_t routlen, siglen; + size_t routlen, siglen; EVP_PKEY *verify_key; /* NB: assumes verify_key, sig and siglen are already set up * and that verify_key is an RSA public key @@ -94,7 +94,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index b8d2896..c870bd4 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -42,7 +42,7 @@ constants. OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to an ASN1_OBJECT structure, its long name and its short name respectively, -or B<NULL> is an error occurred. +or B<NULL> if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object B<o>, the long name <ln> or the short name <sn> respectively diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod index f7ca7cb..02eabd7 100644 --- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -2,12 +2,14 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, SSLeay, SSLeay_version +- get OpenSSL version number =head1 SYNOPSIS #include <openssl/opensslv.h> #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" #include <openssl/crypto.h> long SSLeay(void); @@ -43,9 +45,12 @@ Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. - For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. +OPENSSL_VERSION_TEXT is the text variant of the version number and the +release date. For example, +"OpenSSL 1.0.1a 15 Oct 2015". + SSLeay() returns this number. The return value can be compared to the macro to make sure that the correct version of the library has been loaded, especially when using DLLs on Windows systems. diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod index 9d46715..7cdca1e 100644 --- a/doc/crypto/SMIME_read_PKCS7.pod +++ b/doc/crypto/SMIME_read_PKCS7.pod @@ -57,7 +57,7 @@ streaming single pass option should be available. =head1 RETURN VALUES SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL> -is an error occurred. The error can be obtained from ERR_get_error(3). +if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 46c071b..5708d90 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -112,6 +112,8 @@ using the public key B<eckey>. =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0 diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 763eb6f..de9ecca 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -342,7 +342,7 @@ for it twice) if B<rwflag> is 1. The B<u> parameter has the same value as the B<u> parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback -B<must> return the number of characters in the passphrase or 0 if +B<must> return the number of characters in the passphrase or -1 if an error occurred. =head1 EXAMPLES @@ -354,84 +354,77 @@ Read a certificate in PEM format from a BIO: X509 *x; x = PEM_read_bio_X509(bp, NULL, 0, NULL); - if (x == NULL) - { - /* Error */ - } + if (x == NULL) { + /* Error */ + } Alternative method: X509 *x = NULL; - if (!PEM_read_bio_X509(bp, &x, 0, NULL)) - { - /* Error */ - } + if (!PEM_read_bio_X509(bp, &x, 0, NULL)) { + /* Error */ + } Write a certificate to a BIO: - if (!PEM_write_bio_X509(bp, x)) - { - /* Error */ - } + if (!PEM_write_bio_X509(bp, x)) { + /* Error */ + } Write an unencrypted private key to a FILE pointer: - if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) - { - /* Error */ - } + if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) { + /* Error */ + } Write a private key (using traditional format) to a BIO using triple DES encryption, the pass phrase is prompted for: - if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) - { - /* Error */ - } + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) { + /* Error */ + } Write a private key (using PKCS#8 format) to a BIO using triple DES encryption, using the pass phrase "hello": - if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) - { - /* Error */ - } + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) { + /* Error */ + } Read a private key from a BIO using the pass phrase "hello": key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); - if (key == NULL) - { - /* Error */ - } + if (key == NULL) { + /* Error */ + } Read a private key from a BIO using a pass phrase callback: key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); - if (key == NULL) - { - /* Error */ - } + if (key == NULL) { + /* Error */ + } Skeleton pass phrase callback: - int pass_cb(char *buf, int size, int rwflag, void *u); - { - int len; - char *tmp; - /* We'd probably do something else if 'rwflag' is 1 */ - printf("Enter pass phrase for \"%s\"\n", u); - - /* get pass phrase, length 'len' into 'tmp' */ - tmp = "hello"; - len = strlen(tmp); - - if (len <= 0) return 0; - /* if too long, truncate */ - if (len > size) len = size; - memcpy(buf, tmp, len); - return len; - } + int pass_cb(char *buf, int size, int rwflag, void *u) + { + + /* We'd probably do something else if 'rwflag' is 1 */ + printf("Enter pass phrase for \"%s\"\n", u); + + /* get pass phrase, length 'len' into 'tmp' */ + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); + + if (len > size) + len = size; + memcpy(buf, tmp, len); + return len; + } =head1 NOTES diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt index 373e90d..2cb74ae 100644 --- a/doc/fingerprints.txt +++ b/doc/fingerprints.txt @@ -1,63 +1,24 @@ - Fingerprints +Fingerprints for Signing Releases -OpenSSL releases are signed with PGP/GnuPG keys. You can find the -signatures in separate files in the same location you find the -distributions themselves. The normal file name is the same as the -distribution file, with '.asc' added. For example, the signature for -the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in -the file openssl-1.0.1h.tar.gz.asc. +OpenSSL releases are signed with PGP/GnuPG keys. This file contains +the fingerprints of team members who are "authorized" to sign the +next release. + +The signature is a detached cleartxt signature, with the same name +as the release but with ".asc" appended. For example, release +1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature +in the file named openssl-1.0.1h.tar.gz.asc. The following is the list of fingerprints for the keys that are currently in use to sign OpenSSL distributions: -pub 1024D/F709453B 2003-10-20 - Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B -uid Richard Levitte <richard@levitte.org> +pub 4096R/7DF9EE8C 2014-10-04 + Key fingerprint = 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C +uid Richard Levitte <richard@opensslfoundation.com> uid Richard Levitte <levitte@openssl.org> -uid Richard Levitte <levitte@lp.se> - -pub 2048R/F295C759 1998-12-13 - Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97 -uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk> - -pub 4096R/FA40E9E2 2005-03-19 - Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2 -uid Dr Stephen Henson <shenson@opensslfoundation.com> -uid Dr Stephen Henson <shenson@drh-consultancy.co.uk> -uid Dr Stephen N Henson <steve@openssl.org> -sub 4096R/8811F530 2005-03-19 - -pub 1024R/49A563D9 1997-02-24 - Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF -uid Mark Cox <mjc@redhat.com> -uid Mark Cox <mark@awe.com> -uid Mark Cox <mjc@apache.org> - -pub 1024R/9C58A66D 1997-04-03 - Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67 -uid jaenicke@openssl.org -uid Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - -pub 1024D/2118CF83 1998-07-13 - Key fingerprint = 7656 55DE 62E3 96FF 2587 EB6C 4F6D E156 2118 CF83 -uid Ben Laurie <ben@thebunker.net> -uid Ben Laurie <ben@cryptix.org> -uid Ben Laurie <ben@algroup.co.uk> -sub 4096g/1F5143E7 1998-07-13 - -pub 1024R/5A6A9B85 1994-03-22 - Key fingerprint = C7 AC 7E AD 56 6A 65 EC F6 16 66 83 7E 86 68 28 -uid Bodo Moeller <2005@bmoeller.de> -uid Bodo Moeller <2003@bmoeller.de> -uid Bodo Moeller <2004@bmoeller.de> -uid Bodo Moeller <bmoeller@acm.org> -uid Bodo Moeller <bodo@openssl.org> -uid Bodo Moeller <bm@ulf.mali.sub.org> -uid Bodo Moeller <3moeller@informatik.uni-hamburg.de> -uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de> -uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de> +uid Richard Levitte <richard@openssl.com> pub 2048R/0E604491 2013-04-30 Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 +uid Matt Caswell <matt@openssl.org> uid Matt Caswell <frodo@baggins.org> - diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod new file mode 100644 index 0000000..5bf5111 --- /dev/null +++ b/doc/man3/X509_cmp_time.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +X509_cmp_time - X509 time functions + +=head1 SYNOPSIS + + X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); + +=head1 DESCRIPTION + +X509_cmp_time() compares the ASN1_TIME in B<asn1_time> with the time in +<cmp_time>. + +B<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., +its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. + +If B<cmp_time> is NULL the current time is used. + +=head1 BUGS + +Unlike many standard comparison functions, X509_cmp_time returns 0 on error. + +=head1 RETURN VALUES + +X509_cmp_time() returns -1 if B<asn1_time> is earlier than, or equal to, +B<cmp_time>, and 1 otherwise. It returns 0 on error. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index 80321b8..800423e 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -142,6 +142,13 @@ L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>. of view, it however does not make sense as the data in the certificate is considered public anyway.) +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call L<SSL_CTX_check_private_key(3)> or +L<SSL_check_private_key(3)> as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. + =head1 RETURN VALUES On success, the functions return 1. diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9..7697d27 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -2,7 +2,10 @@ =head1 NAME -SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs +SSL_get_ciphers, +SSL_get_cipher_list, +SSL_get_shared_ciphers +- get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -10,6 +13,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -22,6 +26,19 @@ listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are available, or there are less ciphers than B<priority> available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B<buf> is +the buffer that should be populated with the list of names and B<size> is the +size of that buffer. A pointer to B<buf> is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (for +example some ciphers may not be usable by a server if there is not a suitable +certificate configured). This function will return available shared ciphersuites +whether or not they are enabled. This is a server side function only and must +only be called after the completion of the initial handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers() can be obtained using diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod index 0c41caa..921d316 100644 --- a/doc/ssl/SSL_get_session.pod +++ b/doc/ssl/SSL_get_session.pod @@ -28,6 +28,11 @@ count of the B<SSL_SESSION> is incremented by one. The ssl session contains all information required to re-establish the connection without a new handshake. +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or L<SSL_shutdown(3)> is not called prior to +L<SSL_free(3)>. + SSL_get0_session() returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod index 9ae6f25..f0c696c 100644 --- a/doc/ssl/SSL_get_version.pod +++ b/doc/ssl/SSL_get_version.pod @@ -13,7 +13,9 @@ SSL_get_version - get the protocol version of a connection. =head1 DESCRIPTION SSL_get_version() returns the name of the protocol used for the -connection B<ssl>. +connection B<ssl>. It should only be called after the initial handshake has been +completed. Prior to that the results returned from this function may be +unreliable. =head1 RETURN VALUES @@ -43,7 +45,7 @@ The connection uses the TLSv1.2 protocol. =item unknown -This indicates that no version has been set (no connection established). +This indicates an unknown protocol version. =back diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 70cca17..5408d61 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -572,7 +572,7 @@ connection defined in the B<SSL> structure. =item SSL_SESSION *B<SSL_get_session>(const SSL *ssl); -=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len); +=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int size); =item int B<SSL_get_shutdown>(const SSL *ssl); diff --git a/engines/e_capi.c b/engines/e_capi.c index 8c08872..7ec6de6 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -900,6 +900,8 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *tmpbuf; CAPI_KEY *capi_key; CAPI_CTX *ctx; + DWORD flags = 0; + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n"); @@ -910,12 +912,23 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, return -1; } - if (padding != RSA_PKCS1_PADDING) { - char errstr[10]; - BIO_snprintf(errstr, 10, "%d", padding); - CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); - ERR_add_error_data(2, "padding=", errstr); - return -1; + switch (padding) { + case RSA_PKCS1_PADDING: + /* Nothing to do */ + break; +#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK + case RSA_NO_PADDING: + flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK; + break; +#endif + default: + { + char errstr[10]; + BIO_snprintf(errstr, 10, "%d", padding); + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); + ERR_add_error_data(2, "padding=", errstr); + return -1; + } } /* Create temp reverse order version of input */ @@ -927,14 +940,17 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, tmpbuf[flen - i - 1] = from[i]; /* Finally decrypt it */ - if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) { + if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &flen)) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); capi_addlasterror(); + OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return -1; - } else + } else { memcpy(to, tmpbuf, flen); + } + OPENSSL_cleanse(tmpbuf, flen); OPENSSL_free(tmpbuf); return flen; diff --git a/openssl.spec b/openssl.spec index 81c414b..f1061be 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,12 +1,13 @@ %define _unpackaged_files_terminate_build 0 %define debug_package %{nil} + Release: 1 %define openssldir /var/ssl Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2o +Version: 1.0.2q Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/packaging/openssl.spec b/packaging/openssl.spec index 6fe4728..2adfa02 100644 --- a/packaging/openssl.spec +++ b/packaging/openssl.spec @@ -5,7 +5,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2o +Version: 1.0.2q Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL and Apache-2.0 and BSD-3-Clause Group: Security/Crypto Libraries diff --git a/ssl/d1_both.c b/ssl/d1_both.c index e6bc761..8888bed 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -4,7 +4,7 @@ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -656,7 +656,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) al = dtls1_preprocess_fragment(s, &frag->msg_header, max); - if (al == 0) { /* no alert */ + /* al will be 0 if no alert */ + if (al == 0 && frag->msg_header.frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index f5deddf..23aa9db 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -293,14 +293,12 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return (-1); } - /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + /* Must be a duplicate so ignore it */ if (rdata->rbuf.buf != NULL) OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return (-1); } return (1); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7e27dae..10c6db6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -4228,8 +4228,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_ECDSA int have_ecdsa_sign = 0; #endif +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) int nostrict = 1; +#endif +#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \ + !defined(OPENSSL_NO_ECDH) unsigned long alg_k; +#endif /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { @@ -4238,8 +4243,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) } /* get configured sigalgs */ siglen = tls12_get_psigalgs(s, 1, &sig); +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) nostrict = 0; +#endif for (i = 0; i < siglen; i += 2, sig += 2) { switch (sig[1]) { case TLSEXT_signature_rsa: @@ -4257,7 +4264,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) } } +#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \ + !defined(OPENSSL_NO_ECDH) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; +#endif #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 96d973c..7034018 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1959,11 +1959,12 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { + size_t len = strlen(s->ctx->psk_identity_hint); + /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + s2n(len, p); + memcpy(p, s->ctx->psk_identity_hint, len); + p += len; } #endif @@ -2090,6 +2091,11 @@ int ssl3_send_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; nl = tls12_get_psigalgs(s, 1, &psigs); + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } s2n(nl, p); memcpy(p, psigs, nl); p += nl; @@ -2106,6 +2112,11 @@ int ssl3_send_certificate_request(SSL *s) for (i = 0; i < sk_X509_NAME_num(sk); i++) { name = sk_X509_NAME_value(sk, i); j = i2d_X509_NAME(name, NULL); + if (j > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } if (!BUF_MEM_grow_clean (buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, @@ -2127,6 +2138,11 @@ int ssl3_send_certificate_request(SSL *s) n += j; nl += j; } + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } } } /* else no CA names */ @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -548,7 +548,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used * to load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to @@ -2149,7 +2149,7 @@ int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); int SSL_get_wfd(const SSL *s); const char *SSL_get_cipher_list(const SSL *s, int n); -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); int SSL_get_read_ahead(const SSL *s); int SSL_pending(const SSL *s); # ifndef OPENSSL_NO_SOCK @@ -2954,6 +2954,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_KRB5_S_TKT_NYV 294 # define SSL_R_KRB5_S_TKT_SKEW 295 # define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ccdf00f..58dcddf 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1406,11 +1406,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str, static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { - unsigned int suiteb_flags = 0, suiteb_comb2 = 0; + unsigned int suiteb_flags = 0; +# ifndef OPENSSL_NO_ECDH + unsigned int suiteb_comb2 = 0; +#endif + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { +# ifndef OPENSSL_NO_ECDH suiteb_comb2 = 1; +# endif suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3a6c1b1..cfcfe76 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -58,7 +58,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1404,28 +1404,37 @@ int SSL_set_cipher_list(SSL *s, const char *str) } /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) { char *p; - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; SSL_CIPHER *c; int i; - if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) - return (NULL); + if (!s->server + || s->session == NULL + || s->session->ciphers == NULL + || size < 2) + return NULL; p = buf; - sk = s->session->ciphers; + clntsk = s->session->ciphers; + srvrsk = SSL_get_ciphers(s); + if (clntsk == NULL || srvrsk == NULL) + return NULL; - if (sk_SSL_CIPHER_num(sk) == 0) + if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) return NULL; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { int n; - c = sk_SSL_CIPHER_value(sk, i); + c = sk_SSL_CIPHER_value(clntsk, i); + if (sk_SSL_CIPHER_find(srvrsk, c) < 0) + continue; + n = strlen(c->name); - if (n + 1 > len) { + if (n + 1 > size) { if (p != buf) --p; *p = '\0'; @@ -1434,7 +1443,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) strcpy(p, c->name); p += n; *(p++) = ':'; - len -= n + 1; + size -= n + 1; } p[-1] = '\0'; return (buf); @@ -2250,10 +2259,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int rsa_tmp_export, dh_tmp_export, kl; unsigned long mask_k, mask_a, emask_k, emask_a; #ifndef OPENSSL_NO_ECDSA - int have_ecc_cert, ecdsa_ok, ecc_pkey_size; + int have_ecc_cert, ecdsa_ok; #endif #ifndef OPENSSL_NO_ECDH - int have_ecdh_tmp, ecdh_ok; + int have_ecdh_tmp, ecdh_ok, ecc_pkey_size; #endif #ifndef OPENSSL_NO_EC X509 *x = NULL; @@ -2396,7 +2405,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (!(cpk->valid_flags & CERT_PKEY_SIGN)) ecdsa_ok = 0; ecc_pkey = X509_get_pubkey(x); +# ifndef OPENSSL_NO_ECDH ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; +# endif EVP_PKEY_free(ecc_pkey); if ((x->sig_alg) && (x->sig_alg->algorithm)) { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); @@ -2458,7 +2469,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECDH int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index aeffc00..43789ad 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -259,6 +259,8 @@ c[1]=(unsigned char)(((l)>> 8)&0xff), \ c[2]=(unsigned char)(((l) )&0xff)),c+=3) +# define SSL_MAX_2_BYTE_LEN (0xffff) + /* LOCAL STUFF */ # define SSL_DECRYPT 0 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 75c2f41..55f918d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -500,7 +500,11 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - if (!s->server || s->cert->ecdh_tmp_auto) { + if (!s->server +# ifndef OPENSSL_NO_ECDH + || s->cert->ecdh_tmp_auto +# endif + ) { *pcurves = eccurves_auto; pcurveslen = sizeof(eccurves_auto); } else { @@ -2408,8 +2412,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, goto err; if (!tls1_save_sigalgs(s, data, dsize)) goto err; - } else if (type == TLSEXT_TYPE_status_request) { - + } else if (type == TLSEXT_TYPE_status_request && !s->hit) { if (size < 5) goto err; @@ -3166,7 +3169,7 @@ int tls1_set_server_sigalgs(SSL *s) if (!s->cert->shared_sigalgs) { SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, SSL_R_NO_SHARED_SIGATURE_ALGORITHMS); - al = SSL_AD_ILLEGAL_PARAMETER; + al = SSL_AD_HANDSHAKE_FAILURE; goto err; } } else diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index dc62df8..3e6194a 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2012 The OpenSSL Project. All rights reserved. + * Copyright (c) 2012-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -645,6 +645,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, BIO_puts(bio, "No Extensions\n"); return 1; } + if (msglen < 2) + return 0; extslen = (msg[0] << 8) | msg[1]; if (extslen != msglen - 2) return 0; @@ -1021,6 +1023,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, msglen -= xlen + 2; skip_sig: + if (msglen < 2) + return 0; xlen = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent, 80); if (msglen < xlen + 2) @@ -1209,7 +1213,15 @@ void SSL_trace(int write_p, int version, int content_type, switch (content_type) { case SSL3_RT_HEADER: { - int hvers = msg[1] << 8 | msg[2]; + int hvers; + + /* avoid overlapping with length at the end of buffer */ + if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) { + BIO_puts(bio, write_p ? "Sent" : "Received"); + ssl_print_hex(bio, 0, " too short message", msg, msglen); + break; + } + hvers = msg[1] << 8 | msg[2]; BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", ssl_trace_str(hvers, ssl_version_tbl), hvers); diff --git a/test/Makefile b/test/Makefile index a1f7eeb..55a6b50 100644 --- a/test/Makefile +++ b/test/Makefile @@ -74,7 +74,7 @@ BADDTLSTEST= bad_dtls_test SSLV2CONFTEST = sslv2conftest DTLSTEST = dtlstest FATALERRTEST = fatalerrtest - +X509TIMETEST = x509_time_test TESTS= alltests EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ @@ -88,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ $(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \ - $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT) + $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT) $(X509TIMETEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -103,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ $(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \ - $(BADDTLSTEST).o $(FATALERRTEST).o + $(BADDTLSTEST).o $(FATALERRTEST).o $(X509TIMETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -115,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ $(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \ - $(BADDTLSTEST).c $(FATALERRTEST).c + $(BADDTLSTEST).c $(FATALERRTEST).c $(X509TIMETEST).c EXHEADER= HEADER= testutil.h ssltestlib.h $(EXHEADER) @@ -160,7 +160,7 @@ alltests: \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \ - test_dtls test_bad_dtls test_fatalerr + test_dtls test_bad_dtls test_fatalerr test_x509_time test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -378,6 +378,10 @@ test_fatalerr: $(FATALERRTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem +test_x509_time: $(X509TIMETEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(X509TIMETEST) + test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(SSLV2CONFTEST) @@ -569,6 +573,9 @@ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) +$(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o + @target=$(X509TIMETEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o @target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -1012,3 +1019,15 @@ wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h wp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h wp_test.o: ../include/openssl/whrlpool.h wp_test.c +x509_time_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +x509_time_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +x509_time_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +x509_time_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +x509_time_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h +x509_time_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +x509_time_test.o: ../include/openssl/opensslconf.h +x509_time_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +x509_time_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +x509_time_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509_time_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +x509_time_test.o: ../include/openssl/x509_vfy.h testutil.h x509_time_test.c diff --git a/test/cms-test.pl b/test/cms-test.pl index baa3b59..86042ac 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -3,7 +3,7 @@ # project. # # ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -100,6 +100,13 @@ my $no_ec2m; my $no_ecdh; my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; +system ("$ossl_path no-cms > $null_path"); +if ($? == 0) + { + print STDERR "CMS disabled. skipping...\n"; + exit 0; + } + system ("$ossl_path no-ec > $null_path"); if ($? == 0) { diff --git a/test/evptests.txt b/test/evptests.txt new file mode 100644 index 0000000..4e9958b --- /dev/null +++ b/test/evptests.txt @@ -0,0 +1,401 @@ +#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) +#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt) +#digest:::input:output + +# SHA(1) tests (from shatest.c) +SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d + +# MD5 tests (from md5test.c) +MD5::::d41d8cd98f00b204e9800998ecf8427e +MD5:::61:0cc175b9c0f1b6a831c399e269772661 +MD5:::616263:900150983cd24fb0d6963f7d28e17f72 +MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0 +MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b +MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f +MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a + +# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 + +# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 + +# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 + +# AES 128 ECB tests (from NIST test vectors, encrypt) + +#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 + +# AES 128 ECB tests (from NIST test vectors, decrypt) + +#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 + +# AES 192 ECB tests (from NIST test vectors, decrypt) + +#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 + +# AES 256 ECB tests (from NIST test vectors, decrypt) + +#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 + +# AES 128 CBC tests (from NIST test vectors, encrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 + +# AES 192 CBC tests (from NIST test vectors, encrypt) + +#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 + +# AES 256 CBC tests (from NIST test vectors, encrypt) + +#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 + +# AES 128 CBC tests (from NIST test vectors, decrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 + +# AES tests from NIST document SP800-38A +# For all ECB encrypts and decrypts, the transformed sequence is +# AES-bits-ECB:key::plaintext:ciphertext:encdec +# ECB-AES128.Encrypt and ECB-AES128.Decrypt +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 +# ECB-AES192.Encrypt and ECB-AES192.Decrypt +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E +# ECB-AES256.Encrypt and ECB-AES256.Decrypt +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 +# For all CBC encrypts and decrypts, the transformed sequence is +# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-AES128.Encrypt and CBC-AES128.Decrypt +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 +# CBC-AES192.Encrypt and CBC-AES192.Decrypt +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD +# CBC-AES256.Encrypt and CBC-AES256.Decrypt +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B +# We don't support CFB{1,8}-AESxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-AES128.Encrypt +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1 +# CFB128-AES128.Decrypt +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0 +# CFB128-AES192.Encrypt +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1 +# CFB128-AES192.Decrypt +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0 +# CFB128-AES256.Encrypt +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1 +# CFB128-AES256.Decrypt +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0 +# For all OFB encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-AES128.Encrypt +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 +# OFB-AES128.Decrypt +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 +# OFB-AES192.Encrypt +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 +# OFB-AES192.Decrypt +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 +# OFB-AES256.Encrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 +# OFB-AES256.Decrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 + +# AES Counter test vectors from RFC3686 +aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 +aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 +aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 + +aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1 +aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1 +aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1 + +aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 +aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 +aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 + +# DES ECB tests (from destest) + +DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 +DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58 +DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B +DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533 +DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D +DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD +DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4 + +# DESX-CBC tests (from destest) +DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + +# DES EDE3 CBC tests (from destest) +DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + +# RC4 tests (from rc4test) +RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 +RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 +RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a +RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 +RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf +RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 + + +# Camellia tests from RFC3713 +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 +CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 +CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 + +# ECB-CAMELLIA128.Encrypt +CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 +CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 +CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B + +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 + +# CFB128-CAMELLIA128.Decrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 + +# CFB128-CAMELLIA192.Encrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 + +# CFB128-CAMELLIA192.Decrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 + +# CFB128-CAMELLIA256.Encrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 + +# CFB128-CAMELLIA256.Decrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 + +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 + +# OFB-CAMELLIA128.Decrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 + +# OFB-CAMELLIA192.Encrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 + +# OFB-CAMELLIA192.Decrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 + +# OFB-CAMELLIA256.Encrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 + +# OFB-CAMELLIA256.Decrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 + +# SEED test vectors from RFC4269 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 + +# AES CCM 256 bit key +aes-256-ccm:1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e:5b8e40746f6b98e00f1d13ff41:53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a:9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726:c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0:2024931d73bca480c24a24ece6b6c2bf + +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000::::58e2fccefa7e3061367f1d57a4e7455a +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78::ab6e47d42cec13bdf53a67b21257bddf +aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985::4d5c2af327cd64a62cf35abd2ba6fab4 +aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091:feedfacedeadbeeffeedfacedeadbeefabaddad2:5bc94fbc3221a5db94fae95ae7121a47 +aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598:feedfacedeadbeeffeedfacedeadbeefabaddad2:3612d2e79e3b0785561be14aaca2fccb +aes-128-gcm:feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5:feedfacedeadbeeffeedfacedeadbeefabaddad2:619cc5aefffe0bfa462af43c1699d050 +aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000::::cd33b28ac773f74ba00ed1f312572435 +aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:98e7247c07f0fe411c267e4384b0f600::2ff58d80033927ab8ef4d4587514f0fb +aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256::9924a7c8587336bfb118024db8674a14 +aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710:feedfacedeadbeeffeedfacedeadbeefabaddad2:2519498e80f1478f37ba55bd6d27618c +aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7:feedfacedeadbeeffeedfacedeadbeefabaddad2:65dcc57fcf623a24094fcca40d3533f8 +aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b:feedfacedeadbeeffeedfacedeadbeefabaddad2:dcf566ff291c25bbb8568fc3d376a6d9 +aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000::::530f8afbc74536b9a963b4f1c4cb738b +aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:cea7403d4d606b6e074ec5d3baf39d18::d0d1c8a799996bf0265b98b5d48ab919 +aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad::b094dac5d93471bdec1a502270e3cc6c +aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662:feedfacedeadbeeffeedfacedeadbeefabaddad2:76fc6ece0f4e1768cddf8853bb2d551b +aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f:feedfacedeadbeeffeedfacedeadbeefabaddad2:3a337dbf46a792c45e454913fe2ea8f2 +aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f:feedfacedeadbeeffeedfacedeadbeefabaddad2:a44a8266ee1c8eb0c8b5d4cf5ae9f19a +# local add-ons, primarily streaming ghash tests +# 128 bytes aad +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:::d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad:5fea793a2d6f974d37e68e0cb8ff9492 +# 48 bytes plaintext +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0::9dd0a376b08e40eb00c35f29f9ea61a4 +# 80 bytes plaintext +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291::98885a3a22bd4742fe7b72172193b163 +# 128 bytes plaintext +aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40::cac45f60e31efd3b5a43b98a22ce1aa1 +# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +aes-128-gcm:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606::566f8ef683078bfdeeffa869d751a017 +# 80 bytes plaintext, submitted by Intel +aes-128-gcm:843ffcf5d2b72694d19ed01d01249412:dbcca32ebf9b804617c3aa9e:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f:6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5:00000000000000000000000000000000101112131415161718191a1b1c1d1e1f:3b629ccfbc1119b7319e1dce2cd6fd6d + +# AES XTS test vectors from IEEE Std 1619-2007 +aes-128-xts:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000:917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e +aes-128-xts:1111111111111111111111111111111122222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 +aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:00000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:01000000000000000000000000000000:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:02000000000000000000000000000000:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd:fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fd000000000000000000000000000000:8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fe000000000000000000000000000000:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a +aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:ff000000000000000000000000000000:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a:3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd + +aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ff000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 +aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffff0000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 +aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffff00000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 +aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffff000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 +aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffffff0000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 + +aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10:6c1625db4671522d3d7599601de7ca09ed +aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f1011:d069444b7a7e0cab09e24447d24deb1fedbf +aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f101112:e5df1351c0544ba1350b3363cd8ef4beedbf9d +aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10111213:9d84c813f719aa2c7be3f66171c7c5c2edbf9dac +aes-128-xts:e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf:21436587a90000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 +# AES wrap tests from RFC3394 +id-aes128-wrap:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 +id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D +id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 +id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 +id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 +id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 diff --git a/test/maketests.com b/test/maketests.com index f4e418b..c0e1730 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -151,7 +151,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ - "CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ - "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST,"+ - - "BAD_DTLS_TEST,FATALERRTEST" + "BAD_DTLS_TEST,FATALERRTEST,X509_TIME_TEST" $! $! Additional directory information. $ T_D_BNTEST := [-.crypto.bn] diff --git a/test/recipes/60-test_x509_time.t b/test/recipes/60-test_x509_time.t new file mode 100644 index 0000000..e812cd0 --- /dev/null +++ b/test/recipes/60-test_x509_time.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_x509_time", "x509_time_test"); diff --git a/test/ssltest_old b/test/ssltest_old Binary files differdeleted file mode 100755 index 3e3a27d..0000000 --- a/test/ssltest_old +++ /dev/null diff --git a/test/tests.com b/test/tests.com index 27b01b6..21867bf 100644 --- a/test/tests.com +++ b/test/tests.com @@ -58,7 +58,7 @@ $ tests := - test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,- test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,- test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,- - test_dtls,test_bad_dtls,test_fatalerr + test_dtls,test_bad_dtls,test_fatalerr,test_x509_time $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -107,6 +107,7 @@ $ BADDTLSTEST := bad_dtls_test $ SSLV2CONFTEST := sslv2conftest $ DTLSTEST := dtlstest $ FATALERRTEST := fatalerrtest +$ X509TIMETEST := x509_time_test $! $ tests_i = 0 $ loop_tests: @@ -415,6 +416,11 @@ $ write sys$output "''START' test_fatalerrtest" $ mcr 'texe_dir''fatalerrtest' 'ROOT'.APPS]server.pem 'ROOT'.APPS]server.pem $ return $ +$ test_x509_time: +$ write sys$output "''START' test_x509_time" +$ mcr 'texe_dir''x509timetest' +$ return +$ $ test_sslv2conftest: $ write sys$output "''START' test_sslv2conftest" $ mcr 'texe_dir''sslv2conftest' diff --git a/test/testssl b/test/testssl index 21bc4d8..8bea40a 100644 --- a/test/testssl +++ b/test/testssl @@ -172,14 +172,18 @@ for protocol in TLSv1.2 SSLv3; do test_cipher $cipher $protocol done echo "testing connection with weak DH, expecting failure" - if [ $protocol = "SSLv3" ] ; then - $ssltest -cipher EDH -dhe512 -ssl3 + if [ $protocol = "SSLv3" ] && ../util/shlib_wrap.sh ../apps/openssl no-ssl3; then + echo "skipping weak DH test for disabled protocol" else - $ssltest -cipher EDH -dhe512 - fi - if [ $? -eq 0 ]; then - echo "FAIL: connection with weak DH succeeded" - exit 1 + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi fi fi if ../util/shlib_wrap.sh ../apps/openssl no-ec; then diff --git a/test/v3ext b/test/v3ext Binary files differdeleted file mode 100755 index 09a0c3a..0000000 --- a/test/v3ext +++ /dev/null diff --git a/test/x509_time_test.c b/test/x509_time_test.c new file mode 100644 index 0000000..68fb427 --- /dev/null +++ b/test/x509_time_test.c @@ -0,0 +1,212 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Tests for X509 time functions */ + +#include <string.h> +#include <time.h> + +#include <openssl/asn1.h> +#include <openssl/x509.h> +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *data; + int type; + time_t cmp_time; + /* -1 if asn1_time <= cmp_time, 1 if asn1_time > cmp_time, 0 if error. */ + int expected; +} TESTDATA; + +static TESTDATA x509_cmp_tests[] = { + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second less. */ + 1487354513, 1, + }, + /* Same as UTC time. */ + { + "170217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 1487354513, 1, + }, + /* UTCTime from the 20th century. */ + { + "990217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 919274514, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 919274515, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 919274513, 1, + }, + /* Various invalid formats. */ + { + /* No trailing Z. */ + "20170217180154", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No trailing Z, UTCTime. */ + "170217180154", V_ASN1_UTCTIME, 0, 0, + }, + { + /* No seconds. */ + "201702171801Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No seconds, UTCTime. */ + "1702171801Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Fractional seconds. */ + "20170217180154.001Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Fractional seconds, UTCTime. */ + "170217180154.001Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Timezone offset. */ + "20170217180154+0100", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Timezone offset, UTCTime. */ + "170217180154+0100", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Extra digits. */ + "2017021718015400Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Extra digits, UTCTime. */ + "17021718015400Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Non-digits. */ + "2017021718015aZ", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Non-digits, UTCTime. */ + "17021718015aZ", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Trailing garbage. */ + "20170217180154Zlongtrailinggarbage", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Trailing garbage, UTCTime. */ + "170217180154Zlongtrailinggarbage", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "20170217180154Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "170217180154Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Bad type. */ + "20170217180154Z", V_ASN1_OCTET_STRING, 0, 0, + }, +}; + +static int test_x509_cmp_time(int idx) +{ + ASN1_TIME t; + int result; + + memset(&t, 0, sizeof(t)); + t.type = x509_cmp_tests[idx].type; + t.data = (unsigned char*)(x509_cmp_tests[idx].data); + t.length = strlen(x509_cmp_tests[idx].data); + + result = X509_cmp_time(&t, &x509_cmp_tests[idx].cmp_time); + if (result != x509_cmp_tests[idx].expected) { + fprintf(stderr, "test_x509_cmp_time(%d) failed: expected %d, got %d\n", + idx, x509_cmp_tests[idx].expected, result); + return 0; + } + return 1; +} + +static int test_x509_cmp_time_current() +{ + time_t now = time(NULL); + /* Pick a day earlier and later, relative to any system clock. */ + ASN1_TIME *asn1_before = NULL, *asn1_after = NULL; + int cmp_result, failed = 0; + + asn1_before = ASN1_TIME_adj(NULL, now, -1, 0); + asn1_after = ASN1_TIME_adj(NULL, now, 1, 0); + + cmp_result = X509_cmp_time(asn1_before, NULL); + if (cmp_result != -1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected -1, got %d\n", + cmp_result); + failed = 1; + } + + cmp_result = X509_cmp_time(asn1_after, NULL); + if (cmp_result != 1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected 1, got %d\n", + cmp_result); + failed = 1; + } + + ASN1_TIME_free(asn1_before); + ASN1_TIME_free(asn1_after); + + return failed == 0; +} + +int main(int argc, char **argv) +{ + int ret = 0; + unsigned int idx; + + if (!test_x509_cmp_time_current()) + ret = 1; + + for (idx=0 ; idx < sizeof(x509_cmp_tests)/sizeof(x509_cmp_tests[0]) ; ++idx) { + if (!test_x509_cmp_time(idx)) + ret = 1; + } + + if (ret == 0) + printf("PASS\n"); + return ret; +} diff --git a/test/x509aux b/test/x509aux Binary files differdeleted file mode 100755 index 35378a8..0000000 --- a/test/x509aux +++ /dev/null diff --git a/tools/c_rehash b/tools/c_rehash new file mode 100644 index 0000000..6a27c02 --- /dev/null +++ b/tools/c_rehash @@ -0,0 +1,210 @@ +#!/usr/bin/perl + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl"; + +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -help.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if(! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + print "unlink $_" if $verbose; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + open IN,"<$fname" or die "can't open $fname for read"; + open OUT,">$hash" or die "can't open $hash for write"; + print OUT <IN>; # does the job for small text files + close OUT; + close IN; + print "copy $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + system ("cp", $fname, $hash); + print "cp $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + diff --git a/tools/c_rehash.bak b/tools/c_rehash.bak new file mode 100644 index 0000000..6a27c02 --- /dev/null +++ b/tools/c_rehash.bak @@ -0,0 +1,210 @@ +#!/usr/bin/perl + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl"; + +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -help.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if(! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + print "unlink $_" if $verbose; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + open IN,"<$fname" or die "can't open $fname for read"; + open OUT,">$hash" or die "can't open $hash for write"; + print OUT <IN>; # does the job for small text files + close OUT; + close IN; + print "copy $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + symlink $fname, $hash; + print "link $fname -> $hash\n" if $verbose; + } else { + system ("cp", $fname, $hash); + print "cp $fname -> $hash\n" if $verbose; + } + $hashlist{$hash} = $fprint; +} + @@ -6,8 +6,11 @@ TOP=$1 shift if [ "$1" = "-MD" ]; then shift - MAKEDEPEND=$1 - shift + MAKEDEPEND="" + while [ "$1" != "--" ]; do + MAKEDEPEND="$MAKEDEPEND $1" + shift + done fi if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi @@ -16,8 +19,11 @@ mv Makefile Makefile.save cp Makefile.save Makefile # fake the presence of Kerberos touch $TOP/krb5.h -if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null || - echo $MAKEDEPEND | grep "gcc" > /dev/null; then +if expr "$MAKEDEPEND" : ".*makedepend" > /dev/null; then + ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ + ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new + RC=$? +else args="" while [ $# -gt 0 ]; do if [ "$1" != "--" ]; then args="$args $1"; fi @@ -29,10 +35,6 @@ if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null || ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new RC=$? rm -f Makefile.tmp -else - ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ - ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new - RC=$? fi if cmp -s Makefile.save Makefile.new; then mv Makefile.save Makefile diff --git a/util/libeay.num b/util/libeay.num index f5b4f21..2e52214 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4431,3 +4431,4 @@ EVP_PKEY_meth_get_decrypt 4785 EXIST::FUNCTION: EVP_PKEY_meth_get_cleanup 4786 EXIST::FUNCTION: EVP_PKEY_meth_get_encrypt 4787 EXIST::FUNCTION: EVP_PKEY_meth_get_copy 4788 EXIST::FUNCTION: +ossl_safe_getenv 4789 EXIST::FUNCTION: |