diff options
241 files changed, 10032 insertions, 3537 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cf88779 --- /dev/null +++ b/.gitignore @@ -0,0 +1,120 @@ +# Object files +*.o +*.obj + +# editor artefacts +*.swp +.#* +#*# +*~ +/.dir-locals.el + +# Top level excludes +/Makefile.bak +/Makefile +/MINFO +/*.a +/include +/*.pc +/rehash.time +/inc.* +/makefile.* +/out.* +/tmp.* + +# Most *.c files under test/ are symlinks +/test/*.c +# Apart from these +!/test/asn1test.c +!/test/methtest.c +!/test/dummytest.c +!/test/igetest.c +!/test/r160test.c +!/test/fips_algvs.c +!/test/ssltestlib.c + +/test/*.ss +/test/*.srl +/test/.rnd +/test/test*.pem +/test/newkey.pem + +# Certificate symbolic links +*.0 + +# Links under apps +/apps/CA.pl +/apps/md4.c + + +# Auto generated headers +/crypto/buildinf.h +/crypto/opensslconf.h + +# Auto generated assembly language source files +*.s +!/crypto/bn/asm/pa-risc2.s +!/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm + +# Executables +/apps/openssl +/test/sha256t +/test/sha512t +/test/*test +/test/fips_aesavs +/test/fips_desmovs +/test/fips_dhvs +/test/fips_drbgvs +/test/fips_dssvs +/test/fips_ecdhvs +/test/fips_ecdsavs +/test/fips_rngvs +/test/fips_test_suite +*.so* +*.dylib* +*.dll* +# Exceptions +!/test/bctest +!/crypto/des/times/486-50.sol + +# Misc auto generated files +/tools/c_rehash +/test/evptests.txt +lib +Makefile.save +*.bak +tags +TAGS + +# Windows +/tmp32 +/tmp32.dbg +/tmp32dll +/tmp32dll.dbg +/out32 +/out32.dbg +/out32dll +/out32dll.dbg +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc diff --git a/.travis-create-release.sh b/.travis-create-release.sh new file mode 100644 index 0000000..0404fc1 --- /dev/null +++ b/.travis-create-release.sh @@ -0,0 +1,10 @@ +#! /bin/sh + +# $1 is expected to be $TRAVIS_OS_NAME + +if [ "$1" == osx ]; then + make -f Makefile.org \ + DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist +else + make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist +fi diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..c3e035e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,69 @@ +language: c + +addons: + apt_packages: + - binutils-mingw-w64 + - gcc-mingw-w64 + +os: + - linux + +compiler: + - clang + - gcc + - i686-w64-mingw32-gcc + - x86_64-w64-mingw32-gcc + +env: + - CONFIG_OPTS="" + - CONFIG_OPTS="shared" + - CONFIG_OPTS="-d --strict-warnings" + +matrix: + exclude: + - os: osx + compiler: i686-w64-mingw32-gcc + - os: osx + compiler: x86_64-w64-mingw32-gcc + - compiler: i686-w64-mingw32-gcc + env: CONFIG_OPTS="-d --strict-warnings" + - compiler: x86_64-w64-mingw32-gcc + env: CONFIG_OPTS="-d --strict-warnings" + +before_script: + - sh .travis-create-release.sh $TRAVIS_OS_NAME + - tar -xvzf _srcdist.tar.gz + - cd _srcdist + - if [ "$CC" == i686-w64-mingw32-gcc ]; then + export CROSS_COMPILE=${CC%%gcc}; unset CC; + ./Configure mingw $CONFIG_OPTS; + elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then + export CROSS_COMPILE=${CC%%gcc}; unset CC; + ./Configure mingw64 $CONFIG_OPTS; + else + if [ "$CC" == gcc ]; then + export CONFIG_OPTS="$CONFIG_OPTS -Wno-error=shadow"; + fi; + ./config $CONFIG_OPTS; + fi + - cd .. + +script: + - cd _srcdist + - if make ; then + echo -e '+\057 MAKE OK'; + else + echo -e '+\057 MAKE FAILED'; false; + fi; + - if [ -z "$CROSS_COMPILE" ]; then + if make test; then + echo -e '+\057\057 MAKE TEST OK'; + else + echo -e '+\057\057 MAKE TEST FAILED'; false; + fi; + fi + - cd .. + +notifications: + email: + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" @@ -2,6 +2,50 @@ OpenSSL CHANGES _______________ + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.0.2l and 1.0.2m [2 Nov 2017] + + *) bn_sqrx8x_internal carry bug on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. + + This only affects processors that support the BMI1, BMI2 and ADX extensions + like Intel Broadwell (5th generation) and later or AMD Ryzen. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3736) + [Andy Polyakov] + + *) Malformed X.509 IPAddressFamily could cause OOB read + + If an X.509 certificate has a malformed IPAddressFamily extension, + OpenSSL could do a one-byte buffer overread. The most likely result + would be an erroneous display of the certificate in text format. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3735) + [Rich Salz] + + Changes between 1.0.2k and 1.0.2l [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read @@ -109,7 +109,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; # TODO(openssl-team): fix problems and investigate if (at least) the following # warnings can also be enabled: @@ -2041,12 +2041,13 @@ EOF close(OUT); } else { my $make_command = "$make PERL=\'$perl\'"; - my $make_targets = ""; - $make_targets .= " links" if $symlink; - $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; - $make_targets .= " gentests" if $symlink; - (system $make_command.$make_targets) == 0 or exit $? - if $make_targets ne ""; + my @make_targets = (); + push @make_targets, "links" if $symlink; + push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend; + push @make_targets, "gentests" if $symlink; + foreach my $make_target (@make_targets) { + (system "$make_command $make_target") == 0 or exit $?; + } if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); @@ -2056,8 +2057,8 @@ EOF &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { - $warn_make_depend++; - } + $warn_make_depend++; + } } # create the ms/version32.rc file if needed @@ -190,10 +190,8 @@ the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, try removing any compiler optimization flags from the CFLAG line - in Makefile.ssl and run "make clean; make". Please send a bug - report to <openssl-bugs@openssl.org>, including the output of - "make report" in order to be added to the request tracker at - http://www.openssl.org/support/rt.html. + in Makefile.ssl and run "make clean; make". To report a bug please open an + issue on GitHub, at https://github.com/openssl/openssl/issues. 4. If everything tests ok, install OpenSSL with @@ -2,7 +2,7 @@ LICENSE ISSUES ============== - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + The OpenSSL toolkit stays under a double license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile b/Makefile deleted file mode 100644 index 0b894ff..0000000 --- a/Makefile +++ /dev/null @@ -1,684 +0,0 @@ -### Generated automatically from Makefile.org by Configure. - -## -## Makefile for OpenSSL -## - -VERSION=1.0.2k -MAJOR=1 -MINOR=0.2 -SHLIB_VERSION_NUMBER=1.0.0 -SHLIB_VERSION_HISTORY= -SHLIB_MAJOR=1 -SHLIB_MINOR=0.0 -SHLIB_EXT= -PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=dist -SHLIB_TARGET= - -# HERE indicates where this Makefile lives. This can be used to indicate -# where sub-Makefiles are expected to be. Currently has very limited usage, -# and should probably not be bothered with at all. -HERE=. - -# INSTALL_PREFIX is for package builders so that they can configure -# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. -# Normally it is left empty. -INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl - -# Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl - -# NO_IDEA - Define to build without the IDEA algorithm -# NO_RC4 - Define to build without the RC4 algorithm -# NO_RC2 - Define to build without the RC2 algorithm -# THREADS - Define when building with threads, you will probably also need any -# system defines as well, i.e. _REENTERANT for Solaris 2.[34] -# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. -# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. -# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). -# DEVRANDOM - Give this the value of the 'random device' if your OS supports -# one. 32 bytes will be read from this when the random -# number generator is initalised. -# SSL_FORBID_ENULL - define if you want the server to be not able to use the -# NULL encryption ciphers. -# -# LOCK_DEBUG - turns on lots of lock debug output :-) -# REF_CHECK - turn on some xyz_free() assertions. -# REF_PRINT - prints some stuff on structure free. -# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff -# MFUNC - Make all Malloc/Free/Realloc calls call -# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to -# call application defined callbacks via CRYPTO_set_mem_functions() -# MD5_ASM needs to be defined to use the x86 assembler for MD5 -# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 -# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 -# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must -# equal 4. -# PKCS1_CHECK - pkcs1 tests. - -CC= cc -CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -PEX_LIBS= -EX_LIBS= -EXE_EXT= -ARFLAGS= -AR= ar $(ARFLAGS) r -RANLIB= /usr/bin/ranlib -RC= windres -NM= nm -PERL= /usr/bin/perl -TAR= tar -TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend -LIBDIR=lib - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAG=$(CFLAG) - -# For x86 assembler: Set PROCESSOR to 386 if you want to support -# the 80386. -PROCESSOR= - -# CPUID module collects small commonly used assembler snippets -CPUID_OBJ= mem_clr.o -BN_ASM= bn_asm.o -EC_ASM= -DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes_core.o aes_cbc.o -BF_ENC= bf_enc.o -CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o rc4_skey.o -RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= -RMD160_ASM_OBJ= -WP_ASM_OBJ= wp_block.o -CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o -MODES_ASM_OBJ= -ENGINES_ASM_OBJ= -PERLASM_SCHEME= - -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= - -# Zlib stuff -ZLIB_INCLUDE= -LIBZLIB= - -# TOP level FIPS install directory. -FIPSDIR=/usr/local/ssl/fips-2.0 - -# This is the location of fipscanister.o and friends. -# The FIPS module build will place it $(INSTALLTOP)/lib -# but since $(INSTALLTOP) can only take the default value -# when the module is built it will be in /usr/local/ssl/lib -# $(INSTALLTOP) for this build may be different so hard -# code the path. - -FIPSLIBDIR= - -# The location of the library which contains fipscanister.o -# normally it will be libcrypto unless fipsdso is set in which -# case it will be libfips. If not compiling in FIPS mode at all -# this is empty making it a useful test for a FIPS compile. - -FIPSCANLIB= - -# Shared library base address. Currently only used on Windows. -# - -BASEADDR=0xFB00000 - -DIRS= crypto ssl engines apps test tools -ENGDIRS= ccgost -SHLIBDIRS= crypto ssl - -# dirs in crypto to build -SDIRS= \ - objects \ - md4 md5 sha mdc2 hmac ripemd whrlpool \ - des aes rc2 rc4 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts srp cmac -# keep in mind that the above list is adjusted by ./Configure -# according to no-xxx arguments... - -# tests to perform. "alltests" is a special word indicating that all tests -# should be performed. -TESTS = alltests - -MAKEFILE= Makefile - -MANDIR=$(OPENSSLDIR)/man -MAN1=1 -MAN3=3 -MANSUFFIX= -HTMLSUFFIX=html -HTMLDIR=$(OPENSSLDIR)/html -SHELL=/bin/sh - -TOP= . -ONEDIRS=out tmp -EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS -WDIRS= windows -LIBS= libcrypto.a libssl.a -SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -SHARED_SSL=libssl$(SHLIB_EXT) -SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= - -GENERAL= Makefile -BASENAME= openssl -NAME= $(BASENAME)-$(VERSION) -TARFILE= ../$(NAME).tar -EXHEADER= e_os2.h -HEADER= e_os.h - -all: Makefile build_all - -# as we stick to -e, CLEARENV ensures that local variables in lower -# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -# shell, which [annoyingly enough] terminates unset with error if VAR -# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, -# which terminates unset with error if no variable was present:-( -CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ - $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ - $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ - $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ - $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ - $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ - $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ - $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \ - $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ - $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \ - $${APPS+APPS} - -# LC_ALL=C ensures that error [and other] messages are delivered in -# same language for uniform treatment. -BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ - CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ - AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ - RC='$(RC)' \ - CROSS_COMPILE='$(CROSS_COMPILE)' \ - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ - SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ - INSTALL_PREFIX='$(INSTALL_PREFIX)' \ - INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ - LIBDIR='$(LIBDIR)' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ - MAKEDEPPROG='$(MAKEDEPPROG)' \ - SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ - ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ - EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ - SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ - PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ - CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \ - EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ - AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ - BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ - RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ - SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ - MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ - RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ - WP_ASM_OBJ='$(WP_ASM_OBJ)' \ - MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ - ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \ - PERLASM_SCHEME='$(PERLASM_SCHEME)' \ - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSDIR='${FIPSDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= -# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, -# which in turn eliminates ambiguities in variable treatment with -e. - -# BUILD_CMD is a generic macro to build a given target in a given -# subdirectory. The target must be given through the shell variable -# `target' and the subdirectory to build in must be given through `dir'. -# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or -# BUILD_ONE_CMD instead. -# -# BUILD_ONE_CMD is a macro to build a given target in a given -# subdirectory if that subdirectory is part of $(DIRS). It requires -# exactly the same shell variables as BUILD_CMD. -# -# RECURSIVE_BUILD_CMD is a macro to build a given target in all -# subdirectories defined in $(DIRS). It requires that the target -# is given through the shell variable `target'. -BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ - ) || exit 1; \ - fi -RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done -BUILD_ONE_CMD=\ - if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ - $(BUILD_CMD); \ - fi - -reflect: - @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) - -sub_all: build_all - -build_all: build_libs build_apps build_tests build_tools - -build_libs: build_libcrypto build_libssl openssl.pc - -build_libcrypto: build_crypto build_engines libcrypto.pc -build_libssl: build_ssl libssl.pc - -build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) -build_ssl: build_crypto - @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: build_crypto - @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: build_libs - @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: build_libs - @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: build_libs - @dir=tools; target=all; $(BUILD_ONE_CMD) - -all_testapps: build_libs build_testapps -build_testapps: - @dir=crypto; target=testapps; $(BUILD_ONE_CMD) - -fips_premain_dso$(EXE_EXT): libcrypto.a - [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \ - -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \ - $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ - libcrypto.a $(EX_LIBS) - -libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_LIBCRYPTO=libcrypto.a ; \ - FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ - export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ - fi; \ - $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ - (touch -c fips_premain_dso$(EXE_EXT) || :); \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -clean-shared: - @set -e; for i in $(SHLIBDIRS); do \ - if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for j in $${tmp:-x}; do \ - ( set -x; rm -f lib$$i$$j ); \ - done; \ - fi; \ - ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ - fi; \ - done - -link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ - libs="$$libs -l$$i"; \ - done - -build-shared: do_$(SHLIB_TARGET) link-shared - -do_$(SHLIB_TARGET): - @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ - if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ - libs="-l$$i $$libs"; \ - done - -libcrypto.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo 'enginesdir=$${libdir}/engines'; \ - echo ''; \ - echo 'Name: OpenSSL-libcrypto'; \ - echo 'Description: OpenSSL cryptography library'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc - -libssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires.private: libcrypto'; \ - echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - -openssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: libssl libcrypto' ) > openssl.pc - -Makefile: Makefile.org Configure config - @echo "Makefile is older than Makefile.org, Configure or config." - @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." - @false - -libclean: - rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib - -clean: libclean - rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @set -e; target=clean; $(RECURSIVE_BUILD_CMD) - rm -f $(LIBS) - rm -f openssl.pc libssl.pc libcrypto.pc - rm -f speed.* .pure - rm -f $(TARFILE) - @set -e; for i in $(ONEDIRS) ;\ - do \ - rm -fr $$i/*; \ - done - -makefile.one: files - $(PERL) util/mk1mf.pl >makefile.one; \ - sh util/do_ms.sh - -files: - $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO - @set -e; target=files; $(RECURSIVE_BUILD_CMD) - -links: - @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl - @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @set -e; target=links; $(RECURSIVE_BUILD_CMD) - -gentests: - @(cd test && echo "generating dummy tests (if needed)..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); - -dclean: - rm -rf *.bak include/openssl certs/.0 - @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) - -rehash: rehash.time -rehash.time: certs apps - @if [ -z "$(CROSS_COMPILE)" ]; then \ - (OPENSSL="`pwd`/util/opensslwrap.sh"; \ - [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs/demo) && \ - touch rehash.time; \ - else :; fi - -test: tests - -tests: rehash - @(cd test && echo "testing..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); - OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a - -report: - @$(PERL) util/selftest.pl - -update: errors stacks util/libeay.num util/ssleay.num TABLE - @set -e; target=update; $(RECURSIVE_BUILD_CMD) - -depend: - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) - -lint: - @set -e; target=lint; $(RECURSIVE_BUILD_CMD) - -tags: - rm -f TAGS - find . -name '[^.]*.[ch]' | xargs etags -a - -errors: - $(PERL) util/ck_errf.pl -strict */*.c */*/*.c - $(PERL) util/mkerr.pl -recurse -write - (cd engines; $(MAKE) PERL=$(PERL) errors) - -stacks: - $(PERL) util/mkstack.pl -write - -util/libeay.num:: - $(PERL) util/mkdef.pl crypto update - -util/ssleay.num:: - $(PERL) util/mkdef.pl ssl update - -TABLE: Configure - (echo 'Output of `Configure TABLE'"':"; \ - $(PERL) Configure TABLE) > TABLE - -# Build distribution tar-file. As the list of files returned by "find" is -# pretty long, on several platforms a "too many arguments" error or similar -# would occur. Therefore the list of files is temporarily stored into a file -# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal -# tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ - --owner 0 --group 0 \ - --transform 's|^|$(NAME)/|' \ - -cvf - - -$(TARFILE).list: - find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ - \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ - \! -name '.#*' \! -name '*~' \! -type l \ - | sort > $(TARFILE).list - -tar: $(TARFILE).list - find . -type d -print | xargs chmod 755 - find . -type f -print | xargs chmod a+r - find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best > $(TARFILE).gz - rm -f $(TARFILE).list - ls -l $(TARFILE).gz - -tar-snap: $(TARFILE).list - $(TAR_COMMAND) > $(TARFILE) - rm -f $(TARFILE).list - ls -l $(TARFILE) - -dist: - $(PERL) Configure dist - @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar - -install: all install_docs install_sw - -install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - @set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ - ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ - fi; \ - done; - @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ - tmp="$(SHARED_LIBS)"; \ - for i in $${tmp:-x}; \ - do \ - if [ -f "$$i" -o -f "$$i.a" ]; then \ - ( echo installing $$i; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ - cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - else \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - fi ); \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ - ( case $$i in \ - *crypto*) i=libeay32.dll;; \ - *ssl*) i=ssleay32.dll;; \ - esac; \ - echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ - fi; \ - fi; \ - done; \ - ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ - $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ - if [ "$(INSTALLTOP)" != "/usr" ]; then \ - echo 'OpenSSL shared libraries have been installed in:'; \ - echo ' $(INSTALLTOP)'; \ - echo ''; \ - sed -e '1,/^$$/d' doc/openssl-shared.txt; \ - fi; \ - fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc - -install_html_docs: - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - for subdir in apps crypto ssl; do \ - mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - for i in doc/$$subdir/*.pod; do \ - fn=`basename $$i .pod`; \ - echo "installing html/$$fn.$(HTMLSUFFIX)"; \ - cat $$i \ - | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ - | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ - | sed -r 's/<!DOCTYPE.*//g' \ - > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ - done); \ - done; \ - done - -install_docs: - @$(PERL) $(TOP)/util/mkdir-p.pl \ - $(INSTALL_PREFIX)$(MANDIR)/man1 \ - $(INSTALL_PREFIX)$(MANDIR)/man3 \ - $(INSTALL_PREFIX)$(MANDIR)/man5 \ - $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - set -e; for i in doc/apps/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done; \ - set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/Makefile.bak b/Makefile.bak deleted file mode 100644 index 402333e..0000000 --- a/Makefile.bak +++ /dev/null @@ -1,684 +0,0 @@ -### Generated automatically from Makefile.org by Configure. - -## -## Makefile for OpenSSL -## - -VERSION=1.0.2k -MAJOR=1 -MINOR=0.2 -SHLIB_VERSION_NUMBER=1.0.0 -SHLIB_VERSION_HISTORY= -SHLIB_MAJOR=1 -SHLIB_MINOR=0.0 -SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -PLATFORM=linux-x86_64 -OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack -SHLIB_TARGET=linux-shared - -# HERE indicates where this Makefile lives. This can be used to indicate -# where sub-Makefiles are expected to be. Currently has very limited usage, -# and should probably not be bothered with at all. -HERE=. - -# INSTALL_PREFIX is for package builders so that they can configure -# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. -# Normally it is left empty. -INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl - -# Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl - -# NO_IDEA - Define to build without the IDEA algorithm -# NO_RC4 - Define to build without the RC4 algorithm -# NO_RC2 - Define to build without the RC2 algorithm -# THREADS - Define when building with threads, you will probably also need any -# system defines as well, i.e. _REENTERANT for Solaris 2.[34] -# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. -# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. -# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). -# DEVRANDOM - Give this the value of the 'random device' if your OS supports -# one. 32 bytes will be read from this when the random -# number generator is initalised. -# SSL_FORBID_ENULL - define if you want the server to be not able to use the -# NULL encryption ciphers. -# -# LOCK_DEBUG - turns on lots of lock debug output :-) -# REF_CHECK - turn on some xyz_free() assertions. -# REF_PRINT - prints some stuff on structure free. -# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff -# MFUNC - Make all Malloc/Free/Realloc calls call -# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to -# call application defined callbacks via CRYPTO_set_mem_functions() -# MD5_ASM needs to be defined to use the x86 assembler for MD5 -# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 -# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 -# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must -# equal 4. -# PKCS1_CHECK - pkcs1 tests. - -CC= gcc -CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -PEX_LIBS= -EX_LIBS= -ldl -EXE_EXT= -ARFLAGS= -AR= ar $(ARFLAGS) r -RANLIB= /usr/bin/ranlib -RC= windres -NM= nm -PERL= /usr/bin/perl -TAR= tar -TARFLAGS= --no-recursion -MAKEDEPPROG= gcc -LIBDIR=lib - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAG=$(CFLAG) - -# For x86 assembler: Set PROCESSOR to 386 if you want to support -# the 80386. -PROCESSOR= - -# CPUID module collects small commonly used assembler snippets -CPUID_OBJ= x86_64cpuid.o -BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o -DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -BF_ENC= bf_enc.o -CAST_ENC= c_enc.o -RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o -RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= md5-x86_64.o -SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -RMD160_ASM_OBJ= -WP_ASM_OBJ= wp-x86_64.o -CMLL_ENC= cmll-x86_64.o cmll_misc.o -MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o -ENGINES_ASM_OBJ= -PERLASM_SCHEME= elf - -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= - -# Zlib stuff -ZLIB_INCLUDE= -LIBZLIB= - -# TOP level FIPS install directory. -FIPSDIR=/usr/local/ssl/fips-2.0 - -# This is the location of fipscanister.o and friends. -# The FIPS module build will place it $(INSTALLTOP)/lib -# but since $(INSTALLTOP) can only take the default value -# when the module is built it will be in /usr/local/ssl/lib -# $(INSTALLTOP) for this build may be different so hard -# code the path. - -FIPSLIBDIR= - -# The location of the library which contains fipscanister.o -# normally it will be libcrypto unless fipsdso is set in which -# case it will be libfips. If not compiling in FIPS mode at all -# this is empty making it a useful test for a FIPS compile. - -FIPSCANLIB= - -# Shared library base address. Currently only used on Windows. -# - -BASEADDR=0xFB00000 - -DIRS= crypto ssl engines apps test tools -ENGDIRS= ccgost -SHLIBDIRS= crypto ssl - -# dirs in crypto to build -SDIRS= \ - objects \ - md4 md5 sha mdc2 hmac ripemd whrlpool \ - des aes rc2 rc4 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts srp cmac -# keep in mind that the above list is adjusted by ./Configure -# according to no-xxx arguments... - -# tests to perform. "alltests" is a special word indicating that all tests -# should be performed. -TESTS = alltests - -MAKEFILE= Makefile - -MANDIR=$(OPENSSLDIR)/man -MAN1=1 -MAN3=3 -MANSUFFIX= -HTMLSUFFIX=html -HTMLDIR=$(OPENSSLDIR)/html -SHELL=/bin/sh - -TOP= . -ONEDIRS=out tmp -EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS -WDIRS= windows -LIBS= libcrypto.a libssl.a -SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -SHARED_SSL=libssl$(SHLIB_EXT) -SHARED_LIBS= -SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so -SHARED_LDFLAGS=-m64 - -GENERAL= Makefile -BASENAME= openssl -NAME= $(BASENAME)-$(VERSION) -TARFILE= ../$(NAME).tar -EXHEADER= e_os2.h -HEADER= e_os.h - -all: Makefile build_all - -# as we stick to -e, CLEARENV ensures that local variables in lower -# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -# shell, which [annoyingly enough] terminates unset with error if VAR -# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, -# which terminates unset with error if no variable was present:-( -CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ - $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ - $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ - $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ - $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ - $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ - $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ - $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \ - $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ - $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \ - $${APPS+APPS} - -# LC_ALL=C ensures that error [and other] messages are delivered in -# same language for uniform treatment. -BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ - CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ - AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ - RC='$(RC)' \ - CROSS_COMPILE='$(CROSS_COMPILE)' \ - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ - SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ - INSTALL_PREFIX='$(INSTALL_PREFIX)' \ - INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ - LIBDIR='$(LIBDIR)' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ - MAKEDEPPROG='$(MAKEDEPPROG)' \ - SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ - ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ - EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ - SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ - PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ - CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \ - EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ - AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ - BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ - RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ - SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ - MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ - RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ - WP_ASM_OBJ='$(WP_ASM_OBJ)' \ - MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ - ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \ - PERLASM_SCHEME='$(PERLASM_SCHEME)' \ - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSDIR='${FIPSDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= -# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, -# which in turn eliminates ambiguities in variable treatment with -e. - -# BUILD_CMD is a generic macro to build a given target in a given -# subdirectory. The target must be given through the shell variable -# `target' and the subdirectory to build in must be given through `dir'. -# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or -# BUILD_ONE_CMD instead. -# -# BUILD_ONE_CMD is a macro to build a given target in a given -# subdirectory if that subdirectory is part of $(DIRS). It requires -# exactly the same shell variables as BUILD_CMD. -# -# RECURSIVE_BUILD_CMD is a macro to build a given target in all -# subdirectories defined in $(DIRS). It requires that the target -# is given through the shell variable `target'. -BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ - ) || exit 1; \ - fi -RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done -BUILD_ONE_CMD=\ - if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ - $(BUILD_CMD); \ - fi - -reflect: - @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) - -sub_all: build_all - -build_all: build_libs build_apps build_tests build_tools - -build_libs: build_libcrypto build_libssl openssl.pc - -build_libcrypto: build_crypto build_engines libcrypto.pc -build_libssl: build_ssl libssl.pc - -build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) -build_ssl: build_crypto - @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: build_crypto - @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: build_libs - @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: build_libs - @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: build_libs - @dir=tools; target=all; $(BUILD_ONE_CMD) - -all_testapps: build_libs build_testapps -build_testapps: - @dir=crypto; target=testapps; $(BUILD_ONE_CMD) - -fips_premain_dso$(EXE_EXT): libcrypto.a - [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \ - -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \ - $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ - libcrypto.a $(EX_LIBS) - -libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_LIBCRYPTO=libcrypto.a ; \ - FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ - export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ - fi; \ - $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ - (touch -c fips_premain_dso$(EXE_EXT) || :); \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -clean-shared: - @set -e; for i in $(SHLIBDIRS); do \ - if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for j in $${tmp:-x}; do \ - ( set -x; rm -f lib$$i$$j ); \ - done; \ - fi; \ - ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ - fi; \ - done - -link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ - libs="$$libs -l$$i"; \ - done - -build-shared: do_$(SHLIB_TARGET) link-shared - -do_$(SHLIB_TARGET): - @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ - if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ - libs="-l$$i $$libs"; \ - done - -libcrypto.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo 'enginesdir=$${libdir}/engines'; \ - echo ''; \ - echo 'Name: OpenSSL-libcrypto'; \ - echo 'Description: OpenSSL cryptography library'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc - -libssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires.private: libcrypto'; \ - echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - -openssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: libssl libcrypto' ) > openssl.pc - -Makefile: Makefile.org Configure config - @echo "Makefile is older than Makefile.org, Configure or config." - @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." - @false - -libclean: - rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib - -clean: libclean - rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @set -e; target=clean; $(RECURSIVE_BUILD_CMD) - rm -f $(LIBS) - rm -f openssl.pc libssl.pc libcrypto.pc - rm -f speed.* .pure - rm -f $(TARFILE) - @set -e; for i in $(ONEDIRS) ;\ - do \ - rm -fr $$i/*; \ - done - -makefile.one: files - $(PERL) util/mk1mf.pl >makefile.one; \ - sh util/do_ms.sh - -files: - $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO - @set -e; target=files; $(RECURSIVE_BUILD_CMD) - -links: - @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl - @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @set -e; target=links; $(RECURSIVE_BUILD_CMD) - -gentests: - @(cd test && echo "generating dummy tests (if needed)..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); - -dclean: - rm -rf *.bak include/openssl certs/.0 - @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) - -rehash: rehash.time -rehash.time: certs apps - @if [ -z "$(CROSS_COMPILE)" ]; then \ - (OPENSSL="`pwd`/util/opensslwrap.sh"; \ - [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs/demo) && \ - touch rehash.time; \ - else :; fi - -test: tests - -tests: rehash - @(cd test && echo "testing..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); - OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a - -report: - @$(PERL) util/selftest.pl - -update: errors stacks util/libeay.num util/ssleay.num TABLE - @set -e; target=update; $(RECURSIVE_BUILD_CMD) - -depend: - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) - -lint: - @set -e; target=lint; $(RECURSIVE_BUILD_CMD) - -tags: - rm -f TAGS - find . -name '[^.]*.[ch]' | xargs etags -a - -errors: - $(PERL) util/ck_errf.pl -strict */*.c */*/*.c - $(PERL) util/mkerr.pl -recurse -write - (cd engines; $(MAKE) PERL=$(PERL) errors) - -stacks: - $(PERL) util/mkstack.pl -write - -util/libeay.num:: - $(PERL) util/mkdef.pl crypto update - -util/ssleay.num:: - $(PERL) util/mkdef.pl ssl update - -TABLE: Configure - (echo 'Output of `Configure TABLE'"':"; \ - $(PERL) Configure TABLE) > TABLE - -# Build distribution tar-file. As the list of files returned by "find" is -# pretty long, on several platforms a "too many arguments" error or similar -# would occur. Therefore the list of files is temporarily stored into a file -# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal -# tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ - --owner 0 --group 0 \ - --transform 's|^|$(NAME)/|' \ - -cvf - - -$(TARFILE).list: - find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ - \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ - \! -name '.#*' \! -name '*~' \! -type l \ - | sort > $(TARFILE).list - -tar: $(TARFILE).list - find . -type d -print | xargs chmod 755 - find . -type f -print | xargs chmod a+r - find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best > $(TARFILE).gz - rm -f $(TARFILE).list - ls -l $(TARFILE).gz - -tar-snap: $(TARFILE).list - $(TAR_COMMAND) > $(TARFILE) - rm -f $(TARFILE).list - ls -l $(TARFILE) - -dist: - $(PERL) Configure dist - @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar - -install: all install_docs install_sw - -install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - @set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ - ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ - fi; \ - done; - @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ - tmp="$(SHARED_LIBS)"; \ - for i in $${tmp:-x}; \ - do \ - if [ -f "$$i" -o -f "$$i.a" ]; then \ - ( echo installing $$i; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ - cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - else \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - fi ); \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ - ( case $$i in \ - *crypto*) i=libeay32.dll;; \ - *ssl*) i=ssleay32.dll;; \ - esac; \ - echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ - fi; \ - fi; \ - done; \ - ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ - $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ - if [ "$(INSTALLTOP)" != "/usr" ]; then \ - echo 'OpenSSL shared libraries have been installed in:'; \ - echo ' $(INSTALLTOP)'; \ - echo ''; \ - sed -e '1,/^$$/d' doc/openssl-shared.txt; \ - fi; \ - fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc - -install_html_docs: - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - for subdir in apps crypto ssl; do \ - mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - for i in doc/$$subdir/*.pod; do \ - fn=`basename $$i .pod`; \ - echo "installing html/$$fn.$(HTMLSUFFIX)"; \ - cat $$i \ - | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ - | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ - | sed -r 's/<!DOCTYPE.*//g' \ - > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ - done); \ - done; \ - done - -install_docs: - @$(PERL) $(TOP)/util/mkdir-p.pl \ - $(INSTALL_PREFIX)$(MANDIR)/man1 \ - $(INSTALL_PREFIX)$(MANDIR)/man3 \ - $(INSTALL_PREFIX)$(MANDIR)/man5 \ - $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - set -e; for i in doc/apps/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done; \ - set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/Makefile.org b/Makefile.org index 61a329b..f51f0a7 100644 --- a/Makefile.org +++ b/Makefile.org @@ -424,6 +424,14 @@ clean: libclean rm -fr $$i/*; \ done +distclean: clean + -$(RM) `find . -name .git -prune -o -type l -print` + $(RM) apps/CA.pl + $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem + $(RM) tools/c_rehash + $(RM) crypto/opensslconf.h + $(RM) Makefile Makefile.bak + makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ sh util/do_ms.sh @@ -5,6 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] + + o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) + o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) + + Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] + + o config now recognises 64-bit mingw and chooses mingw64 instead of mingw + Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2k 26 Jan 2017 + OpenSSL 1.0.2m 2 Nov 2017 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -0,0 +1,6767 @@ +Output of `Configure TABLE': + +*** BC-32 +$cc = bcc32 +$cflags = +$unistd = +$thread_cflag = +$sys_id = WIN32 +$lflags = +$bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** BS2000-OSD +$cc = c89 +$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** BSD-generic32 +$cc = gcc +$cflags = -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-generic64 +$cc = gcc +$cflags = -O3 -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-ia64 +$cc = gcc +$cflags = -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-sparc64 +$cc = gcc +$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-sparcv8 +$cc = gcc +$cflags = -DB_ENDIAN -O3 -mcpu=v8 -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-x86 +$cc = gcc +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = a.out +$dso_scheme = dlfcn +$shared_target= bsd-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-x86-elf +$cc = gcc +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** BSD-x86_64 +$cc = cc +$cflags = -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** Cygwin +$cc = gcc +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall +$unistd = +$thread_cflag = +$sys_id = CYGWIN +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = coff +$dso_scheme = dlfcn +$shared_target= cygwin-shared +$shared_cflag = -D_WINDLL +$shared_ldflag = -shared +$shared_extension = .dll.a +$ranlib = +$arflags = +$multilib = + +*** Cygwin-x86_64 +$cc = gcc +$cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = +$sys_id = CYGWIN +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = mingw64 +$dso_scheme = dlfcn +$shared_target= cygwin-shared +$shared_cflag = -D_WINDLL +$shared_ldflag = -shared +$shared_extension = .dll.a +$ranlib = +$arflags = +$multilib = + +*** DJGPP +$cc = gcc +$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = MSDOS +$lflags = -L/dev/env/WATT_ROOT/lib -lwatt +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = a.out +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** MPE/iX-gcc +$cc = gcc +$cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB +$unistd = +$thread_cflag = (unknown) +$sys_id = MPE +$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** OS2-EMX +$cc = gcc +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** OS390-Unix +$cc = c89.sh +$cflags = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** QNX6 +$cc = gcc +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = -lsocket +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** QNX6-i386 +$cc = gcc +$cflags = -DL_ENDIAN -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = +$lflags = -lsocket +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** ReliantUNIX +$cc = cc +$cflags = -KPIC -g -DTERMIOS -DB_ENDIAN +$unistd = +$thread_cflag = -Kthread +$sys_id = SNI +$lflags = -lsocket -lnsl -lc -L/usr/ucblib -lucb +$bn_ops = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= reliantunix-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** SINIX +$cc = cc +$cflags = -O +$unistd = +$thread_cflag = (unknown) +$sys_id = SNI +$lflags = -lsocket -lnsl -lc -L/usr/ucblib -lucb +$bn_ops = RC4_INDEX RC4_CHAR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** SINIX-N +$cc = /usr/ucb/cc +$cflags = -O2 -misaligned +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lucb +$bn_ops = RC4_INDEX RC4_CHAR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** UWIN +$cc = cc +$cflags = -DTERMIOS -DL_ENDIAN -O -Wall +$unistd = +$thread_cflag = +$sys_id = UWIN +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** VC-CE +$cc = cl +$cflags = +$unistd = +$thread_cflag = +$sys_id = WINCE +$lflags = +$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** VC-WIN32 +$cc = cl +$cflags = -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN32 +$lflags = +$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = win32n +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** VC-WIN64A +$cc = cl +$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN64A +$lflags = +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN +$cpuid_obj = x86_64cpuid.o +$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = auto +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** VC-WIN64I +$cc = cl +$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN64I +$lflags = +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN +$cpuid_obj = ia64cpuid.o +$bn_obj = ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = ias +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** aix-cc +$cc = cc +$cflags = -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst +$unistd = +$thread_cflag = -qthreaded -D_THREAD_SAFE +$sys_id = AIX +$lflags = +$bn_ops = BN_LLONG RC4_CHAR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = aix32 +$dso_scheme = dlfcn +$shared_target= aix-shared +$shared_cflag = +$shared_ldflag = -q32 -G +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = -X 32 +$multilib = + +*** aix-gcc +$cc = gcc +$cflags = -O -DB_ENDIAN +$unistd = +$thread_cflag = -pthread +$sys_id = AIX +$lflags = +$bn_ops = BN_LLONG RC4_CHAR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = aix32 +$dso_scheme = dlfcn +$shared_target= aix-shared +$shared_cflag = +$shared_ldflag = -shared -Wl,-G +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = -X32 +$multilib = + +*** aix3-cc +$cc = cc +$cflags = -O -DB_ENDIAN -qmaxmem=16384 +$unistd = +$thread_cflag = (unknown) +$sys_id = AIX +$lflags = +$bn_ops = BN_LLONG RC4_CHAR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** aix64-cc +$cc = cc +$cflags = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst +$unistd = +$thread_cflag = -qthreaded -D_THREAD_SAFE +$sys_id = AIX +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = aix64 +$dso_scheme = dlfcn +$shared_target= aix-shared +$shared_cflag = +$shared_ldflag = -q64 -G +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = -X 64 +$multilib = + +*** aix64-gcc +$cc = gcc +$cflags = -maix64 -O -DB_ENDIAN +$unistd = +$thread_cflag = -pthread +$sys_id = AIX +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = aix64 +$dso_scheme = dlfcn +$shared_target= aix-shared +$shared_cflag = +$shared_ldflag = -maix64 -shared -Wl,-G +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = -X64 +$multilib = + +*** android +$cc = gcc +$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** android-armv7 +$cc = gcc +$cflags = -march=armv7-a -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o armv4cpuid.o +$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-armv4.o ghashv8-armx.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** android-mips +$cc = gcc +$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = o32 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** android-x86 +$cc = gcc +$cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = android +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** aux3-gcc +$cc = gcc +$cflags = -O2 -DTERMIO +$unistd = +$thread_cflag = (unknown) +$sys_id = AUX +$lflags = -lbsd +$bn_ops = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** beos-x86-bone +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = BEOS +$lflags = -lbe -lbind -lsocket +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = beos +$shared_target= beos-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** beos-x86-r5 +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = BEOS +$lflags = -lbe -lnet +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = beos +$shared_target= beos-shared +$shared_cflag = -fPIC -DPIC +$shared_ldflag = -shared +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** bsdi-elf-gcc +$cc = gcc +$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** cc +$cc = cc +$cflags = -O +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** cray-j90 +$cc = cc +$cflags = -DBIT_FIELD_LIMITS -DTERMIOS +$unistd = +$thread_cflag = (unknown) +$sys_id = CRAY +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** cray-t3e +$cc = cc +$cflags = -DBIT_FIELD_LIMITS -DTERMIOS +$unistd = +$thread_cflag = (unknown) +$sys_id = CRAY +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** darwin-i386-cc +$cc = cc +$cflags = -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch i386 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** darwin-ppc-cc +$cc = cc +$cflags = -arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = osx32 +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch ppc -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** darwin64-ppc-cc +$cc = cc +$cflags = -arch ppc64 -O3 -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = osx64 +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch ppc64 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** darwin64-x86_64-cc +$cc = cc +$cflags = -arch x86_64 -O3 -DL_ENDIAN -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch x86_64 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** debug +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lefence +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-BSD-x86-elf +$cc = gcc +$cflags = -DL_ENDIAN -O3 -Wall -g +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-VC-WIN32 +$cc = cl +$cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN32 +$lflags = +$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = win32n +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-VC-WIN64A +$cc = cl +$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN64A +$lflags = +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN +$cpuid_obj = x86_64cpuid.o +$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = auto +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-VC-WIN64I +$cc = cl +$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$unistd = +$thread_cflag = +$sys_id = WIN64I +$lflags = +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN +$cpuid_obj = ia64cpuid.o +$bn_obj = ia64.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = ias +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-darwin64 +$cc = cc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch x86_64 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** debug-ben-debug +$cc = gcc44 +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-debug-64 +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-ben-debug-64-clang +$cc = clang +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-ben-macos +$cc = cc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -Wl,-search_paths_first +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-macos-gcc46 +$cc = gcc-mp-4.6 +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-no-opt +$cc = gcc +$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3 +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-openbsd +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-openbsd-debug +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-ben-strict +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-bodo +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** debug-darwin-i386-cc +$cc = cc +$cflags = -arch i386 -g3 -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch i386 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** debug-darwin-ppc-cc +$cc = cc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = osx32 +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC +$shared_ldflag = -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** debug-darwin64-x86_64-cc +$cc = cc +$cflags = -arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch x86_64 -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** debug-geoff32 +$cc = gcc +$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-geoff64 +$cc = gcc +$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-levitte-linux-elf +$cc = gcc +$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-levitte-linux-elf-extreme +$cc = gcc +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-levitte-linux-noasm +$cc = gcc +$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-levitte-linux-noasm-extreme +$cc = gcc +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-elf +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lefence -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-elf-noefence +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-generic32 +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-generic64 +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-ia32-aes +$cc = gcc +$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes_x86core.o aes_cbc.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-linux-pentium +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-linux-ppro +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-linux-x86_64 +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** debug-linux-x86_64-clang +$cc = clang +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** debug-rse +$cc = cc +$cflags = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** debug-solaris-sparcv8-cc +$cc = cc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-solaris-sparcv8-gcc +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-solaris-sparcv9-cc +$cc = cc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-solaris-sparcv9-gcc +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-steve-opt +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-steve32 +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -rdynamic -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-steve64 +$cc = gcc +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** debug-vos-gcc +$cc = gcc +$cflags = -O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG +$unistd = +$thread_cflag = (unknown) +$sys_id = VOS +$lflags = -Wl,-map +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** dgux-R3-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = RC4_INDEX DES_UNROLL +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** dgux-R4-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lnsl -lsocket +$bn_ops = RC4_INDEX DES_UNROLL +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** dgux-R4-x86-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer -DL_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lnsl -lsocket +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** dist +$cc = cc +$cflags = -O +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** gcc +$cc = gcc +$cflags = -O3 +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** hpux-cc +$cc = cc +$cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** hpux-gcc +$cc = gcc +$cflags = -DB_ENDIAN -DBN_DIV2W -O3 +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** hpux-ia64-cc +$cc = cc +$cflags = -Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = +DD32 -b +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /hpux32 + +*** hpux-ia64-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = -fpic +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /hpux32 + +*** hpux-parisc-cc +$cc = cc +$cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** hpux-parisc-cc-o4 +$cc = cc +$cflags = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldld +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** hpux-parisc-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** hpux-parisc1_1-cc +$cc = cc +$cflags = +DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = pariscid.o +$bn_obj = bn_asm.o parisc-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-parisc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o +$cast_obj = +$rc4_obj = rc4-parisc.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-parisc.o +$engines_obj = +$perlasm_scheme = 32 +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa1.1 + +*** hpux-parisc1_1-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = pariscid.o +$bn_obj = bn_asm.o parisc-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-parisc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o +$cast_obj = +$rc4_obj = rc4-parisc.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-parisc.o +$engines_obj = +$perlasm_scheme = 32 +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa1.1 + +*** hpux-parisc2-cc +$cc = cc +$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = pariscid.o +$bn_obj = pa-risc2.o parisc-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-parisc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o +$cast_obj = +$rc4_obj = rc4-parisc.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-parisc.o +$engines_obj = +$perlasm_scheme = 32 +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa20_32 + +*** hpux-parisc2-gcc +$cc = gcc +$cflags = -march=2.0 -O3 -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -Wl,+s -ldld +$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1 +$cpuid_obj = pariscid.o +$bn_obj = pa-risc2.o parisc-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-parisc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o +$cast_obj = +$rc4_obj = rc4-parisc.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-parisc.o +$engines_obj = +$perlasm_scheme = 32 +$dso_scheme = dl +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa20_32 + +*** hpux64-ia64-cc +$cc = cc +$cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = +DD64 -b +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /hpux64 + +*** hpux64-ia64-gcc +$cc = gcc +$cflags = -mlp64 -O3 -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = -fpic +$shared_ldflag = -mlp64 -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /hpux64 + +*** hpux64-parisc2-cc +$cc = cc +$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = pariscid.o +$bn_obj = pa-risc2W.o parisc-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-parisc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o +$cast_obj = +$rc4_obj = rc4-parisc.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-parisc.o +$engines_obj = +$perlasm_scheme = 64 +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_ldflag = +DD64 -b +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa20_64 + +*** hpux64-parisc2-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN -D_REENTRANT +$unistd = +$thread_cflag = +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$cpuid_obj = +$bn_obj = pa-risc2W.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= hpux-shared +$shared_cflag = -fpic +$shared_ldflag = -shared +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /pa20_64 + +*** hurd-x86 +$cc = gcc +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** iphoneos-cross +$cc = llvm-gcc +$cflags = -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = iOS +$lflags = -Wl,-search_paths_first% +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + +*** irix-cc +$cc = cc +$cflags = -O2 -use_readonly_const -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = o32 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** irix-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = o32 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** irix-mips3-cc +$cc = cc +$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W +$unistd = +$thread_cflag = -D_SGI_MP_SOURCE +$sys_id = +$lflags = +$bn_ops = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = n32 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = -n32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 32 + +*** irix-mips3-gcc +$cc = gcc +$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W +$unistd = +$thread_cflag = -D_SGI_MP_SOURCE +$sys_id = +$lflags = +$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = n32 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = -mabi=n32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 32 + +*** irix64-mips4-cc +$cc = cc +$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W +$unistd = +$thread_cflag = -D_SGI_MP_SOURCE +$sys_id = +$lflags = +$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = 64 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = -64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** irix64-mips4-gcc +$cc = gcc +$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W +$unistd = +$thread_cflag = -D_SGI_MP_SOURCE +$sys_id = +$lflags = +$bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = 64 +$dso_scheme = dlfcn +$shared_target= irix-shared +$shared_cflag = +$shared_ldflag = -mabi=64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux-aarch64 +$cc = gcc +$cflags = -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashv8-armx.o +$engines_obj = +$perlasm_scheme = linux64 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-alpha+bwx-ccc +$cc = ccc +$cflags = -fast -readonly_strings -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** linux-alpha+bwx-gcc +$cc = gcc +$cflags = -O3 -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-alpha-ccc +$cc = ccc +$cflags = -fast -readonly_strings -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** linux-alpha-gcc +$cc = gcc +$cflags = -O3 -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-aout +$cc = gcc +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = a.out +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** linux-armv4 +$cc = gcc +$cflags = -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o armv4cpuid.o +$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-armv4.o ghashv8-armx.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-elf +$cc = gcc +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-generic32 +$cc = gcc +$cflags = -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-generic64 +$cc = gcc +$cflags = -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-ia32-icc +$cc = icc +$cflags = -DL_ENDIAN -O2 +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl -no_cpprt +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -KPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-ia64 +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIO -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-ia64-icc +$cc = icc +$cflags = -DL_ENDIAN -O2 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl -no_cpprt +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT +$cpuid_obj = ia64cpuid.o +$bn_obj = bn-ia64.o ia64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ia64.o +$bf_obj = +$md5_obj = md5-ia64.o +$sha1_obj = sha1-ia64.o sha256-ia64.o sha512-ia64.o +$cast_obj = +$rc4_obj = rc4-ia64.o rc4_skey.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-ia64.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-mips32 +$cc = gcc +$cflags = -mabi=32 -O3 -Wall -DBN_DIV3W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = o32 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-mips64 +$cc = gcc +$cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = n32 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -mabi=n32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 32 + +*** linux-ppc +$cc = gcc +$cflags = -DB_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = linux32 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-ppc64 +$cc = gcc +$cflags = -m64 -DB_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = linux64 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux-ppc64le +$cc = gcc +$cflags = -m64 -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL +$cpuid_obj = ppccpuid.o ppccap.o +$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashp8-ppc.o +$engines_obj = +$perlasm_scheme = linux64le +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-sparcv8 +$cc = gcc +$cflags = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-sparcv9 +$cc = gcc +$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** linux-x32 +$cc = gcc +$cflags = -mx32 -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -mx32 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = x32 + +*** linux-x86_64 +$cc = gcc +$cflags = -m64 -DL_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux-x86_64-clang +$cc = clang +$cflags = -m64 -DL_ENDIAN -O3 -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux-x86_64-icc +$cc = icc +$cflags = -DL_ENDIAN -O2 +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl -no_cpprt +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux32-s390x +$cc = gcc +$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = s390xcap.o s390xcpuid.o +$bn_obj = bn_asm.o s390x-mont.o s390x-gf2m.o +$ec_obj = +$des_obj = +$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o +$cast_obj = +$rc4_obj = rc4-s390x.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-s390x.o +$engines_obj = +$perlasm_scheme = 31 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m31 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /highgprs + +*** linux64-mips64 +$cc = gcc +$cflags = -mabi=64 -O3 -Wall -DBN_DIV3W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o sha512-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = 64 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -mabi=64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux64-s390x +$cc = gcc +$cflags = -m64 -DB_ENDIAN -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = s390xcap.o s390xcpuid.o +$bn_obj = bn-s390x.o s390x-mont.o s390x-gf2m.o +$ec_obj = +$des_obj = +$aes_obj = aes-s390x.o aes-ctr.o aes-xts.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-s390x.o sha256-s390x.o sha512-s390x.o +$cast_obj = +$rc4_obj = rc4-s390x.o +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-s390x.o +$engines_obj = +$perlasm_scheme = 64 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** linux64-sparcv9 +$cc = gcc +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + +*** mingw +$cc = gcc +$cflags = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall +$unistd = +$thread_cflag = -D_MT +$sys_id = MINGW32 +$lflags = -lws2_32 -lgdi32 -lcrypt32 +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = coff +$dso_scheme = win32 +$shared_target= cygwin-shared +$shared_cflag = -D_WINDLL -DOPENSSL_USE_APPLINK +$shared_ldflag = -mno-cygwin +$shared_extension = .dll.a +$ranlib = +$arflags = +$multilib = + +*** mingw64 +$cc = gcc +$cflags = -mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE +$unistd = +$thread_cflag = -D_MT +$sys_id = MINGW64 +$lflags = -lws2_32 -lgdi32 -lcrypt32 +$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = mingw64 +$dso_scheme = win32 +$shared_target= cygwin-shared +$shared_cflag = -D_WINDLL +$shared_ldflag = -mno-cygwin +$shared_extension = .dll.a +$ranlib = +$arflags = +$multilib = + +*** ncr-scde +$cc = cc +$cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lsocket -lnsl -lc89 +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-clib +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-clib-bsdsock +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-clib-bsdsock-gcc +$cc = i586-netware-gcc +$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-clib-gcc +$cc = i586-netware-gcc +$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-libc +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-libc-bsdsock +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-libc-bsdsock-gcc +$cc = i586-netware-gcc +$cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** netware-libc-gcc +$cc = i586-netware-gcc +$cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall +$unistd = +$thread_cflag = +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** newsos4-gcc +$cc = gcc +$cflags = -O -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = NEWS4 +$lflags = -lmld -liberty +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** nextstep +$cc = cc +$cflags = -O -Wall +$unistd = <libc.h> +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** nextstep3.3 +$cc = cc +$cflags = -O3 -Wall +$unistd = <libc.h> +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** osf1-alpha-cc +$cc = cc +$cflags = -std1 -tune host -O4 -readonly_strings +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= alpha-osf1-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** osf1-alpha-gcc +$cc = gcc +$cflags = -O3 +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1 +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= alpha-osf1-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** purify +$cc = purify gcc +$cflags = -g -DPURIFY -Wall +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** qnx4 +$cc = cc +$cflags = -DL_ENDIAN -DTERMIO +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** rhapsody-ppc-cc +$cc = cc +$cflags = -O3 -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = MACOSX_RHAPSODY +$lflags = +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** sco5-cc +$cc = cc +$cflags = -belf +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf-1 +$dso_scheme = dlfcn +$shared_target= svr3-shared +$shared_cflag = -Kpic +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** sco5-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf-1 +$dso_scheme = dlfcn +$shared_target= svr3-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv7-cc +$cc = cc +$cflags = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv7-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv8-cc +$cc = cc +$cflags = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv8-gcc +$cc = gcc +$cflags = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = sparcv8.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv9-cc +$cc = cc +$cflags = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-sparcv9-gcc +$cc = gcc +$cflags = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-x86-cc +$cc = cc +$cflags = -fast -xarch=generic -O -Xa +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris-x86-gcc +$cc = gcc +$cflags = -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** solaris64-sparcv9-cc +$cc = cc +$cflags = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -xarch=v9 -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /64 + +*** solaris64-sparcv9-gcc +$cc = gcc +$cflags = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = ULTRASPARC +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR +$cpuid_obj = sparcv9cap.o sparccpuid.o +$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o +$ec_obj = +$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o +$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o +$bf_obj = +$md5_obj = md5-sparcv9.o +$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o +$modes_obj = ghash-sparcv9.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /64 + +*** solaris64-x86_64-cc +$cc = cc +$cflags = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_ldflag = -xarch=amd64 -G -dy -z text +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /64 + +*** solaris64-x86_64-gcc +$cc = gcc +$cflags = -m64 -O3 -Wall -DL_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 -shared -static-libgcc +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = /64 + +*** sunos-gcc +$cc = gcc +$cflags = -O3 -mcpu=v8 -Dssize_t=int +$unistd = +$thread_cflag = (unknown) +$sys_id = SUNOS +$lflags = +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1 +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** tandem-c89 +$cc = c89 +$cflags = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = THIRTY_TWO_BIT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** tru64-alpha-cc +$cc = cc +$cflags = -std1 -tune host -fast -readonly_strings +$unistd = +$thread_cflag = -pthread +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$cpuid_obj = alphacpuid.o +$bn_obj = bn_asm.o alpha-mont.o +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-alpha.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghash-alpha.o +$engines_obj = +$perlasm_scheme = void +$dso_scheme = dlfcn +$shared_target= alpha-osf1-shared +$shared_cflag = +$shared_ldflag = -msym +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** uClinux-dist +$cc = +$cflags = $(CFLAGS) +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = $(LDFLAGS) $(LDLIBS) +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** uClinux-dist64 +$cc = +$cflags = $(CFLAGS) +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = $(LDFLAGS) $(LDLIBS) +$bn_ops = SIXTY_FOUR_BIT_LONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -shared +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** ultrix-cc +$cc = cc +$cflags = -std1 -O -Olimit 2500 -DL_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** ultrix-gcc +$cc = gcc +$cflags = -O3 -DL_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** unixware-2.0 +$cc = cc +$cflags = -DFILIO_H -DNO_STRINGS_H +$unistd = +$thread_cflag = -Kthread +$sys_id = +$lflags = -lsocket -lnsl -lresolv -lx +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** unixware-2.1 +$cc = cc +$cflags = -O -DFILIO_H +$unistd = +$thread_cflag = -Kthread +$sys_id = +$lflags = -lsocket -lnsl -lresolv -lx +$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** unixware-7 +$cc = cc +$cflags = -O -DFILIO_H -Kalloca +$unistd = +$thread_cflag = -Kthread +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf-1 +$dso_scheme = dlfcn +$shared_target= svr5-shared +$shared_cflag = -Kpic +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** unixware-7-gcc +$cc = gcc +$cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -lsocket -lnsl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = +$perlasm_scheme = elf-1 +$dso_scheme = dlfcn +$shared_target= gnu-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + +*** vos-gcc +$cc = gcc +$cflags = -O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN +$unistd = +$thread_cflag = (unknown) +$sys_id = VOS +$lflags = -Wl,-map +$bn_ops = BN_LLONG +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = .so +$ranlib = +$arflags = +$multilib = + +*** vxworks-mips +$cc = ccmips +$cflags = -mrtp -mips2 -O -G 0 -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/h/wrn/coreip +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = VXWORKS +$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon +$bn_ops = +$cpuid_obj = +$bn_obj = bn-mips.o mips-mont.o +$ec_obj = +$des_obj = +$aes_obj = aes_cbc.o aes-mips.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-mips.o sha256-mips.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = o32 +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = ranlibmips +$arflags = +$multilib = + +*** vxworks-ppc405 +$cc = ccppc +$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-ppc60x +$cc = ccppc +$cflags = -D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/common +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-ppc750 +$cc = ccppc +$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h $(DEBUG_FLAG) +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-ppc750-debug +$cc = ccppc +$cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-ppc860 +$cc = ccppc +$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-ppcgen +$cc = ccppc +$cflags = -D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = +$multilib = + +*** vxworks-simlinux +$cc = ccpentium +$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$cpuid_obj = +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = ranlibpentium +$arflags = +$multilib = diff --git a/apps/CA.pl b/apps/CA.pl deleted file mode 100644 index 43c20b2..0000000 --- a/apps/CA.pl +++ /dev/null @@ -1,188 +0,0 @@ -#!/usr/bin/perl -# -# CA - wrapper around ca to make it easier to use ... basically ca requires -# some setup stuff to be done before you can use it and this makes -# things easier between now and when Eric is convinced to fix it :-) -# -# CA -newca ... will setup the right stuff -# CA -newreq[-nodes] ... will generate a certificate request -# CA -sign ... will sign the generated request and output -# -# At the end of that grab newreq.pem and newcert.pem (one has the key -# and the other the certificate) and cat them together and that is what -# you want/need ... I'll make even this a little cleaner later. -# -# -# 12-Jan-96 tjh Added more things ... including CA -signcert which -# converts a certificate to a request and then signs it. -# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG -# environment variable so this can be driven from -# a script. -# 25-Jul-96 eay Cleaned up filenames some more. -# 11-Jun-96 eay Fixed a few filename missmatches. -# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. -# 18-Apr-96 tjh Original hacking -# -# Tim Hudson -# tjh@cryptsoft.com -# - -# 27-Apr-98 snh Translation into perl, fix existing CA bug. -# -# -# Steve Henson -# shenson@bigfoot.com - -# default openssl.cnf file has setup as per the following -# demoCA ... where everything is stored - -my $openssl; -if(defined $ENV{OPENSSL}) { - $openssl = $ENV{OPENSSL}; -} else { - $openssl = "openssl"; - $ENV{OPENSSL} = $openssl; -} - -$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; # 1 year -$CADAYS="-days 1095"; # 3 years -$REQ="$openssl req $SSLEAY_CONFIG"; -$CA="$openssl ca $SSLEAY_CONFIG"; -$VERIFY="$openssl verify"; -$X509="$openssl x509"; -$PKCS12="$openssl pkcs12"; - -$CATOP="./demoCA"; -$CAKEY="cakey.pem"; -$CAREQ="careq.pem"; -$CACERT="cacert.pem"; - -$DIRMODE = 0777; - -$RET = 0; - -foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate - system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); - $RET=$?; - print "Certificate is in newcert.pem, private key is in newkey.pem\n" - } elsif (/^-newreq$/) { - # create a certificate request - system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); - $RET=$?; - print "Request is in newreq.pem, private key is in newkey.pem\n"; - } elsif (/^-newreq-nodes$/) { - # create a certificate request - system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); - $RET=$?; - print "Request is in newreq.pem, private key is in newkey.pem\n"; - } elsif (/^-newca$/) { - # if explicitly asked for or it doesn't exist then setup the - # directory structure that Eric likes to manage things - $NEW="1"; - if ( "$NEW" || ! -f "${CATOP}/serial" ) { - # create the directory hierarchy - mkdir $CATOP, $DIRMODE; - mkdir "${CATOP}/certs", $DIRMODE; - mkdir "${CATOP}/crl", $DIRMODE ; - mkdir "${CATOP}/newcerts", $DIRMODE; - mkdir "${CATOP}/private", $DIRMODE; - open OUT, ">${CATOP}/index.txt"; - close OUT; - open OUT, ">${CATOP}/crlnumber"; - print OUT "01\n"; - close OUT; - } - if ( ! -f "${CATOP}/private/$CAKEY" ) { - print "CA certificate filename (or enter to create)\n"; - $FILE = <STDIN>; - - chop $FILE; - - # ask user for existing CA certificate - if ($FILE) { - cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); - cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); - $RET=$?; - } else { - print "Making CA certificate ...\n"; - system ("$REQ -new -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); - system ("$CA -create_serial " . - "-out ${CATOP}/$CACERT $CADAYS -batch " . - "-keyfile ${CATOP}/private/$CAKEY -selfsign " . - "-extensions v3_ca " . - "-infiles ${CATOP}/$CAREQ "); - $RET=$?; - } - } - } elsif (/^-pkcs12$/) { - my $cname = $ARGV[1]; - $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . - "-certfile ${CATOP}/$CACERT -out newcert.p12 " . - "-export -name \"$cname\""); - $RET=$?; - print "PKCS #12 file is in newcert.p12\n"; - exit $RET; - } elsif (/^-xsign$/) { - system ("$CA -policy policy_anything -infiles newreq.pem"); - $RET=$?; - } elsif (/^(-sign|-signreq)$/) { - system ("$CA -policy policy_anything -out newcert.pem " . - "-infiles newreq.pem"); - $RET=$?; - print "Signed certificate is in newcert.pem\n"; - } elsif (/^(-signCA)$/) { - system ("$CA -policy policy_anything -out newcert.pem " . - "-extensions v3_ca -infiles newreq.pem"); - $RET=$?; - print "Signed CA certificate is in newcert.pem\n"; - } elsif (/^-signcert$/) { - system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . - "-out tmp.pem"); - system ("$CA -policy policy_anything -out newcert.pem " . - "-infiles tmp.pem"); - $RET = $?; - print "Signed certificate is in newcert.pem\n"; - } elsif (/^-verify$/) { - if (shift) { - foreach $j (@ARGV) { - system ("$VERIFY -CAfile $CATOP/$CACERT $j"); - $RET=$? if ($? != 0); - } - exit $RET; - } else { - system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); - $RET=$?; - exit 0; - } - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; - exit 1; - } -} - -exit $RET; - -sub cp_pem { -my ($infile, $outfile, $bound) = @_; -open IN, $infile; -open OUT, ">$outfile"; -my $flag = 0; -while (<IN>) { - $flag = 1 if (/^-----BEGIN.*$bound/) ; - print OUT $_ if ($flag); - if (/^-----END.*$bound/) { - close IN; - close OUT; - return; - } -} -} @@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* Lets add the extensions, if there are any */ if (ext_sect) { X509V3_CTX ctx; - if (ci->version == NULL) - if ((ci->version = ASN1_INTEGER_new()) == NULL) - goto err; - ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */ /* * Free the current entries if any, there should not be any I believe @@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } + { + STACK_OF(X509_EXTENSION) *exts = ci->extensions; + + if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0) + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(ret, 2)) + goto err; + } + /* Set the right value for the noemailDN option */ if (email_dn == 0) { if (!X509_set_subject_name(ret, dn_subject)) @@ -2126,10 +2131,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -2137,11 +2140,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto err; } + irow = NULL; ok = 1; err: - for (i = 0; i < DB_NUMBER; i++) - if (row[i] != NULL) + if (irow != NULL) { + for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); + OPENSSL_free(irow); + } if (CAname != NULL) X509_NAME_free(CAname); @@ -2396,18 +2402,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { BIO_printf(bio_err, "failed to update database\n"); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); + OPENSSL_free(irow); goto err; } + for (i = 0; i < DB_NUMBER; i++) + row[i] = NULL; + /* Revoke Certificate */ if (type == -1) ok = 1; diff --git a/apps/dhparam.c b/apps/dhparam.c index 1210adb..bd91234 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -381,10 +381,19 @@ int MAIN(int argc, char **argv) } else # endif { - if (informat == FORMAT_ASN1) + if (informat == FORMAT_ASN1) { + /* + * We have no PEM header to determine what type of DH params it + * is. We'll just try both. + */ dh = d2i_DHparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + /* BIO_reset() returns 0 for success for file BIOs only!!! */ + if (dh == NULL && BIO_reset(in) == 0) + dh = d2i_DHxparams_bio(in, NULL); + } else { + /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); + } if (dh == NULL) { BIO_printf(bio_err, "unable to load DH parameters\n"); @@ -484,10 +493,13 @@ int MAIN(int argc, char **argv) } if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_DHparams_bio(out, dh); - else if (outformat == FORMAT_PEM) { - if (dh->q) + if (outformat == FORMAT_ASN1) { + if (dh->q != NULL) + i = i2d_DHxparams_bio(out, dh); + else + i = i2d_DHparams_bio(out, dh); + } else if (outformat == FORMAT_PEM) { + if (dh->q != NULL) i = PEM_write_bio_DHxparams(out, dh); else i = PEM_write_bio_DHparams(out, dh); @@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size); #define BSIZE (8*1024) #define PROG enc_main -static void show_ciphers(const OBJ_NAME *name, void *bio_) +struct doall_enc_ciphers { + BIO *bio; + int n; +}; + +static void show_ciphers(const OBJ_NAME *name, void *arg) { - BIO *bio = bio_; - static int n; + struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg; + const EVP_CIPHER *cipher; if (!islower((unsigned char)*name->name)) return; - BIO_printf(bio, "-%-25s", name->name); - if (++n == 3) { - BIO_printf(bio, "\n"); - n = 0; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; } else - BIO_printf(bio, " "); + BIO_printf(dec->bio, " "); } int MAIN(int, char **); @@ -130,6 +142,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; const EVP_MD *dgst = NULL; int non_fips_allow = 0; + struct doall_enc_ciphers dec; apps_startup(); @@ -311,8 +324,10 @@ int MAIN(int argc, char **argv) #endif BIO_printf(bio_err, "Cipher Types\n"); + dec.n = 0; + dec.bio = bio_err; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, bio_err); + show_ciphers, &dec); BIO_printf(bio_err, "\n"); goto end; diff --git a/apps/engine.c b/apps/engine.c index f54631b..a8eed9a 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int *size, int step) } if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { + char *p = *buf; + *size += step; *buf = OPENSSL_realloc(*buf, *size); + if (*buf == NULL) { + OPENSSL_free(p); + return 0; + } } - if (*buf == NULL) - return 0; - if (**buf != '\0') BUF_strlcat(*buf, ", ", *size); BUF_strlcat(*buf, s, *size); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 7c62d1c..19f2e5d 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -322,8 +322,10 @@ int MAIN(int argc, char **argv) buf_in, (size_t)buf_inlen); if (rv == 0) BIO_puts(out, "Signature Verification Failure\n"); - else if (rv == 1) + else if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); + ret = 0; + } if (rv >= 0) goto end; } else { diff --git a/apps/prime.c b/apps/prime.c index 133167f..d8f764a 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -155,5 +155,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "%-14s hex\n", "-hex"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>"); + BIO_printf(bio_err, "%-14s generate prime\n", "-generate"); + BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>"); + BIO_printf(bio_err, "%-14s safe prime\n", "-safe"); return 1; } diff --git a/apps/progs.h b/apps/progs.h index fb498fd..d5c0039 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv[]); typedef struct { int type; const char *name; - int (*func) (int argc, char *argv[]); + int (*func)(int argc, char *argv[]); } FUNCTION; DECLARE_LHASH_OF(FUNCTION); diff --git a/apps/progs.pl b/apps/progs.pl index fa6258c..73498e3 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n"; grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func)(int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) @@ -60,7 +60,7 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n"; } foreach ( @@ -86,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -101,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; @@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; diff --git a/apps/s_client.c b/apps/s_client.c index 3cabfb5..dc46799 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv) if (strstr(mbuf, "/stream:features>")) goto shut; seen = BIO_read(sbio, mbuf, BUFSIZZ); + if (seen <= 0) + goto shut; mbuf[seen] = 0; } BIO_printf(sbio, @@ -2132,6 +2134,7 @@ int MAIN(int argc, char **argv) BIO_free(bio_c_msg); bio_c_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } diff --git a/apps/s_server.c b/apps/s_server.c index b561cf3..98ffc09 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2132,6 +2132,7 @@ int MAIN(int argc, char *argv[]) BIO_free(bio_s_msg); bio_s_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } @@ -3016,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) PEM_write_bio_X509(io, peer); } else BIO_puts(io, "no client certificate available\n"); - BIO_puts(io, "</BODY></HTML>\r\n\r\n"); + BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n"); break; } else if ((www == 2 || www == 3) && (strncmp("GET /", buf, 5) == 0)) { diff --git a/apps/speed.c b/apps/speed.c index 6cd1021..5259c16 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig) # if !defined(SIGALRM) # define SIGALRM # endif -static unsigned int lapse, schlock; +static volatile unsigned int lapse; +static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) { lapse = secs * 1000; @@ -725,6 +726,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "no EVP given\n"); goto end; } + evp_md = NULL; evp_cipher = EVP_get_cipherbyname(*argv); if (!evp_cipher) { evp_md = EVP_get_digestbyname(*argv); diff --git a/apps/spkac.c b/apps/spkac.c index 7f5333f..4b4106d 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -5,7 +5,7 @@ * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -185,20 +185,23 @@ int MAIN(int argc, char **argv) } e = setup_engine(bio_err, engine, 0); - if (keyfile) { + if (keyfile != NULL) { pkey = load_key(bio_err, strcmp(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); - if (!pkey) { + if (pkey == NULL) goto end; - } spki = NETSCAPE_SPKI_new(); - if (challenge) + if (spki == NULL) + goto end; + if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); + if (spkstr == NULL) + goto end; if (outfile) out = BIO_new_file(outfile, "w"); @@ -253,7 +256,7 @@ int MAIN(int argc, char **argv) spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); - if (!spki) { + if (spki == NULL) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; @@ -282,9 +285,9 @@ int MAIN(int argc, char **argv) pkey = NETSCAPE_SPKI_get_pubkey(spki); if (verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if (i > 0) + if (i > 0) { BIO_printf(bio_err, "Signature OK\n"); - else { + } else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; @@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type) int i; if (id == NULL) return -1; - if (type == DB_SRP_INDEX) + if (type == DB_SRP_INDEX) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid])) return i; - } else + } + } else { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); @@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type) && !strcmp(id, pp[DB_srpid])) return i; } + } return -1; } @@ -177,16 +179,14 @@ static int update_index(CA_DB *db, BIO *bio, char **row) char **irow; int i; - if ((irow = - (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { + irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1)); + if (irow == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); return 0; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -207,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, char *srp_usersalt, const char *g, const char *N, const char *passin, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *verifier = NULL; char *gNid = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passin; - if (password_callback(password, 1024, 0, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N); - BIO_printf(bio, "Pass %s\n", password); + VVERBOSE BIO_printf(bio, "Pass %s\n", password); - if (! - (gNid = - SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, + &verifier, N, g))) { BIO_printf(bio, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) gNid = NULL; OPENSSL_free(verifier); } + OPENSSL_cleanse(password, len); } return gNid; } @@ -239,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier, char **srp_usersalt, char *g, char *N, char *passout, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *gNid = NULL; char *salt = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passout; - if (password_callback(password, 1024, 1, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); - if (! - (gNid = - SRP_create_verifier(user, password, &salt, srp_verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &salt, + srp_verifier, N, g))) { BIO_printf(bio, "Internal error creating SRP verifier\n"); - } else + } else { *srp_usersalt = salt; + } + OPENSSL_cleanse(password, len); VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier); @@ -316,9 +321,9 @@ int MAIN(int argc, char **argv) argc--; argv++; while (argc >= 1 && badops == 0) { - if (strcmp(*argv, "-verbose") == 0) + if (strcmp(*argv, "-verbose") == 0) { verbose++; - else if (strcmp(*argv, "-config") == 0) { + } else if (strcmp(*argv, "-config") == 0) { if (--argc < 1) goto bad; configfile = *(++argv); @@ -330,15 +335,15 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; dbfile = *(++argv); - } else if (strcmp(*argv, "-add") == 0) + } else if (strcmp(*argv, "-add") == 0) { add_user = 1; - else if (strcmp(*argv, "-delete") == 0) + } else if (strcmp(*argv, "-delete") == 0) { delete_user = 1; - else if (strcmp(*argv, "-modify") == 0) + } else if (strcmp(*argv, "-modify") == 0) { modify_user = 1; - else if (strcmp(*argv, "-list") == 0) + } else if (strcmp(*argv, "-list") == 0) { list_user = 1; - else if (strcmp(*argv, "-gn") == 0) { + } else if (strcmp(*argv, "-gn") == 0) { if (--argc < 1) goto bad; gN = *(++argv); @@ -368,8 +373,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; - } else + } else { break; + } argc--; argv++; @@ -390,7 +396,7 @@ int MAIN(int argc, char **argv) "Need at least one user for options -add, -delete, -modify. \n"); badops = 1; } - if ((passin || passout) && argc != 1) { + if ((passargin || passargout) && argc != 1) { BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n"); badops = 1; @@ -708,9 +714,9 @@ int MAIN(int argc, char **argv) doupdatedb = 1; } } - if (--argc > 0) + if (--argc > 0) { user = *(argv++); - else { + } else { user = NULL; list_user = 0; } @@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) { STDERR->printflush(", $output written.\n") if $options{v}; } $curl->cleanup(); -WWW::Curl::Easy::global_cleanup(); diff --git a/appveyor.yml b/appveyor.yml index 8695359..8c38fea 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -50,11 +50,3 @@ build_script: test_script: - nmake /f ms\%MAK% test - -notifications: - - provider: Email - to: - - openssl-commits@openssl.org - on_build_success: false - on_build_failure: true - on_build_status_changed: true @@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "mips-sony-newsos4"; exit 0; ;; + # The following combinations are supported + # MINGW64* on x86_64 => mingw64 + # MINGW32* on x86_64 => mingw + # MINGW32* on i?86 => mingw + # + # MINGW64* on i?86 isn't expected to work... + MINGW64*:*:*:x86_64) + echo "${MACHINE}-whatever-mingw64"; exit 0; + ;; MINGW*) echo "${MACHINE}-whatever-mingw"; exit 0; ;; diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c index 07e63fb..4961254 100644 --- a/crypto/LPdir_win.c +++ b/crypto/LPdir_win.c @@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1; - - wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); + size_t amount; + + /* + * Size check + * The reasoning is that absolutely worst case, each byte in + * extdir will take up one TCHAR each, so the maximum size in + * bytes that we can tolerate is MAX_PATH TCHARs... not counting + * the ending NUL. + */ + if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + amount = len_0 * sizeof(TCHAR); + wdir = (TCHAR *)malloc(amount); if (wdir == NULL) { if (extdirbuf != NULL) { free(extdirbuf); diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index e825c14..05e4a01 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -133,7 +133,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index 8c84260..7a30e89 100644 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -1702,6 +1702,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index 72f44ec..588ade6 100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1299,6 +1299,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index 83343e2..70b3f96 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt: vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[5],@XMM[0] @ and input are preserved bl AES_decrypt - vld1.8 {@XMM[0]}, [$fp,:64] @ load result + vld1.8 {@XMM[0]}, [$fp] @ load result veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV vmov @XMM[15], @XMM[5] @ @XMM[5] holds input vst1.8 {@XMM[0]}, [$rounds] @ write output diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 330fe81..fb3140c 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c +tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index f906188..0c8bb14 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <limits.h> #include <stdio.h> #include "cryptlib.h" #include <openssl/asn1.h> @@ -114,10 +115,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); - p += len; - if (len > 0) + if (len > 0) { + memcpy(p, d, len); + p += len; p[-1] &= (0xff << bits); + } *pp = p; return (ret); } @@ -135,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, goto err; } + if (len > INT_MAX) { + i = ASN1_R_STRING_TOO_LONG; + goto err; + } + if ((a == NULL) || ((*a) == NULL)) { if ((ret = M_ASN1_BIT_STRING_new()) == NULL) return (NULL); diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 7cbc475..57a04f7 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, p = str; i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } @@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, if (!str) return (0); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index fa76dca..8511813 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 2d2303d..99ffe73 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = { {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index fcb2d56..0eeb79c 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *ret; + ASN1_GENERALIZEDTIME *ret = NULL; char *str; int newlen; @@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, if (!out || !*out) { if (!(ret = ASN1_GENERALIZEDTIME_new())) - return NULL; - if (out) - *out = ret; - } else + goto err; + } else { ret = *out; + } /* If already GeneralizedTime just copy across */ if (t->type == V_ASN1_GENERALIZEDTIME) { if (!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; + goto err; + goto done; } /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; + goto err; /* ASN1_STRING_set() allocated 'len + 1' bytes. */ newlen = t->length + 2 + 1; str = (char *)ret->data; @@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, BUF_strlcat(str, (char *)t->data, newlen); - return ret; + done: + if (out != NULL && *out == NULL) + *out = ret; + return ret; + + err: + if (out == NULL || *out != ret) + ASN1_GENERALIZEDTIME_free(ret); + return NULL; } + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_TIME t; diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 724a10b..0344482 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; diff --git a/crypto/asn1/asn1_int.h b/crypto/asn1/asn1_int.h new file mode 100644 index 0000000..c9fd8b1 --- /dev/null +++ b/crypto/asn1/asn1_int.h @@ -0,0 +1,63 @@ +/* asn1t.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Internal ASN1 template structures and functions: not for application use */ + +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index 94cd54d..527f1d8 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 2bdc78d..e6ed7f1 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index d254027..d49a5d5 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -673,6 +673,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item)); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index aeea4ef..0cf7510 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -61,9 +61,7 @@ #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/objects.h> - -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine); +#include "asn1_int.h" /* Free up an ASN1 structure */ @@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) asn1_item_combine_free(pval, it, 0); } -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine) +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index b0c73be..6ba9026 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -63,6 +63,7 @@ #include <openssl/err.h> #include <openssl/asn1t.h> #include <string.h> +#include "asn1_int.h" static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); @@ -158,7 +159,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -186,10 +187,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!ASN1_template_new(pseqval, tt)) - goto memerr; + goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; } #ifdef CRYPTO_MDEBUG @@ -198,6 +199,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, #endif return 1; + memerr2: + asn1_item_combine_free(pval, it, combine); memerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG @@ -206,9 +209,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, #endif return 0; + auxerr2: + asn1_item_combine_free(pval, it, combine); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); - ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 3aed44a..aecb950 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, * set. */ if (ltmp < 0) - utmp = -ltmp - 1; + utmp = 0 - (unsigned long)ltmp - 1; else utmp = ltmp; clen = BN_num_bits_word(utmp); @@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; + int neg = -1, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; + + if (len) { + /* + * Check possible pad byte. Worst case, we're skipping past actual + * content, but since that's only with 0x00 and 0xff and we set neg + * accordingly, the result will be correct in the end anyway. + */ + switch (cont[0]) { + case 0xff: + cont++; + len--; + neg = 1; + break; + case 0: + cont++; + len--; + neg = 0; + break; + } + } if (len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - neg = 1; - else - neg = 0; + if (neg == -1) { + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + } utmp = 0; for (i = 0; i < len; i++) { utmp <<= 8; @@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } ltmp = (long)utmp; if (neg) { - ltmp++; ltmp = -ltmp; + ltmp--; } if (ltmp == it->size) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 26378fd..aea0c27 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) *pval = NULL; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, @@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, entry->set = i; if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; + sk_X509_NAME_ENTRY_set(entries, j, NULL); } - sk_X509_NAME_ENTRY_free(entries); } - sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ret = x509_name_canon(nm.x); if (!ret) goto err; + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); nm.x->modified = 0; *val = nm.a; *in = p; @@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, err: if (nm.x != NULL) X509_NAME_free(nm.x); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_pop_free); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, return ret; } -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_free(ne); -} - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -} - static int x509_name_encode(X509_NAME *a) { union { @@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto memerr; + } set = entry->set; } if (!sk_X509_NAME_ENTRY_push(entries, entry)) @@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto err; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto err; + } set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); @@ -516,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } IMPLEMENT_STACK_OF(X509_NAME_ENTRY) diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 2da23e4..59f8553 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = NULL; ASN1_CTX c; - M_ASN1_New_Malloc(ret, X509_PKEY); + ret = OPENSSL_malloc(sizeof(X509_PKEY)); + if (ret == NULL) { + c.line = __LINE__; + goto err; + } ret->version = 0; - M_ASN1_New(ret->enc_algor, X509_ALGOR_new); - M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); + ret->enc_algor = X509_ALGOR_new(); + ret->enc_pkey = M_ASN1_OCTET_STRING_new(); ret->dec_pkey = NULL; ret->key_length = 0; ret->key_data = NULL; @@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void) ret->cipher.cipher = NULL; memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ret->references = 1; - return (ret); - M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); + if (ret->enc_algor == NULL || ret->enc_pkey == NULL) { + c.line = __LINE__; + goto err; + } + return ret; +err: + X509_PKEY_free(ret); + ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line); + return NULL; } void X509_PKEY_free(X509_PKEY *x) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 987fe06..eb3ab75 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -502,7 +502,7 @@ fmtint(char **sbuffer, if (!(flags & DP_F_UNSIGNED)) { if (value < 0) { signvalue = '-'; - uvalue = -value; + uvalue = -(unsigned LLONG)value; } else if (flags & DP_F_PLUS) signvalue = '+'; else if (flags & DP_F_SPACE) diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index d3e8606..f96294b 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -78,6 +78,9 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + /* Ignore errors and continue printing the other information. */ + if (len < 0) + len = 0; p = buf + len; p_maxlen = sizeof(buf) - len; diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a6e3b3a..0cf67e5 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -251,7 +251,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) ret = fread(out, 1, (int)outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : - ferror((FILE *)b->ptr)) { + ferror((FILE *)b->ptr)) { SYSerr(SYS_F_FREAD, get_last_sys_error()); BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ret = -1; @@ -287,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) FILE *fp = (FILE *)b->ptr; FILE **fpp; char p[4]; + int st; switch (cmd) { case BIO_C_FILE_SEEK: @@ -318,8 +319,11 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) # define _IOB_ENTRIES 20 # endif -# if defined(_IOB_ENTRIES) /* Safety net to catch purely internal BIO_set_fp calls */ +# if defined(_MSC_VER) && _MSC_VER>=1900 + if (ptr == stdin || ptr == stdout || ptr == stderr) + BIO_clear_flags(b, BIO_FLAGS_UPLINK); +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK); @@ -424,10 +428,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num; break; case BIO_CTRL_FLUSH: - if (b->flags & BIO_FLAGS_UPLINK) - UP_fflush(b->ptr); - else - fflush((FILE *)b->ptr); + st = b->flags & BIO_FLAGS_UPLINK + ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); + if (st == EOF) { + SYSerr(SYS_F_FFLUSH, get_last_sys_error()); + ERR_add_error_data(1, "fflush()"); + BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); + ret = 0; + } break; case BIO_CTRL_DUP: ret = 1; diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index c4c6409..20e8ef0 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -187,7 +187,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index b8fb1e8..d866287 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -290,7 +290,7 @@ ___ ######## .Lbn_sqr_mont gives up to 20% *overall* improvement over ######## code without following dedicated squaring procedure. ######## -$sbit="%i2"; # re-use $bp! +$sbit="%o5"; $code.=<<___; .align 32 @@ -403,7 +403,7 @@ $code.=<<___; mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 add $acc0,$car0,$car0 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit ld [$ap+$j],$apj ! ap[j] and $car0,$mask,$acc0 ld [$np+$j],$npj ! np[j] @@ -412,7 +412,7 @@ $code.=<<___; ld [$tp+8],$tpj ! tp[j] add $acc0,$acc0,$acc0 add $j,4,$j ! j++ - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 cmp $j,$num @@ -426,12 +426,12 @@ $code.=<<___; mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 add $acc0,$car0,$car0 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit and $car0,$mask,$acc0 srlx $car0,32,$car0 add $acc1,$car1,$car1 add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 add $acc0,$car1,$car1 @@ -439,7 +439,7 @@ $code.=<<___; srlx $car1,32,$car1 add $car0,$car0,$car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] @@ -499,7 +499,7 @@ $code.=<<___; .Lsqr_inner2: mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit add $acc0,$car0,$car0 ld [$ap+$j],$apj ! ap[j] and $car0,$mask,$acc0 @@ -507,7 +507,7 @@ $code.=<<___; srlx $car0,32,$car0 add $acc0,$acc0,$acc0 ld [$tp+8],$tpj ! tp[j] - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 add $j,4,$j ! j++ srlx $acc0,32,$sbit and $acc0,$mask,$acc0 @@ -522,12 +522,12 @@ $code.=<<___; .Lsqr_no_inner2: mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit add $acc0,$car0,$car0 and $car0,$mask,$acc0 srlx $car0,32,$car0 add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 add $acc0,$car1,$car1 @@ -536,7 +536,7 @@ $code.=<<___; srlx $car1,32,$car1 add $car0,$car0,$car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] @@ -581,14 +581,17 @@ $code.=<<___; !.Lsqr_last mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$acc0,$acc0 + srlx $acc0,32,$tmp0 + and $acc0,$mask,$acc0 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 add $acc1,$car1,$car1 st $car1,[$tp] srlx $car1,32,$car1 add $car0,$car0,$car0 ! recover $car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 3bb0cdf..42178e4 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3090,11 +3090,19 @@ $code.=<<___; .align 32 .Lsqrx8x_break: - sub 16+8(%rsp),%r8 # consume last carry + xor $zero,$zero + sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf + adcx $zero,%r8 mov 24+8(%rsp),$carry # initial $tptr, borrow $carry + adcx $zero,%r9 mov 0*8($aptr),%rdx # a[8], modulo-scheduled - xor %ebp,%ebp # xor $zero,$zero + adc \$0,%r10 mov %r8,0*8($tptr) + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 cmp $carry,$tptr # cf=0, of=0 je .Lsqrx8x_outer_loop diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 195a786..35facd2 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int i, bits, ret = 0; BIGNUM *v, *rr; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { + && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); } else @@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont = NULL; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); } @@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 10b78f5..f9c65f9 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif + if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0) + BN_set_flags(a, BN_FLG_CONSTTIME); + a->top = b->top; a->neg = b->neg; bn_check_top(a); diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index be95bd5..3af9db8 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) tmod.dmax = 2; tmod.neg = 0; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&tmod, BN_FLG_CONSTTIME); + mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 3c618dc..6b455a7 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) rr->top = top; goto end; } -# if 0 - if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn, al) == NULL) - goto err; - tmp_bn->d[bl] = 0; - bl++; - i--; - } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn, bl) == NULL) - goto err; - tmp_bn->d[al] = 0; - al++; - i++; - } - if (i == 0) { - /* symmetric and > 4 */ - /* 16 or larger */ - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - t = BN_CTX_get(ctx); - if (al == j) { /* exact multiple */ - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, al, t->d); - } else { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); - } - rr->top = top; - goto end; - } -# endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 8177fd2..e911e15 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -252,7 +252,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_CTX *ctx = NULL; BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; - const BIGNUM *A = NULL; if (BN_cmp(a, BN_value_one()) <= 0) return 0; @@ -278,25 +277,14 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; BN_CTX_start(ctx); - /* A := abs(a) */ - if (a->neg) { - BIGNUM *t; - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - if (BN_copy(t, a) == NULL) - goto err; - t->neg = 0; - A = t; - } else - A = a; A1 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) goto err; - /* compute A1 := A - 1 */ - if (!BN_copy(A1, A)) + /* compute A1 := a - 1 */ + if (!BN_copy(A1, a)) goto err; if (!BN_sub_word(A1, 1)) goto err; @@ -312,11 +300,11 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (!BN_rshift(A1_odd, A1, k)) goto err; - /* Montgomery setup for computations mod A */ + /* Montgomery setup for computations mod a */ mont = BN_MONT_CTX_new(); if (mont == NULL) goto err; - if (!BN_MONT_CTX_set(mont, A, ctx)) + if (!BN_MONT_CTX_set(mont, a, ctx)) goto err; for (i = 0; i < checks; i++) { @@ -324,9 +312,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; if (!BN_add_word(check, 1)) goto err; - /* now 1 <= check < A */ + /* now 1 <= check < a */ - j = witness(check, A, A1, A1_odd, k, ctx, mont); + j = witness(check, a, A1, A1_odd, k, ctx, mont); if (j == -1) goto err; if (j) { diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 5cf0de1..489af8b 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -64,263 +64,263 @@ typedef unsigned short prime_t; typedef unsigned char prime_t; #endif static const prime_t primes[NUMPRIMES] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, #ifndef EIGHT_BIT - 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, + 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, #endif }; diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index 3fafb6f..6bede65 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -26,7 +26,7 @@ loop: while ($#primes < $num-1) # * the code are not to be removed. # * See the COPYRIGHT file in the SSLeay distribution for more details. # */ -# +# # EOF print <<\EOF; @@ -37,21 +37,21 @@ print <<\EOF; * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -66,10 +66,10 @@ print <<\EOF; * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -81,7 +81,7 @@ print <<\EOF; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -100,20 +100,20 @@ for ($i=0; $i <= $#primes; $i++) } printf "#ifndef EIGHT_BIT\n"; -printf "#define NUMPRIMES %d\n",$num; +printf "# define NUMPRIMES %d\n",$num; printf "typedef unsigned short prime_t;\n"; printf "#else\n"; -printf "#define NUMPRIMES %d\n",$eight; +printf "# define NUMPRIMES %d\n",$eight; printf "typedef unsigned char prime_t;\n"; printf "#endif\n"; -print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t"; +print "static const prime_t primes[NUMPRIMES] = {"; $init=0; for ($i=0; $i <= $#primes; $i++) { - printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++); - printf("\n\t") if (($i%8) == 0) && ($i != 0); - printf("%4d,",$primes[$i]); + printf "\n#ifndef EIGHT_BIT\n " if ($primes[$i] > 256) && !($init++); + printf("\n ") if ($i%8) == 0; + printf(" %5d,",$primes[$i]); } -print "\n#endif\n\t};\n"; +print "\n#endif\n};\n"; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index f121fb6..f85a655 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -82,8 +82,6 @@ char *BN_bn2hex(const BIGNUM *a) p = buf; if (a->neg) *(p++) = '-'; - if (BN_is_zero(a)) - *(p++) = '0'; for (i = a->top - 1; i >= 0; i--) { for (j = BN_BITS2 - 8; j >= 0; j -= 8) { /* strip leading zeros */ diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index efa48bd..f444af3 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) BN_CTX_start(ctx); t = BN_CTX_get(ctx); + if (t == NULL) + goto err; for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) @@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, int ret = 0; BN_CTX_start(ctx); - if (!Xp1) + if (Xp1 == NULL) Xp1 = BN_CTX_get(ctx); - if (!Xp2) + if (Xp2 == NULL) Xp2 = BN_CTX_get(ctx); + if (Xp1 == NULL || Xp2 == NULL) + goto error; if (!BN_rand(Xp1, 101, 0, 0)) goto error; diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c index e9aabbd..4191961 100644 --- a/crypto/comp/c_rle.c +++ b/crypto/comp/c_rle.c @@ -31,12 +31,11 @@ static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { - /* int i; */ + if (ilen == 0) + return 0; - if (ilen == 0 || olen < (ilen - 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } + if (olen <= ilen) + return -1; *(out++) = 0; memcpy(out, in, ilen); @@ -49,14 +48,16 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen - 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } + if (ilen == 0) + return 0; + + if (olen < (ilen - 1)) + return -1; i = *(in++); - if (i == 0) { - memcpy(out, in, ilen - 1); - } + if (i != 0) + return -1; + + memcpy(out, in, ilen - 1); return (ilen - 1); } diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 8d926d5..fe49113 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -259,6 +259,7 @@ void ERR_load_CONF_strings(void); # define CONF_R_NO_VALUE 108 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 # define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 68c77ce..75e309a 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -69,6 +69,12 @@ #include <openssl/buffer.h> #include <openssl/err.h> +/* + * The maximum length we can grow a value to after variable expansion. 64k + * should be more than enough for all reasonable uses. + */ +#define MAX_CONF_VALUE_LENGTH 65536 + static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); @@ -530,6 +536,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } else if (IS_EOF(conf, *from)) break; else if (*from == '$') { + size_t newsize; + /* try to expand it */ rrp = NULL; s = &(from[1]); @@ -584,8 +592,12 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - if (!BUF_MEM_grow_clean(buf, - (strlen(p) + buf->length - (e - from)))) { + newsize = strlen(p) + buf->length - (e - from); + if (newsize > MAX_CONF_VALUE_LENGTH) { + CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG); + goto err; + } + if (!BUF_MEM_grow_clean(buf, newsize)) { CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index bb5e2fe..b0b6896 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -115,6 +115,8 @@ static ERR_STRING_DATA CONF_str_reasons[] = { {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, + {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG), + "variable expansion too long"}, {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, {0, NULL} }; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 1925428..5fab45b 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) } } +#ifdef OPENSSL_FIPS +extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *)); +#endif + int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) { if (threadid_callback) return 0; threadid_callback = func; +#ifdef OPENSSL_FIPS + FIPS_crypto_threadid_set_callback(func); +#endif return 1; } diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 8b5166c..89156ba 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -107,7 +107,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 8fd8fe1..d9c5e7f 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -120,7 +120,7 @@ int DES_check_key_parity(const_DES_cblock *key) } /*- - * Weak and semi week keys as take from + * Weak and semi weak keys as taken from * %A D.W. Davies * %A W.L. Price * %T Security for Computer Networks diff --git a/crypto/des/t/test b/crypto/des/t/test new file mode 100644 index 0000000..97acd05 --- /dev/null +++ b/crypto/des/t/test @@ -0,0 +1,27 @@ +#!./perl + +BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); } + +use DES; + +$key='00000000'; +$ks=DES::set_key($key); +@a=split(//,$ks); +foreach (@a) { printf "%02x-",ord($_); } +print "\n"; + + +$key=DES::random_key(); +print "($_)\n"; +@a=split(//,$key); +foreach (@a) { printf "%02x-",ord($_); } +print "\n"; +$str="this is and again into the breach"; +($k1,$k2)=DES::string_to_2keys($str); +@a=split(//,$k1); +foreach (@a) { printf "%02x-",ord($_); } +print "\n"; +@a=split(//,$k2); +foreach (@a) { printf "%02x-",ord($_); } +print "\n"; + diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index 46fa5ac..cc366ec 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index a5bd901..80b28fb 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -182,12 +182,29 @@ struct dh_st { */ # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) DH *DHparams_dup(DH *); @@ -240,11 +257,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a882cb2..8947a08 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,6 +51,9 @@ * ==================================================================== */ +#include <e_os.h> + +#ifndef OPENSSL_NO_CMS #include <string.h> #include <openssl/dh.h> #include <openssl/evp.h> @@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index b58e3fa..6452482 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } return ret; } +#endif return 1; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c4fa105..aac2530 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 1fce0f8..21af2e1 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, } else { p = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if (q == NULL) + goto err; } if (!BN_lshift(test, BN_value_one(), L - 1)) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 58013a4..aa10dd1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, { BN_CTX *ctx; BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; + BIGNUM l, m; int ret = 0; + int q_bits; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BN_init(&k); BN_init(&kq); + BN_init(&l); + BN_init(&m); if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) @@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, if ((r = BN_new()) == NULL) goto err; + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + if (!BN_set_bit(&k, q_bits) + || !BN_set_bit(&l, q_bits) + || !BN_set_bit(&m, q_bits)) + goto err; + /* Get random k */ do if (!BN_rand_range(&k, dsa->q)) @@ -263,24 +274,23 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, /* Compute r = (g^k mod p) mod q */ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { - if (!BN_copy(&kq, &k)) - goto err; - - BN_set_flags(&kq, BN_FLG_CONSTTIME); - /* * We do not want timing information to leak the length of k, so we - * compute g^k using an equivalent exponent of fixed length. (This - * is a kludge that we need because the BN_mod_exp_mont() does not - * let us specify the desired timing behaviour.) + * compute G^k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ - - if (!BN_add(&kq, &kq, dsa->q)) + if (!BN_add(&l, &k, dsa->q) + || !BN_add(&m, &l, dsa->q) + || !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m)) goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { - if (!BN_add(&kq, &kq, dsa->q)) - goto err; - } + + BN_set_flags(&kq, BN_FLG_CONSTTIME); K = &kq; } else { @@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BN_CTX_free(ctx); BN_clear_free(&k); BN_clear_free(&kq); - return (ret); + BN_clear_free(&l); + BN_clear_free(&m); + return ret; } static int dsa_do_verify(const unsigned char *dgst, int dgst_len, diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 7948bf7..35d2b6d 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1178,19 +1178,18 @@ __ecp_nistz256_sqr_montx: adox $t1, $acc5 .byte 0x67,0x67 mulx %rdx, $t0, $t4 - mov $acc0, %rdx + mov .Lpoly+8*3(%rip), %rdx adox $t0, $acc6 shlx $a_ptr, $acc0, $t0 adox $t4, $acc7 shrx $a_ptr, $acc0, $t4 - mov .Lpoly+8*3(%rip), $t1 + mov %rdx,$t1 # reduction step 1 add $t0, $acc1 adc $t4, $acc2 - mulx $t1, $t0, $acc0 - mov $acc1, %rdx + mulx $acc0, $t0, $acc0 adc $t0, $acc3 shlx $a_ptr, $acc1, $t0 adc \$0, $acc0 @@ -1200,8 +1199,7 @@ __ecp_nistz256_sqr_montx: add $t0, $acc2 adc $t4, $acc3 - mulx $t1, $t0, $acc1 - mov $acc2, %rdx + mulx $acc1, $t0, $acc1 adc $t0, $acc0 shlx $a_ptr, $acc2, $t0 adc \$0, $acc1 @@ -1211,8 +1209,7 @@ __ecp_nistz256_sqr_montx: add $t0, $acc3 adc $t4, $acc0 - mulx $t1, $t0, $acc2 - mov $acc3, %rdx + mulx $acc2, $t0, $acc2 adc $t0, $acc1 shlx $a_ptr, $acc3, $t0 adc \$0, $acc2 @@ -1222,12 +1219,12 @@ __ecp_nistz256_sqr_montx: add $t0, $acc0 adc $t4, $acc1 - mulx $t1, $t0, $acc3 + mulx $acc3, $t0, $acc3 adc $t0, $acc2 adc \$0, $acc3 - xor $t3, $t3 # cf=0 - adc $acc0, $acc4 # accumulate upper half + xor $t3, $t3 + add $acc0, $acc4 # accumulate upper half mov .Lpoly+8*1(%rip), $a_ptr adc $acc1, $acc5 mov $acc4, $acc0 @@ -1236,8 +1233,7 @@ __ecp_nistz256_sqr_montx: mov $acc5, $acc1 adc \$0, $t3 - xor %eax, %eax # cf=0 - sbb \$-1, $acc4 # .Lpoly[0] + sub \$-1, $acc4 # .Lpoly[0] mov $acc6, $acc2 sbb $a_ptr, $acc5 # .Lpoly[1] sbb \$0, $acc6 # .Lpoly[2] diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index d089af7..2c41c6e 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -342,8 +342,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { + OPENSSL_free(ep); return 0; + } return 1; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 33abf61..b0cd3e1 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -62,17 +62,22 @@ #include <openssl/asn1t.h> #include <openssl/objects.h> +#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) + int EC_GROUP_get_basis_type(const EC_GROUP *group) { - int i = 0; + int i; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != NID_X9_62_characteristic_two_field) /* everything else is currently not supported */ return 0; - while (group->poly[i] != 0) - i++; + /* Find the last non-zero element of group->poly[] */ + for (i = 0; + i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; + i++) + continue; if (i == 4) return NID_X9_62_ppBasis; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 23b8c30..24ca67a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -68,10 +68,14 @@ #include "ec_lcl.h" /* - * This file implements the wNAF-based interleaving multi-exponentation method - * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); - * for multiplication with precomputation, we use wNAF splitting - * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). + * This file implements the wNAF-based interleaving multi-exponentiation method + * Formerly at: + * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp + * You might now find it here: + * http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13 + * http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf + * For multiplication with precomputation, we use wNAF splitting, formerly at: + * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp */ /* structure for precomputed multiples of the generator */ diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index df9b37a..176ec1f 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -342,7 +342,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, size_t len, int off) { size_t i; - char str[128]; + char str[128 + 1 + 4]; if (buf == NULL) return 1; diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index b2de7fa..43c4330 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, BN_CTX_free(new_ctx); if (mont != NULL) BN_MONT_CTX_free(mont); + if (one != NULL) + BN_free(one); return ret; } diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index d81cc9c..fcd754e 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -716,7 +716,7 @@ static limb felem_is_zero(const felem in) return (zero | two224m96p1 | two225m97p2); } -static limb felem_is_zero_int(const felem in) +static int felem_is_zero_int(const void *in) { return (int)(felem_is_zero(in) & ((limb) 1)); } @@ -1391,7 +1391,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3], sizeof(felem), tmp_felems, (void (*)(void *))felem_one, - (int (*)(const void *)) felem_is_zero_int, (void (*)(void *, const void *)) felem_assign, diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 78d191a..1272966 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -977,7 +977,7 @@ static limb smallfelem_is_zero(const smallfelem small) return result; } -static int smallfelem_is_zero_int(const smallfelem small) +static int smallfelem_is_zero_int(const void *small) { return (int)(smallfelem_is_zero(small) & ((limb) 1)); } @@ -1979,7 +1979,6 @@ static void make_points_affine(size_t num, smallfelem points[][3], sizeof(smallfelem), tmp_smallfelems, (void (*)(void *))smallfelem_one, - (int (*)(const void *)) smallfelem_is_zero_int, (void (*)(void *, const void *)) smallfelem_assign, diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index c53a61b..a1dc994 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -871,7 +871,7 @@ static limb felem_is_zero(const felem in) return is_zero; } -static int felem_is_zero_int(const felem in) +static int felem_is_zero_int(const void *in) { return (int)(felem_is_zero(in) & ((limb) 1)); } @@ -1787,7 +1787,6 @@ static void make_points_affine(size_t num, felem points[][3], sizeof(felem), tmp_felems, (void (*)(void *))felem_one, - (int (*)(const void *)) felem_is_zero_int, (void (*)(void *, const void *)) felem_assign, diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index cbc21d1..9cc2258 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key) */ ecdh_data_free(ecdh_data); ecdh_data = (ECDH_DATA *)data; + } else if (EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, + ecdh_data_free) != ecdh_data) { + /* Or an out of memory error in EC_KEY_insert_key_method_data. */ + ecdh_data_free(ecdh_data); + return NULL; } - } else + } else { ecdh_data = (ECDH_DATA *)data; + } #ifdef OPENSSL_FIPS if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 8dc1dda..f1dd472 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) */ ecdsa_data_free(ecdsa_data); ecdsa_data = (ECDSA_DATA *)data; + } else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, + ecdsa_data_free) != ecdsa_data) { + /* Or an out of memory error in EC_KEY_insert_key_method_data. */ + ecdsa_data_free(ecdsa_data); + return NULL; } - } else + } else { ecdsa_data = (ECDSA_DATA *)data; + } #ifdef OPENSSL_FIPS if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD) && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index dd76960..16d4f59 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, EC_POINT *tmp_point = NULL; const EC_GROUP *group; int ret = 0; + int order_bits; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); @@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; } + /* Preallocate space */ + order_bits = BN_num_bits(order); + if (!BN_set_bit(k, order_bits) + || !BN_set_bit(r, order_bits) + || !BN_set_bit(X, order_bits)) + goto err; + do { /* get random k */ do @@ -139,13 +147,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, /* * We do not want timing information to leak the length of k, so we * compute G*k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the order. This guarantees the code + * path used in the constant time implementations elsewhere. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ - - if (!BN_add(k, k, order)) + if (!BN_add(r, k, order) + || !BN_add(X, r, order) + || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) - goto err; /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 2a2b95c..af59471 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -810,14 +810,15 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { /* if application doesn't support one buffer */ - state->mac_data = + char *mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); - if (!state->mac_data) { + if (mac_data == NULL) { printf("cryptodev_digest_update: realloc failed\n"); return (0); } + state->mac_data = mac_data; memcpy(state->mac_data + state->mac_len, data, count); state->mac_len += count; diff --git a/crypto/err/err.c b/crypto/err/err.c index 52dc9a5..cfe0e80 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -172,6 +172,7 @@ static ERR_STRING_DATA ERR_str_functs[] = { # endif {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, + {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"}, {0, NULL}, }; @@ -724,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line) } #endif es = ERR_get_state(); + if (es == NULL) + return; es->top = (es->top + 1) % ERR_NUM_ERRORS; if (es->top == es->bottom) @@ -741,6 +744,8 @@ void ERR_clear_error(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return; for (i = 0; i < ERR_NUM_ERRORS; i++) { err_clear(es, i); @@ -805,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file, unsigned long ret; es = ERR_get_state(); + if (es == NULL) + return 0; if (inc && top) { if (file) @@ -1015,7 +1022,6 @@ void ERR_remove_state(unsigned long pid) ERR_STATE *ERR_get_state(void) { - static ERR_STATE fallback; ERR_STATE *ret, tmp, *tmpp = NULL; int i; CRYPTO_THREADID tid; @@ -1029,7 +1035,7 @@ ERR_STATE *ERR_get_state(void) if (ret == NULL) { ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); if (ret == NULL) - return (&fallback); + return NULL; CRYPTO_THREADID_cpy(&ret->tid, &tid); ret->top = 0; ret->bottom = 0; @@ -1041,7 +1047,7 @@ ERR_STATE *ERR_get_state(void) /* To check if insertion failed, do a get. */ if (ERRFN(thread_get_item) (ret) != ret) { ERR_STATE_free(ret); /* could not insert it */ - return (&fallback); + return NULL; } /* * If a race occured in this function and we came second, tmpp is the @@ -1065,10 +1071,10 @@ void ERR_set_error_data(char *data, int flags) int i; es = ERR_get_state(); + if (es == NULL) + return; i = es->top; - if (i == 0) - i = ERR_NUM_ERRORS - 1; err_clear_data(es, i); es->err_data[i] = data; @@ -1120,6 +1126,8 @@ int ERR_set_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; if (es->bottom == es->top) return 0; @@ -1132,6 +1140,8 @@ int ERR_pop_to_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; while (es->bottom != es->top && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { diff --git a/crypto/err/err.h b/crypto/err/err.h index 585aa8b..f423656 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -258,6 +258,7 @@ typedef struct err_state_st { # define SYS_F_WSASTARTUP 9/* Winsock stuff */ # define SYS_F_OPENDIR 10 # define SYS_F_FREAD 11 +# define SYS_F_FFLUSH 18 /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 7c62d32..b45b364 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1120,6 +1120,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = c->cipher_data; + if (gctx == NULL) + return 0; OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); if (gctx->iv != c->iv) OPENSSL_free(gctx->iv); @@ -1235,10 +1237,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!c->encrypt) + if (!c->encrypt) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; len -= EVP_GCM_TLS_TAG_LEN; + } c->buf[arg - 2] = len >> 8; c->buf[arg - 1] = len & 0xff; } diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 6dfd590..b25fc6d 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; @@ -859,6 +864,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 46c9d03..9a8a2ad 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, * to identify it and avoid stitch invocation. So that after we * establish that current CPU supports AVX, we even see if it's * either even XOP-capable Bulldozer-based or GenuineIntel one. + * But SHAEXT-capable go ahead... */ - if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ + if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ + ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); @@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; @@ -825,15 +832,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; + len = p[arg - 2] << 8 | p[arg - 1]; + if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 0e910d6..ab8126e 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -212,6 +212,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t n; unsigned char c[1], d[1]; + if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + inl *= 8; for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index d258ef8..cf1de15 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_add_alg_module(void); /* BEGIN ERROR CODES */ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0e40f09..be577ba 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -182,6 +182,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->ctx_size) { ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -193,6 +194,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } @@ -654,6 +656,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); if (!out->cipher_data) { + out->cipher = NULL; EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); return 0; } @@ -661,6 +664,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { + out->cipher = NULL; + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR); + return 0; + } return 1; } diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 5be9e33..cdffe1c 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { - int ret; + int ret = -1; char buff[BUFSIZ]; UI *ui; @@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, prompt = prompt_string; ui = UI_new(); if (ui == NULL) - return -1; - UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len); - if (verify) - UI_add_verify_string(ui, prompt, 0, - buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, - buf); + return ret; + if (UI_add_input_string(ui, prompt, 0, buf, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 + || (verify + && UI_add_verify_string(ui, prompt, 0, buff, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len, + buf) < 0)) + goto end; ret = UI_process(ui); - UI_free(ui); OPENSSL_cleanse(buff, BUFSIZ); + end: + UI_free(ui); return ret; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index d066862..e50826b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -188,6 +188,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) if (pmeth->init) { if (pmeth->init(ret) <= 0) { + ret->pmeth = NULL; EVP_PKEY_CTX_free(ret); return NULL; } @@ -315,6 +316,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; + rctx->pmeth = NULL; EVP_PKEY_CTX_free(rctx); return NULL; @@ -587,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } + +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)) +{ + *pinit = pmeth->init; +} + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)) +{ + *pcopy = pmeth->copy; +} + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)) +{ + *pcleanup = pmeth->cleanup; +} + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pparamgen_init) + *pparamgen_init = pmeth->paramgen_init; + if (pparamgen) + *pparamgen = pmeth->paramgen; +} + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pkeygen_init) + *pkeygen_init = pmeth->keygen_init; + if (pkeygen) + *pkeygen = pmeth->keygen; +} + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (psign_init) + *psign_init = pmeth->sign_init; + if (psign) + *psign = pmeth->sign; +} + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (pverify_init) + *pverify_init = pmeth->verify_init; + if (pverify) + *pverify = pmeth->verify; +} + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)) +{ + if (pverify_recover_init) + *pverify_recover_init = pmeth->verify_recover_init; + if (pverify_recover) + *pverify_recover = pmeth->verify_recover; +} + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)) +{ + if (psignctx_init) + *psignctx_init = pmeth->signctx_init; + if (psignctx) + *psignctx = pmeth->signctx; +} + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)) +{ + if (pverifyctx_init) + *pverifyctx_init = pmeth->verifyctx_init; + if (pverifyctx) + *pverifyctx = pmeth->verifyctx; +} + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pencrypt_init) + *pencrypt_init = pmeth->encrypt_init; + if (pencryptfn) + *pencryptfn = pmeth->encrypt; +} + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pdecrypt_init) + *pdecrypt_init = pmeth->decrypt_init; + if (pdecrypt) + *pdecrypt = pmeth->decrypt; +} + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)) +{ + if (pderive_init) + *pderive_init = pmeth->derive_init; + if (pderive) + *pderive = pmeth->derive; +} + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)) +{ + if (pctrl) + *pctrl = pmeth->ctrl; + if (pctrl_str) + *pctrl_str = pmeth->ctrl_str; +} diff --git a/crypto/ex_data.c b/crypto/ex_data.c index f96a517..723b21b 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -331,7 +331,11 @@ static EX_CLASS_ITEM *def_get_class(int class_index) * from the insert will be NULL */ (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); - p = gen; + p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); + if (p != gen) { + sk_CRYPTO_EX_DATA_FUNCS_free(gen->meth); + OPENSSL_free(gen); + } } } } @@ -455,7 +459,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from) { int mx, j, i; - char *ptr; + void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; EX_CLASS_ITEM *item; if (!from->sk) @@ -469,6 +473,15 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, if (j < mx) mx = j; if (mx > 0) { + /* + * Make sure the ex_data stack is at least |mx| elements long to avoid + * issues in the for loop that follows; so go get the |mx|'th element + * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign + * to itself. This is normally a no-op; but ensures the stack is the + * proper size + */ + if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1))) + goto skip; storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); if (!storage) goto skip; @@ -499,11 +512,12 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) int mx, i; EX_CLASS_ITEM *item; void *ptr; + CRYPTO_EX_DATA_FUNCS *f; CRYPTO_EX_DATA_FUNCS **storage = NULL; if (ex_data == NULL) - return; + goto err; if ((item = def_get_class(class_index)) == NULL) - return; + goto err; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); if (mx > 0) { @@ -515,23 +529,23 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) } skip: CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if ((mx > 0) && !storage) { - CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); - return; - } for (i = 0; i < mx; i++) { - if (storage[i] && storage[i]->free_func) { + if (storage != NULL) + f = storage[i]; + else { + CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); + f = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); + } + if (f != NULL && f->free_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); - storage[i]->free_func(obj, ptr, ad, i, - storage[i]->argl, storage[i]->argp); + f->free_func(obj, ptr, ad, i, f->argl, f->argp); } } - if (storage) - OPENSSL_free(storage); - if (ad->sk) { - sk_void_free(ad->sk); - ad->sk = NULL; - } + OPENSSL_free(storage); + err: + sk_void_free(ad->sk); + ad->sk = NULL; } /********************************************************************/ diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 0ffff79..0a59a01 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -99,15 +99,18 @@ static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = src->data; dctx = dst->data; dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) - return 0; - if (sctx->ktmp.data) { + goto err; + if (sctx->ktmp.data != NULL) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, sctx->ktmp.data, sctx->ktmp.length)) - return 0; + goto err; } return 1; + err: + HMAC_CTX_cleanup(&dctx->ctx); + OPENSSL_free(dctx); + return 0; } static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index f20353a..f379887 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -101,6 +101,24 @@ #include <openssl/crypto.h> #include <openssl/lhash.h> +/* + * A hashing implementation that appears to be based on the linear hashing + * alogrithm: + * https://en.wikipedia.org/wiki/Linear_hashing + * + * Litwin, Witold (1980), "Linear hashing: A new tool for file and table + * addressing", Proc. 6th Conference on Very Large Databases: 212–223 + * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * + * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * database system, which in turn is used by many software systems such as + * OpenLDAP, using a C implementation derived from the CACM article and first + * published on the Usenet in 1988 by Esmond Pitt." + * + * The CACM paper is available here: + * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf + */ + const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; #undef MIN_NODES @@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ -static void expand(_LHASH *lh); +static int expand(_LHASH *lh); static void contract(_LHASH *lh); static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); @@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data) void *ret; lh->error = 0; - if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) - expand(lh); + if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes) + && !expand(lh)) + return NULL; rn = getrn(lh, data, &hash); @@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); } -static void expand(_LHASH *lh) +static int expand(_LHASH *lh) { LHASH_NODE **n, **n1, **n2, *np; - unsigned int p, i, j; - unsigned long hash, nni; + unsigned int p, pmax, nni, j; + unsigned long hash; + + nni = lh->num_alloc_nodes; + p = lh->p; + pmax = lh->pmax; + if (p + 1 >= pmax) { + j = nni * 2; + n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j)); + if (n == NULL) { + lh->error++; + return 0; + } + lh->b = n; + memset(n + nni, 0, sizeof(*n) * (j - nni)); + lh->pmax = nni; + lh->num_alloc_nodes = j; + lh->num_expand_reallocs++; + lh->p = 0; + } else { + lh->p++; + } lh->num_nodes++; lh->num_expands++; - p = (int)lh->p++; n1 = &(lh->b[p]); - n2 = &(lh->b[p + (int)lh->pmax]); - *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni = lh->num_alloc_nodes; + n2 = &(lh->b[p + pmax]); + *n2 = NULL; for (np = *n1; np != NULL;) { #ifndef OPENSSL_NO_HASH_COMP @@ -330,25 +367,7 @@ static void expand(_LHASH *lh) np = *n1; } - if ((lh->p) >= lh->pmax) { - j = (int)lh->num_alloc_nodes * 2; - n = (LHASH_NODE **)OPENSSL_realloc(lh->b, - (int)(sizeof(LHASH_NODE *) * j)); - if (n == NULL) { - lh->error++; - lh->num_nodes--; - lh->p = 0; - return; - } - /* else */ - for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ - n[i] = NULL; /* 02/03/92 eay */ - lh->pmax = lh->num_alloc_nodes; - lh->num_alloc_nodes = j; - lh->num_expand_reallocs++; - lh->p = 0; - lh->b = n; - } + return 1; } static void contract(_LHASH *lh) diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index f5240da..9942cb4 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -90,7 +90,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/mem.c b/crypto/mem.c index 06c3960..dd4c9ce 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -150,12 +150,12 @@ static long (*get_debug_options_func) (void) = NULL; int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), void (*f) (void *)) { - /* Dummy call just to ensure OPENSSL_init() gets linked in */ - OPENSSL_init(); if (!allow_customize) return 0; if ((m == 0) || (r == 0) || (f == 0)) return 0; + /* Dummy call just to ensure OPENSSL_init() gets linked in */ + OPENSSL_init(); malloc_func = m; malloc_ex_func = default_malloc_ex; realloc_func = r; diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index a7863d9..2528f4a 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -106,7 +106,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/o_dir.c b/crypto/o_dir.c index f9dbed8..fb3b2fd 100644 --- a/crypto/o_dir.c +++ b/crypto/o_dir.c @@ -73,7 +73,8 @@ #include "o_dir.h" #define LPDIR_H -#if defined OPENSSL_SYS_UNIX || defined DJGPP +#if defined OPENSSL_SYS_UNIX || defined DJGPP \ + || (defined __VMS_VER && __VMS_VER >= 70000000) # include "LPdir_unix.c" #elif defined OPENSSL_SYS_VMS # include "LPdir_vms.c" diff --git a/crypto/o_time.c b/crypto/o_time.c index b99e599..04d805d 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -106,11 +106,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) struct tm *ts = NULL; #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) - /* - * should return &data, but doesn't on some systems, so we don't even - * look at the return value - */ - gmtime_r(timer, result); + if (gmtime_r(timer, result) == NULL) + return NULL; ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index d4a257c..7a7d060 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto end; } } + } else if (certs != NULL) { + untrusted = certs; } else { untrusted = bs->certs; } diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h deleted file mode 100644 index f533508..0000000 --- a/crypto/opensslconf.h +++ /dev/null @@ -1,265 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -#ifdef __cplusplus -extern "C" { -#endif -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - - -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -#endif -#ifndef OPENSSL_NO_GMP -# define OPENSSL_NO_GMP -#endif -#ifndef OPENSSL_NO_JPAKE -# define OPENSSL_NO_JPAKE -#endif -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif -#ifndef OPENSSL_NO_LIBUNBOUND -# define OPENSSL_NO_LIBUNBOUND -#endif -#ifndef OPENSSL_NO_MD2 -# define OPENSSL_NO_MD2 -#endif -#ifndef OPENSSL_NO_RC5 -# define OPENSSL_NO_RC5 -#endif -#ifndef OPENSSL_NO_RFC3779 -# define OPENSSL_NO_RFC3779 -#endif -#ifndef OPENSSL_NO_SCTP -# define OPENSSL_NO_SCTP -#endif -#ifndef OPENSSL_NO_SSL_TRACE -# define OPENSSL_NO_SSL_TRACE -#endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif -#ifndef OPENSSL_NO_STORE -# define OPENSSL_NO_STORE -#endif -#ifndef OPENSSL_NO_UNIT_TEST -# define OPENSSL_NO_UNIT_TEST -#endif -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -# define OPENSSL_NO_WEAK_SSL_CIPHERS -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -# define OPENSSL_NO_DYNAMIC_ENGINE -#endif - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) -# define NO_EC_NISTP_64_GCC_128 -# endif -# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) -# define NO_GMP -# endif -# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) -# define NO_JPAKE -# endif -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) -# define NO_LIBUNBOUND -# endif -# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) -# define NO_MD2 -# endif -# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) -# define NO_RC5 -# endif -# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) -# define NO_RFC3779 -# endif -# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) -# define NO_SCTP -# endif -# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) -# define NO_SSL_TRACE -# endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif -# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) -# define NO_STORE -# endif -# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) -# define NO_UNIT_TEST -# endif -# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) -# define NO_WEAK_SSL_CIPHERS -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/ssl/lib/engines" -#define OPENSSLDIR "/usr/local/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD <unistd.h> - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#undef BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#undef RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#undef DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman <pgut001@cs.auckland.ac.nz> - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ -#ifdef __cplusplus -} -#endif diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 645dd07..c944d56 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020bfL +# define OPENSSL_VERSION_NUMBER 0x100020dfL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m 2 Nov 2017" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index c82b3c0..865976b 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) ((c >= '0') && (c <= '9')))) break; #else - if (!(isupper(c) || (c == '-') || isdigit(c))) + if (!(isupper((unsigned char)c) || (c == '-') + || isdigit((unsigned char)c))) break; #endif header++; diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 5747c73..daf210f 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) return NULL; ret = EVP_PKCS82PKEY(p8inf); diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 04d6319..e8b3a1b 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index b7ae40b..d19195e 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -206,8 +206,9 @@ my %globals; } sprintf "\$%s",$self->{value}; } else { - $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); - sprintf "%s",$self->{value}; + my $value = $self->{value}; + $value =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); + sprintf "%s",$value; } } } @@ -414,7 +415,7 @@ my %globals; } } } -{ package expr; # pick up expressioins +{ package expr; # pick up expressions sub re { my $self = shift; # single instance is enough... local *line = shift; @@ -977,7 +978,7 @@ close STDOUT; # the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, +# register and stack layout, but disregards the "red zone" existence, # it's possible to use following prologue and epilogue to "gear" from # Unix to Win64 ABI in leaf functions with not more than 6 arguments. # diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 9aa3c90..1841f78 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, { STACK_OF(X509) *ocerts = NULL; X509 *x = NULL; + + if (pkey) + *pkey = NULL; + if (cert) + *cert = NULL; + /* Check for NULL PKCS12 structure */ if (!p12) { @@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, return 0; } - if (pkey) - *pkey = NULL; - if (cert) - *cert = NULL; - /* Check the mac */ /* @@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, if (!ocerts) { PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { @@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: - if (pkey && *pkey) + if (pkey) { EVP_PKEY_free(*pkey); - if (cert && *cert) + *pkey = NULL; + } + if (cert) { X509_free(*cert); + *cert = NULL; + } if (x) X509_free(x); if (ocerts) diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index cbf34da..b1f7381 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -159,7 +159,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new())) + PKCS12_MAC_DATA_free(p12->mac); + p12->mac = NULL; + + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 74af473..60566b1 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -7,6 +7,10 @@ #if defined(__linux) || defined(_AIX) # include <sys/utsname.h> #endif +#if defined(__APPLE__) && defined(__MACH__) +# include <sys/types.h> +# include <sys/sysctl.h> +#endif #include <openssl/crypto.h> #include <openssl/bn.h> @@ -123,6 +127,26 @@ void OPENSSL_cpuid_setup(void) } #endif +#if defined(__APPLE__) && defined(__MACH__) + { + int val; + size_t len = sizeof(val); + + if (sysctlbyname("hw.optional.64bitops", &val, &len, NULL, 0) == 0) { + if (val) + OPENSSL_ppccap_P |= PPC_FPU64; + } + + len = sizeof(val); + if (sysctlbyname("hw.optional.altivec", &val, &len, NULL, 0) == 0) { + if (val) + OPENSSL_ppccap_P |= PPC_ALTIVEC; + } + + return; + } +#endif + memset(&ill_act, 0, sizeof(ill_act)); ill_act.sa_handler = ill_handler; ill_act.sa_mask = all_masked; diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index bd76e23..29e465b 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -266,17 +266,21 @@ static void ssleay_rand_add(const void *buf, int num, double add) j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - MD_Init(&m); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (!MD_Init(&m) || + !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - MD_Update(&m, &(state[st_idx]), j - k); - MD_Update(&m, &(state[0]), k); + if (!MD_Update(&m, &(state[st_idx]), j - k) || + !MD_Update(&m, &(state[0]), k)) + goto err; } else - MD_Update(&m, &(state[st_idx]), j); + if (!MD_Update(&m, &(state[st_idx]), j)) + goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - MD_Update(&m, buf, j); + if (!MD_Update(&m, buf, j)) + goto err; /* * We know that line may cause programs such as purify and valgrind * to complain about use of uninitialized data. The problem is not, @@ -285,8 +289,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) * insecure keys. */ - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Final(&m, local_md); + if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) || + !MD_Final(&m, local_md)) + goto err; md_c[1]++; buf = (const char *)buf + j; @@ -305,7 +310,6 @@ static void ssleay_rand_add(const void *buf, int num, double add) st_idx = 0; } } - EVP_MD_CTX_cleanup(&m); if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); @@ -326,6 +330,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); #endif + + err: + EVP_MD_CTX_cleanup(&m); } static void ssleay_rand_seed(const void *buf, int num) @@ -469,15 +476,18 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - MD_Init(&m); + if (!MD_Init(&m)) + goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); + if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + goto err; curr_pid = 0; } #endif - MD_Update(&m, local_md, MD_DIGEST_LENGTH); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH) || + !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + goto err; #ifndef PURIFY /* purify complains */ /* @@ -487,16 +497,21 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) * builds it is not used: the removal of such a small source of * entropy has negligible impact on security. */ - MD_Update(&m, buf, j); + if (!MD_Update(&m, buf, j)) + goto err; #endif k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); - MD_Update(&m, &(state[0]), k); - } else - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); - MD_Final(&m, local_md); + if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k) || + !MD_Update(&m, &(state[0]), k)) + goto err; + } else { + if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + goto err; + } + if (!MD_Final(&m, local_md)) + goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { /* may compete with other threads */ @@ -508,13 +523,18 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) } } - MD_Init(&m); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (!MD_Init(&m) || + !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) || + !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + goto err; if (lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m, md, MD_DIGEST_LENGTH); - MD_Final(&m, md); + if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || + !MD_Final(&m, md)) { + if (lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + goto err; + } if (lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); @@ -529,6 +549,10 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) "http://www.openssl.org/support/faq.html"); return (0); } + + err: + EVP_MD_CTX_cleanup(&m); + return (0); } static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 06670ae..b4be309 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,6 +196,8 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); # endif /* 1 */ # endif /* !OPENSSL_SYS_WINCE */ +#define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY) + int RAND_poll(void) { MEMORYSTATUS m; @@ -466,9 +468,7 @@ int RAND_poll(void) do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) - && (!good - || (GetTickCount() - starttime) < - MAXDELAY) + && (!good || NOTTOOLONG(starttime)) && --entrycnt > 0); } } @@ -480,8 +480,7 @@ int RAND_poll(void) ex_cnt_limit--; } } while (heaplist_next(handle, &hlist) - && (!good - || (GetTickCount() - starttime) < MAXDELAY) + && (!good || NOTTOOLONG(starttime)) && ex_cnt_limit > 0); } # else @@ -496,11 +495,11 @@ int RAND_poll(void) do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) + && (!good || NOTTOOLONG(starttime)) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); } # endif @@ -518,8 +517,7 @@ int RAND_poll(void) do RAND_add(&p, p.dwSize, 9); while (process_next(handle, &p) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); /* thread walking */ /* @@ -533,8 +531,7 @@ int RAND_poll(void) do RAND_add(&t, t.dwSize, 6); while (thread_next(handle, &t) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); /* module walking */ /* @@ -548,8 +545,7 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); if (close_snap) close_snap(handle); else @@ -708,14 +704,13 @@ static void readscreen(void) hBitmap = CreateCompatibleBitmap(hScrDC, w, n); /* Get bitmap properties */ - GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); - size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; - - bi.biSize = sizeof(BITMAPINFOHEADER); + GetObject(hBitmap, sizeof(bm), (LPSTR)&bm); + size = (unsigned int)4 * bm.bmHeight * bm.bmWidth; + bi.biSize = sizeof(bi); bi.biWidth = bm.bmWidth; bi.biHeight = bm.bmHeight; - bi.biPlanes = bm.bmPlanes; - bi.biBitCount = bm.bmBitsPixel; + bi.biPlanes = 1; + bi.biBitCount = 32; bi.biCompression = BI_RGB; bi.biSizeImage = 0; bi.biXPelsPerMeter = 0; @@ -731,7 +726,7 @@ static void readscreen(void) /* Copy the bits of the current line range into the buffer */ GetDIBits(hScrDC, hBitmap, y, n, - bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS); + bmbits, (LPBITMAPINFO)&bi, DIB_RGB_COLORS); /* Get the hash of the bitmap */ MD(bmbits, size, md); diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 7434ff7..a495324 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -100,7 +100,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 951e1d5..ddead3d 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } -#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 19d28c6..9a01b4a 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -237,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); cleanup: - if (db != NULL) + if (db != NULL) { + OPENSSL_cleanse(db, dblen); OPENSSL_free(db); - if (em != NULL) + } + if (em != NULL) { + OPENSSL_cleanse(em, num); OPENSSL_free(em); + } return mlen; } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index efa1fd3..50397c3 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * We can't continue in constant-time because we need to copy the result * and we cannot fake its length. This unavoidably leaks timing * information at the API boundary. - * TODO(emilia): this could be addressed at the call site, - * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. */ if (!good) { mlen = -1; @@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, memcpy(to, em + msg_index, mlen); err: - if (em != NULL) + if (em != NULL) { + OPENSSL_cleanse(em, num); OPENSSL_free(em); + } if (mlen == -1) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index ac583bf..00e730f 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) * FIPS mode. */ -static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) +static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd, + const EVP_MD **pmgf1md) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey.rsa; int rv = -1; + if (!FIPS_mode()) return 0; if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) rv = 0; if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) return -1; - if (rctx->md) { - const EVP_MD *fmd; - fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); - if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) + if (*pmd != NULL) { + *pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd)); + if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS)) return rv; } - if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { - const EVP_MD *fmd; - fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); - if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) + if (*pmgf1md != NULL) { + *pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md)); + if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS)) return rv; } return 1; @@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int ret; RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; + const EVP_MD *md = rctx->md; + const EVP_MD *mgf1md = rctx->mgf1md; #ifdef OPENSSL_FIPS - ret = pkey_fips_check_ctx(ctx); + ret = pkey_fips_check_rsa(rsa, &md, &mgf1md); if (ret < 0) { RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return -1; } #endif - if (rctx->md) { - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + if (md != NULL) { + if (tbslen != (size_t)EVP_MD_size(md)) { RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; } #ifdef OPENSSL_FIPS if (ret > 0) { unsigned int slen; - ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, - rctx->pad_mode, - rctx->saltlen, - rctx->mgf1md, sig, &slen); + ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode, + rctx->saltlen, mgf1md, sig, &slen); if (ret > 0) *siglen = slen; else @@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, } #endif - if (EVP_MD_type(rctx->md) == NID_mdc2) { + if (EVP_MD_type(md) == NID_mdc2) { unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, - tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp, + rsa); if (ret <= 0) return ret; @@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; } memcpy(rctx->tbuf, tbs, tbslen); - rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); + rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; - ret = RSA_sign(EVP_MD_type(rctx->md), - tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; ret = sltmp; } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; - if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, - rctx->tbuf, tbs, - rctx->md, rctx->mgf1md, - rctx->saltlen)) + if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, + md, mgf1md, rctx->saltlen)) return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa, RSA_NO_PADDING); @@ -348,32 +343,31 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, { RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; + const EVP_MD *md = rctx->md; + const EVP_MD *mgf1md = rctx->mgf1md; size_t rslen; + #ifdef OPENSSL_FIPS - int rv; - rv = pkey_fips_check_ctx(ctx); + int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md); + if (rv < 0) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return -1; } #endif - if (rctx->md) { + if (md != NULL) { #ifdef OPENSSL_FIPS if (rv > 0) { - return FIPS_rsa_verify_digest(rsa, - tbs, tbslen, - rctx->md, - rctx->pad_mode, - rctx->saltlen, - rctx->mgf1md, sig, siglen); + return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode, + rctx->saltlen, mgf1md, sig, siglen); } #endif if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + return RSA_verify(EVP_MD_type(md), tbs, tbslen, sig, siglen, rsa); - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + if (tbslen != (size_t)EVP_MD_size(md)) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); return -1; } @@ -388,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, rsa, RSA_NO_PADDING); if (ret <= 0) return 0; - ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, - rctx->md, rctx->mgf1md, + ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md, rctx->tbuf, rctx->saltlen); if (ret <= 0) return 0; @@ -446,19 +439,14 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, int ret; RSA_PKEY_CTX *rctx = ctx->data; if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { - int i; if (!setup_tbuf(rctx, ctx)) return -1; ret = RSA_private_decrypt(inlen, in, rctx->tbuf, ctx->pkey->pkey.rsa, RSA_NO_PADDING); if (ret <= 0) return ret; - for (i = 0; i < ret; i++) { - if (rctx->tbuf[i]) - break; - } - ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i, - ret - i, ret, + ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf, + ret, ret, rctx->oaep_label, rctx->oaep_labellen, rctx->md, rctx->mgf1md); diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 41bc084..2c3fd73 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -122,7 +122,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EM++; emLen--; } - if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } @@ -222,9 +226,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, *EM++ = 0; emLen--; } + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } if (sLen == -2) { sLen = emLen - hLen - 2; - } else if (emLen < (hLen + sLen + 2)) { + } else if (sLen > emLen - hLen - 2) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index de6cdde..8b8f8b2 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -135,7 +135,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index a8ec52a..c8bc7a9 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -86,10 +86,13 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) int i, j; int size; + if (alen == 0 || alen > INT_MAX) + return -1; + while (*src && (*src == ' ' || *src == '\t' || *src == '\n')) ++src; size = strlen(src); - if (alen > INT_MAX || size > (int)alen) + if (size < 0 || size >= (int)alen) return -1; i = 0; @@ -127,7 +130,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) if (--i < 0) break; } - while (a[j] == 0 && j <= size) + while (j <= size && a[j] == 0) ++j; i = 0; while (j <= size) diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index f9b42ac..ed02efc 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -162,6 +162,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", ln, num, n, f); #endif + OPENSSL_free(pp); er = 2; goto err; } @@ -171,6 +172,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) * fix :-( */ fprintf(stderr, "failure in sk_push\n"); #endif + OPENSSL_free(pp); er = 2; goto err; } @@ -222,7 +224,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) { LHASH_OF(OPENSSL_STRING) *idx; - OPENSSL_STRING *r; + OPENSSL_STRING *r, *k; int i, n; if (field >= db->num_fields) { @@ -239,13 +241,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), r = sk_OPENSSL_PSTRING_value(db->data, i); if ((qual != NULL) && (qual(r) == 0)) continue; - if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { + if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { db->error = DB_ERROR_INDEX_CLASH; - db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r); + db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k); db->arg2 = i; lh_OPENSSL_STRING_free(idx); return (0); } + if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) { + db->error = DB_ERROR_MALLOC; + lh_OPENSSL_STRING_free(idx); + return (0); + } } if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]); @@ -320,20 +327,29 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) } } } - /* We have passed the index checks, now just append and insert */ - if (!sk_OPENSSL_PSTRING_push(db->data, row)) { - db->error = DB_ERROR_MALLOC; - goto err; - } for (i = 0; i < db->num_fields; i++) { if (db->index[i] != NULL) { if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) continue; (void)lh_OPENSSL_STRING_insert(db->index[i], row); + if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL) + goto err1; } } + if (!sk_OPENSSL_PSTRING_push(db->data, row)) + goto err1; return (1); + + err1: + db->error = DB_ERROR_MALLOC; + while (i-- > 0) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + continue; + (void)lh_OPENSSL_STRING_delete(db->index[i], row); + } + } err: return (0); } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 3cc067c..03ef981 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -520,6 +520,7 @@ int UI_process(UI *ui) } } } + err: if (ui->meth->ui_close_session != NULL && ui->meth->ui_close_session(ui) <= 0) @@ -747,7 +748,6 @@ const char *UI_get0_action_string(UI_STRING *uis) if (!uis) return NULL; switch (uis->type) { - case UIT_PROMPT: case UIT_BOOLEAN: return uis->_.boolean_data.action_desc; default: diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c index 807d1c4..96d042f 100644 --- a/crypto/whrlpool/wp_dgst.c +++ b/crypto/whrlpool/wp_dgst.c @@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) goto reconsider; } else #endif - if (bits >= 8) { + if (bits > 8) { b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap))); b &= 0xff; if (bitrem) @@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) } if (bitrem) c->data[byteoff] = b << (8 - bitrem); - } else { /* remaining less than 8 bits */ + } else { /* remaining less than or equal to 8 bits */ b = (inp[0] << inpgap) & 0xff; if (bitrem) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index bbc3189..6f0209a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (!hent) { hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); if (hent == NULL) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); goto finish; } diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 43a0730..82ce4e8 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { int ok = 0; - char *file; + const char *file; switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = (char *)getenv(X509_get_default_cert_file_env()); + file = getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); @@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 50120a4..b742480 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -185,14 +185,16 @@ X509_STORE *X509_STORE_new(void) if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) return NULL; - ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + goto err0; ret->cache = 1; - ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + goto err1; ret->verify = 0; ret->verify_cb = 0; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) - return NULL; + goto err2; ret->get_issuer = 0; ret->check_issued = 0; @@ -204,14 +206,21 @@ X509_STORE *X509_STORE_new(void) ret->lookup_crls = 0; ret->cleanup = 0; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { - sk_X509_OBJECT_free(ret->objs); - OPENSSL_free(ret); - return NULL; - } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + goto err3; ret->references = 1; return ret; + + err3: + X509_VERIFY_PARAM_free(ret->param); + err2: + sk_X509_LOOKUP_free(ret->get_cert_methods); + err1: + sk_X509_OBJECT_free(ret->objs); + err0: + OPENSSL_free(ret); + return NULL; } static void cleanup(X509_OBJECT *a) @@ -360,8 +369,12 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) X509err(X509_F_X509_STORE_ADD_CERT, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret = 0; - } else - sk_X509_OBJECT_push(ctx->objs, obj); + } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); + ret = 0; + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); @@ -392,8 +405,12 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) OPENSSL_free(obj); X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret = 0; - } else - sk_X509_OBJECT_push(ctx->objs, obj); + } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); + ret = 0; + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 09b8691..03c9533 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { int ret; + int calc_ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; *ptree = NULL; @@ -800,17 +801,20 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, /* Tree is not empty: continue */ - ret = tree_calculate_authority_set(tree, &auth_nodes); + calc_ret = tree_calculate_authority_set(tree, &auth_nodes); - if (!ret) + if (!calc_ret) goto error; - if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) - goto error; + ret = tree_calculate_user_set(tree, policy_oids, auth_nodes); - if (ret == 2) + if (calc_ret == 2) sk_X509_POLICY_NODE_free(auth_nodes); + if (!ret) + goto error; + + if (tree) *ptree = tree; diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 1290dec..af080a0 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi) */ unsigned int v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 7f1e71d..a0351fa 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -119,32 +119,39 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int i; switch (gen->type) { case GEN_OTHERNAME: - X509V3_add_value("othername", "<unsupported>", &ret); + if (!X509V3_add_value("othername", "<unsupported>", &ret)) + return NULL; break; case GEN_X400: - X509V3_add_value("X400Name", "<unsupported>", &ret); + if (!X509V3_add_value("X400Name", "<unsupported>", &ret)) + return NULL; break; case GEN_EDIPARTY: - X509V3_add_value("EdiPartyName", "<unsupported>", &ret); + if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret)) + return NULL; break; case GEN_EMAIL: - X509V3_add_value_uchar("email", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_DNS: - X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_URI: - X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_DIRNAME: - X509_NAME_oneline(gen->d.dirn, oline, 256); - X509V3_add_value("DirName", oline, &ret); + if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL + || !X509V3_add_value("DirName", oline, &ret)) + return NULL; break; case GEN_IPADD: @@ -162,15 +169,18 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, strcat(oline, ":"); } } else { - X509V3_add_value("IP Address", "<invalid>", &ret); + if (!X509V3_add_value("IP Address", "<invalid>", &ret)) + return NULL; break; } - X509V3_add_value("IP Address", oline, &ret); + if (!X509V3_add_value("IP Address", oline, &ret)) + return NULL; break; case GEN_RID: i2t_ASN1_OBJECT(oline, 256, gen->d.rid); - X509V3_add_value("Registered ID", oline, &ret); + if (!X509V3_add_value("Registered ID", oline, &ret)) + return NULL; break; } return ret; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index d97f622..b99269e 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -390,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: + ASN1_INTEGER_free(aint); X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); err: - sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } @@ -458,9 +458,15 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) num = sk_ASN1_INTEGER_value(ref->noticenos, i); if (i) BIO_puts(out, ", "); - tmp = i2s_ASN1_INTEGER(NULL, num); - BIO_puts(out, tmp); - OPENSSL_free(tmp); + if (num == NULL) + BIO_puts(out, "(null)"); + else { + tmp = i2s_ASN1_INTEGER(NULL, num); + if (tmp == NULL) + return; + BIO_puts(out, tmp); + OPENSSL_free(tmp); + } } BIO_puts(out, "\n"); } diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 7f40bfa..9bb01ee 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, oth = OTHERNAME_new(); if (!oth) return 0; + ASN1_TYPE_free(oth->value); oth->type_id = oid; oth->value = value; GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e052a34..7064c72 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -107,29 +107,30 @@ ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, AUTHORITY_INFO_ACCESS - *ainfo, STACK_OF(CONF_VALUE) - *ret) +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( + X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, + STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; int i, nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; + STACK_OF(CONF_VALUE) *tret = ret; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + STACK_OF(CONF_VALUE) *tmp; + desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); - ret = i2v_GENERAL_NAME(method, desc->location, ret); - if (!ret) - break; - vtmp = sk_CONF_VALUE_value(ret, i); + tmp = i2v_GENERAL_NAME(method, desc->location, tret); + if (tmp == NULL) + goto err; + tret = tmp; + vtmp = sk_CONF_VALUE_value(tret, i); i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (!ntmp) { - X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); - return NULL; - } + if (ntmp == NULL) + goto err; BUF_strlcpy(ntmp, objtmp, nlen); BUF_strlcat(ntmp, " - ", nlen); BUF_strlcat(ntmp, vtmp->name, nlen); @@ -137,9 +138,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD vtmp->name = ntmp; } - if (!ret) + if (ret == NULL && tret == NULL) return sk_CONF_VALUE_new_null(); - return ret; + + return tret; + err: + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + if (ret == NULL && tret != NULL) + sk_CONF_VALUE_pop_free(tret, X509V3_conf_free); + return NULL; } static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 2855269..1184091 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) +/* + * We cannot use strncasecmp here because that applies locale specific rules. + * For example in Turkish 'I' is not the uppercase character for 'i'. We need to + * do a simple ASCII case comparison ignoring the locale (that is why we use + * numeric constants below). + */ +static int ia5ncasecmp(const char *s1, const char *s2, size_t n) +{ + for (; n > 0; n--, s1++, s2++) { + if (*s1 != *s2) { + unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2; + + /* Convert to lower case */ + if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */) + c1 += 0x20; + if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */) + c2 += 0x20; + + if (c1 == c2) + continue; + + if (c1 < c2) + return -1; + + /* c1 > c2 */ + return 1; + } else if (*s1 == 0) { + /* If we get here we know that *s2 == 0 too */ + return 0; + } + } + + return 0; +} + +static int ia5casecmp(const char *s1, const char *s2) +{ + /* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */ + return ia5ncasecmp(s1, s2, (size_t)(-1)); +} + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (strcasecmp(baseptr, dnsptr)) + if (ia5casecmp(baseptr, dnsptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (!strcasecmp(baseptr, emlptr)) + if (ia5casecmp(baseptr, emlptr) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) } emlptr = emlat + 1; /* Just have hostname left to match: case insensitive */ - if (strcasecmp(baseptr, emlptr)) + if (ia5casecmp(baseptr, emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (!strncasecmp(p, baseptr, base->length)) + if (ia5ncasecmp(p, baseptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; } if ((base->length != (int)hostlen) - || strncasecmp(hostptr, baseptr, hostlen)) + || ia5ncasecmp(hostptr, baseptr, hostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 845be67..96e629a 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -321,6 +321,7 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ + NID_crl_distribution_points, /* 103 */ NID_ext_key_usage, /* 126 */ #ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index d208d02..ef3608b 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -59,7 +59,7 @@ OPENSSL_ia32_cpuid: mov %rbx,%r8 # save %rbx xor %eax,%eax - mov %eax,8(%rdi) # clear 3rd word + mov %eax,8(%rdi) # clear extended feature flags cpuid mov %eax,%r11d # max value for standard query level @@ -127,14 +127,6 @@ OPENSSL_ia32_cpuid: shr \$14,%r10d and \$0xfff,%r10d # number of cores -1 per L1D - cmp \$7,%r11d - jb .Lnocacheinfo - - mov \$7,%eax - xor %ecx,%ecx - cpuid - mov %ebx,8(%rdi) - .Lnocacheinfo: mov \$1,%eax cpuid @@ -144,8 +136,19 @@ OPENSSL_ia32_cpuid: or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs and \$15,%ah cmp \$15,%ah # examine Family ID - jne .Lnotintel + jne .LnotP4 or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR +.LnotP4: + cmp \$6,%ah + jne .Lnotintel + and \$0x0fff0ff0,%eax + cmp \$0x00050670,%eax # Knights Landing + je .Lknights + cmp \$0x00080650,%eax # Knights Mill (according to sde) + jne .Lnotintel +.Lknights: + and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont + .Lnotintel: bt \$28,%edx # test hyper-threading bit jnc .Lgeneric @@ -164,6 +167,19 @@ OPENSSL_ia32_cpuid: or %ecx,%r9d # merge AMD XOP flag mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx + + cmp \$7,%r11d + jb .Lno_extended_info + mov \$7,%eax + xor %ecx,%ecx + cpuid + bt \$26,%r9d # check XSAVE bit, cleared on Knights + jc .Lnotknights + and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag +.Lnotknights: + mov %ebx,8(%rdi) # save extended feature flags +.Lno_extended_info: + bt \$27,%r9d # check OSXSAVE bit jnc .Lclear_avx xor %ecx,%ecx # XCR0 @@ -174,7 +190,7 @@ OPENSSL_ia32_cpuid: .Lclear_avx: mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) and %eax,%r9d # clear AVX, FMA and AMD XOP bits - andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5) + andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5) .Ldone: shl \$32,%r9 mov %r10d,%eax diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index e95f627..90ed196 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -20,10 +20,10 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &pop ("eax"); &xor ("ecx","eax"); &xor ("eax","eax"); + &mov ("esi",&wparam(0)); + &mov (&DWP(8,"esi"),"eax"); # clear extended feature flags &bt ("ecx",21); &jnc (&label("nocpuid")); - &mov ("esi",&wparam(0)); - &mov (&DWP(8,"esi"),"eax"); # clear 3rd word &cpuid (); &mov ("edi","eax"); # max value for standard query level @@ -81,26 +81,16 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &jmp (&label("generic")); &set_label("intel"); - &cmp ("edi",7); - &jb (&label("cacheinfo")); - - &mov ("esi",&wparam(0)); - &mov ("eax",7); - &xor ("ecx","ecx"); - &cpuid (); - &mov (&DWP(8,"esi"),"ebx"); - -&set_label("cacheinfo"); &cmp ("edi",4); - &mov ("edi",-1); + &mov ("esi",-1); &jb (&label("nocacheinfo")); &mov ("eax",4); &mov ("ecx",0); # query L1D &cpuid (); - &mov ("edi","eax"); - &shr ("edi",14); - &and ("edi",0xfff); # number of cores -1 per L1D + &mov ("esi","eax"); + &shr ("esi",14); + &and ("esi",0xfff); # number of cores -1 per L1D &set_label("nocacheinfo"); &mov ("eax",1); @@ -118,7 +108,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &bt ("edx",28); # test hyper-threading bit &jnc (&label("generic")); &and ("edx",0xefffffff); - &cmp ("edi",0); + &cmp ("esi",0); &je (&label("generic")); &or ("edx",0x10000000); @@ -130,10 +120,19 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &set_label("generic"); &and ("ebp",1<<11); # isolate AMD XOP flag &and ("ecx",0xfffff7ff); # force 11th bit to 0 - &mov ("esi","edx"); + &mov ("esi","edx"); # %ebp:%esi is copy of %ecx:%edx &or ("ebp","ecx"); # merge AMD XOP flag - &bt ("ecx",27); # check OSXSAVE bit + &cmp ("edi",7); + &mov ("edi",&wparam(0)); + &jb (&label("no_extended_info")); + &mov ("eax",7); + &xor ("ecx","ecx"); + &cpuid (); + &mov (&DWP(8,"edi"),"ebx"); # save extended feature flag +&set_label("no_extended_info"); + + &bt ("ebp",27); # check OSXSAVE bit &jnc (&label("clear_avx")); &xor ("ecx","ecx"); &data_byte(0x0f,0x01,0xd0); # xgetbv @@ -147,7 +146,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &and ("esi",0xfeffffff); # clear FXSR &set_label("clear_avx"); &and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits - &mov ("edi",&wparam(0)); &and (&DWP(8,"edi"),0xffffffdf); # clear AVX2 &set_label("done"); &mov ("eax","esi"); diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod index 76a765d..a84dbc3 100644 --- a/doc/apps/asn1parse.pod +++ b/doc/apps/asn1parse.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-asn1parse, asn1parse - ASN.1 parsing tool =head1 SYNOPSIS diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index c90e648..cc26bf4 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-ca, ca - sample minimal CA application =head1 SYNOPSIS diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 9224557..fa16124 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ciphers, ciphers - SSL cipher display and cipher list tool. =head1 SYNOPSIS @@ -179,7 +180,8 @@ When in doubt, include B<!aNULL> in your cipherlist. =item B<kRSA>, B<RSA> -cipher suites using RSA key exchange. +cipher suites using RSA key exchange or authentication. B<RSA> is an alias for +B<kRSA>. =item B<kDHr>, B<kDHd>, B<kDH> diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index ac69804..4a7783d 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-cms, cms - CMS utility =head1 SYNOPSIS diff --git a/doc/apps/config.pod b/doc/apps/config.pod index e125915..3f607d3 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -47,7 +47,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment variables can be substituted. It is also possible to assign values to environment variables by using the name B<ENV::name>, this will work if the program looks up environment variables using the B<CONF> library -instead of calling B<getenv()> directly. +instead of calling B<getenv()> directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. It is possible to escape certain characters by using any kind of quote or the B<\> character. By making the last character of a line a B<\> diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index 044a9da..cdced1c 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl, crl - CRL utility =head1 SYNOPSIS diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod index 3797bc0..18654c5 100644 --- a/doc/apps/crl2pkcs7.pod +++ b/doc/apps/crl2pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index b27bb94..72d6c87 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests =head1 SYNOPSIS diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 1cd4c76..018d993 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dhparam, dhparam - DH parameter manipulation and generation =head1 SYNOPSIS diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod index 8bf6cc9..77d6608 100644 --- a/doc/apps/dsa.pod +++ b/doc/apps/dsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsa, dsa - DSA key processing =head1 SYNOPSIS diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod index ba5ec4d..4469034 100644 --- a/doc/apps/dsaparam.pod +++ b/doc/apps/dsaparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsaparam, dsaparam - DSA parameter manipulation and generation =head1 SYNOPSIS diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod index 5c7b45d..658eac5 100644 --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ec, ec - EC key processing =head1 SYNOPSIS diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index 88e9d1e..ba2f3b9 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ecparam, ecparam - EC parameter manipulation and generation =head1 SYNOPSIS diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 41791ad..aceafcd 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-enc, enc - symmetric cipher routines =head1 SYNOPSIS diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod index b3c6ccf..0dee51c 100644 --- a/doc/apps/errstr.pod +++ b/doc/apps/errstr.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-errstr, errstr - lookup error codes =head1 SYNOPSIS diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod index d9f56be..2c8e5c8 100644 --- a/doc/apps/gendsa.pod +++ b/doc/apps/gendsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-gendsa, gendsa - generate a DSA private key from a set of parameters =head1 SYNOPSIS diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 929edcd..4d09fc0 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-genpkey, genpkey - generate a private key =head1 SYNOPSIS diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod index 3dc9870..8be0683 100644 --- a/doc/apps/genrsa.pod +++ b/doc/apps/genrsa.pod @@ -2,16 +2,21 @@ =head1 NAME +openssl-genrsa, genrsa - generate an RSA private key =head1 SYNOPSIS B<openssl> B<genrsa> +[B<-help>] [B<-out filename>] [B<-passout arg>] [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -32,17 +37,21 @@ The B<genrsa> command generates an RSA private key. =over 4 +=item B<-help> + +Print out a usage message. + =item B<-out filename> -the output filename. If this argument is not specified then standard output is -used. +Output the key to the specified file. If this argument is not specified then +standard output is used. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> These options encrypt the private key with specified cipher before outputting it. If none of these options is @@ -56,8 +65,8 @@ the public exponent to use, either 65537 or 3. The default is 65537. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). -Multiple files can be specified separated by a OS-dependent character. +generator, or an EGD socket (see L<RAND_egd(3)>). +Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -71,7 +80,7 @@ for all available algorithms. =item B<numbits> the size of the private key to generate in bits. This must be the last option -specified. The default is 512. +specified. The default is 2048. =back @@ -96,7 +105,15 @@ be much larger (typically 1024 bits). =head1 SEE ALSO -L<gendsa(1)|gendsa(1)> +L<gendsa(1)> -=cut +=head1 COPYRIGHT +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/apps/nseq.pod b/doc/apps/nseq.pod index 989c310..de441fa 100644 --- a/doc/apps/nseq.pod +++ b/doc/apps/nseq.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-nseq, nseq - create or examine a netscape certificate sequence =head1 SYNOPSIS diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 1bb7958..9e2716f 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ocsp, ocsp - Online Certificate Status Protocol utility =head1 SYNOPSIS diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod index f449825..7f74ce0 100644 --- a/doc/apps/passwd.pod +++ b/doc/apps/passwd.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-passwd, passwd - compute password hashes =head1 SYNOPSIS diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 7449848..debc9ea 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkcs12, pkcs12 - PKCS#12 file utility =head1 SYNOPSIS diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod index acfb810..651e937 100644 --- a/doc/apps/pkcs7.pod +++ b/doc/apps/pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs7, pkcs7 - PKCS#7 utility =head1 SYNOPSIS diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index 6901f1f..f741741 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool =head1 SYNOPSIS diff --git a/doc/apps/pkey.pod b/doc/apps/pkey.pod index 4851223..6db8a62 100644 --- a/doc/apps/pkey.pod +++ b/doc/apps/pkey.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkey, pkey - public or private key processing tool =head1 SYNOPSIS diff --git a/doc/apps/pkeyparam.pod b/doc/apps/pkeyparam.pod index 154f672..27c10a6 100644 --- a/doc/apps/pkeyparam.pod +++ b/doc/apps/pkeyparam.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkeyparam, pkeyparam - public key algorithm parameter processing tool =head1 SYNOPSIS diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index 5da347c..78b3b02 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkeyutl, pkeyutl - public key algorithm utility =head1 SYNOPSIS diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod index d1d213e..94df10d 100644 --- a/doc/apps/rand.pod +++ b/doc/apps/rand.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rand, rand - generate pseudo-random bytes =head1 SYNOPSIS diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 30653e5..20b2f39 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-req, req - PKCS#10 certificate request and certificate generating utility. =head1 SYNOPSIS @@ -237,6 +238,9 @@ a self signed root CA. The extensions added to the certificate using the B<set_serial> option, a large random number will be used for the serial number. +If existing request is specified with the B<-in> option, it is converted +to the self signed certificate otherwise new request is created. + =item B<-days n> when the B<-x509> option is being used this specifies the number of diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index 21cbf8e..7e43e0f 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-rsa, rsa - RSA key processing tool =head1 SYNOPSIS diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index 1a498c2..e16ce29 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rsautl, rsautl - RSA utility =head1 SYNOPSIS @@ -105,7 +106,7 @@ Recover the signed data Examine the raw signed data: - openssl rsautl -verify -in file -inkey key.pem -raw -hexdump + openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 29675dd..d9413a0 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_client, s_client - SSL/TLS client program =head1 SYNOPSIS @@ -42,6 +43,8 @@ B<openssl> B<s_client> [B<-no_tls1_2>] [B<-fallback_scsv>] [B<-bugs>] +[B<-sigalgs sigalglist>] +[B<-curves curvelist>] [B<-cipher cipherlist>] [B<-serverpref>] [B<-starttls protocol>] @@ -195,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>. =item B<-psk_identity identity> Use the PSK identity B<identity> when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes). =item B<-psk key> Use the PSK key B<key> when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> @@ -217,6 +222,19 @@ Send TLS_FALLBACK_SCSV in the ClientHello. there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-sigalgs sigalglist> + +Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see L<SSL_CTX_set1_sigalgs(3)> + +=item B<-curves curvelist> + +Specifies the list of supported curves to be sent by the client. The curve is +is ultimately selected by the server. For a list of all curves, use: + + $ openssl ecparam -list_curves + =item B<-cipher cipherlist> this allows the cipher list sent by the client to be modified. Although diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index fa17488..9916fc3 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_server, s_server - SSL/TLS server program =head1 SYNOPSIS @@ -35,6 +36,8 @@ B<openssl> B<s_server> [B<-CAfile filename>] [B<-no_alt_chains>] [B<-nocert>] +[B<-client_sigalgs sigalglist>] +[B<-named_curve curve>] [B<-cipher cipherlist>] [B<-serverpref>] [B<-quiet>] @@ -217,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite. Use the PSK key B<key> when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> @@ -234,6 +238,18 @@ option enables various workarounds. this option enables a further workaround for some some early Netscape SSL code (?). +=item B<-client_sigalgs sigalglist> + +Signature algorithms to support for client certificate authentication +(colon-separated list) + +=item B<-named_curve curve> + +Specifies the elliptic curve to use. NOTE: this is single curve, not a list. +For a list of all possible curves, use: + + $ openssl ecparam -list_curves + =item B<-cipher cipherlist> this allows the cipher list used by the server to be modified. When @@ -389,10 +405,6 @@ a web browser the command: can be used for example. -Most web browsers (in particular Netscape and MSIE) only support RSA cipher -suites, so they cannot connect to servers which don't use a certificate -carrying an RSA key or a version of OpenSSL with RSA disabled. - Although specifying an empty list of CAs when requesting a client certificate is strictly speaking a protocol violation, some SSL clients interpret this to mean any CA is acceptable. This is useful for debugging purposes. diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod index 9082d87..1fa0280 100644 --- a/doc/apps/s_time.pod +++ b/doc/apps/s_time.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_time, s_time - SSL/TLS performance timing program =head1 SYNOPSIS diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod index 9988d2c..0771bae 100644 --- a/doc/apps/sess_id.pod +++ b/doc/apps/sess_id.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-sess_id, sess_id - SSL/TLS session handling utility =head1 SYNOPSIS diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 04a83ca..fbf60da 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-smime, smime - S/MIME utility =head1 SYNOPSIS diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod index 1cd1998..2bfe91e 100644 --- a/doc/apps/speed.pod +++ b/doc/apps/speed.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-speed, speed - test library performance =head1 SYNOPSIS diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod index 97fb80e..b8a5477 100644 --- a/doc/apps/spkac.pod +++ b/doc/apps/spkac.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-spkac, spkac - SPKAC printing and generating utility =head1 SYNOPSIS diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index d6aa47d..5da019b 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ts, ts - Time Stamping Authority tool (client/server) =head1 SYNOPSIS diff --git a/doc/apps/tsget.pod b/doc/apps/tsget.pod index 56db985..4856c85 100644 --- a/doc/apps/tsget.pod +++ b/doc/apps/tsget.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-tsget, tsget - Time Stamping HTTP/HTTPS client =head1 SYNOPSIS diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index b376732..321d5ac 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-verify, verify - Utility to verify certificates. =head1 SYNOPSIS diff --git a/doc/apps/version.pod b/doc/apps/version.pod index 58f543b..675b0f8 100644 --- a/doc/apps/version.pod +++ b/doc/apps/version.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-version, version - print OpenSSL version information =head1 SYNOPSIS diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 1479a74..d506258 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-x509, x509 - Certificate display and signing utility =head1 SYNOPSIS diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index 3bed47f..f6bb484 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -70,8 +70,9 @@ BN_bn2bin() returns the length of the big-endian number placed at B<to>. BN_bin2bn() returns the B<BIGNUM>, NULL on error. BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL -on error. BN_hex2bn() and BN_dec2bn() return the number's length in -hexadecimal or decimal digits, and 0 on error. +on error. BN_hex2bn() and BN_dec2bn() return the number of characters +used in parsing, or 0 on error, in which +case no new B<BIGNUM> will be created. BN_print_fp() and BN_print() return 1 on success, 0 on write errors. diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index ab7a105..d446603 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -30,10 +30,12 @@ to the value 0. BN_free() frees the components of the B<BIGNUM>, and if it was created by BN_new(), also the structure itself. BN_clear_free() additionally overwrites the data before the memory is returned to the system. +If B<a> is NULL, nothing is done. =head1 RETURN VALUES -BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails, +BN_new() returns a pointer to the B<BIGNUM> initialised to the value 0. +If the allocation fails, it returns B<NULL> and sets an error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index d951333..dc9a2d7 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -19,14 +19,17 @@ EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb, EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb, EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb, -EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, -EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, +EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5, +EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc, EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, -EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines +EVP_aes_192_ccm, EVP_aes_256_ccm, +EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 +- EVP cipher routines =head1 SYNOPSIS @@ -392,10 +395,7 @@ processed (e.g. after an EVP_EncryptFinal() call). EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal -when decrypting data and must be made B<before> any data is processed (e.g. -before any EVP_DecryptUpdate() call). - -See L<EXAMPLES> below for an example of the use of GCM mode. +when decrypting data. =head1 CCM Mode diff --git a/doc/crypto/EVP_PKEY_meth_new.pod b/doc/crypto/EVP_PKEY_meth_new.pod new file mode 100644 index 0000000..041492a --- /dev/null +++ b/doc/crypto/EVP_PKEY_meth_new.pod @@ -0,0 +1,376 @@ +=pod + +=head1 NAME + +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl +- manipulating EVP_PKEY_METHOD structure + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); + void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); + void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); + int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + + void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + + void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +=head1 DESCRIPTION + +B<EVP_PKEY_METHOD> is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. + +There are two places where the B<EVP_PKEY_METHOD> objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using L<EVP_PKEY_meth_add0(3)>. + +The B<EVP_PKEY_METHOD> objects are usually referenced by B<EVP_PKEY_CTX> +objects. + +=head2 Methods + +The methods are the underlying implementations of a particular public key +algorithm present by the B<EVP_PKEY_CTX> object. + + int (*init) (EVP_PKEY_CTX *ctx); + int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup) (EVP_PKEY_CTX *ctx); + +The init() method is called to initialize algorithm-specific data when a new +B<EVP_PKEY_CTX> is created. As opposed to init(), the cleanup() method is called +when an B<EVP_PKEY_CTX> is freed. The copy() method is called when an B<EVP_PKEY_CTX> +is being duplicated. Refer to L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new_id(3)>, +L<EVP_PKEY_CTX_free(3)> and L<EVP_PKEY_CTX_dup(3)>. + + int (*paramgen_init) (EVP_PKEY_CTX *ctx); + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The paramgen_init() and paramgen() methods deal with key parameter generation. +They are called by L<EVP_PKEY_paramgen_init(3)> and L<EVP_PKEY_paramgen(3)> to +handle the parameter generation process. + + int (*keygen_init) (EVP_PKEY_CTX *ctx); + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The keygen_init() and keygen() methods are used to generate the actual key for +the specified algorithm. They are called by L<EVP_PKEY_keygen_init(3)> and +L<EVP_PKEY_keygen(3)>. + + int (*sign_init) (EVP_PKEY_CTX *ctx); + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +The sign_init() and sign() methods are used to generate the signature of a +piece of data using a private key. They are called by L<EVP_PKEY_sign_init(3)> +and L<EVP_PKEY_sign(3)>. + + int (*verify_init) (EVP_PKEY_CTX *ctx); + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + +The verify_init() and verify() methods are used to verify whether a signature is +valid. They are called by L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>. + + int (*verify_recover_init) (EVP_PKEY_CTX *ctx); + int (*verify_recover) (EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + +The verify_recover_init() and verify_recover() methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by RSA signing algorithm). They are called by +L<EVP_PKEY_verify_recover_init(3)> and L<EVP_PKEY_verify_recover(3)>. + + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + +The signctx_init() and signctx() methods are used to sign a digest present by +a B<EVP_MD_CTX> object. They are called by the EVP_DigestSign functions. See +L<EVP_DigestSignInit(3)> for detail. + + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + +The verifyctx_init() and verifyctx() methods are used to verify a signature +against the data in a B<EVP_MD_CTX> object. They are called by the various +EVP_DigestVerify functions. See L<EVP_DigestVerifyInit(3)> for detail. + + int (*encrypt_init) (EVP_PKEY_CTX *ctx); + int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The encrypt_init() and encrypt() methods are used to encrypt a piece of data. +They are called by L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)>. + + int (*decrypt_init) (EVP_PKEY_CTX *ctx); + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The decrypt_init() and decrypt() methods are used to decrypt a piece of data. +They are called by L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>. + + int (*derive_init) (EVP_PKEY_CTX *ctx); + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +The derive_init() and derive() methods are used to derive the shared secret +from a public key algorithm (for instance, the DH algorithm). They are called by +L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)>. + + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + +The ctrl() and ctrl_str() methods are used to adjust algorithm-specific +settings. See L<EVP_PKEY_CTX_ctrl(3)> and related functions for detail. + + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +The digestsign() and digestverify() methods are used to generate or verify +a signature in a one-shot mode. They could be called by L<EVP_DigetSign(3)> +and L<EVP_DigestVerify(3)>. + +=head2 Functions + +EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object, +and associates the given B<id> and B<flags>. The following flags are +supported: + + EVP_PKEY_FLAG_AUTOARGLEN + EVP_PKEY_FLAG_SIGCTX_CUSTOM + +If an B<EVP_PKEY_METHOD> is set with the B<EVP_PKEY_FLAG_AUTOARGLEN> flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +L<EVP_PKEY_sign(3)>. + +The B<EVP_PKEY_FLAG_SIGCTX_CUSTOM> is used to indicate the signctx() method +of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a +digest signing operation by calling L<EVP_DigestSignFinal(3)>. + +EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by +B<pmeth>. + +EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src> +to B<dst>. + +EVP_PKEY_meth_find() finds an B<EVP_PKEY_METHOD> object with the B<id>. +This function first searches through the user-defined method objects and +then the built-in objects. + +EVP_PKEY_meth_add0() adds B<pmeth> to the user defined stack of methods. + +The EVP_PKEY_meth_set functions set the corresponding fields of +B<EVP_PKEY_METHOD> structure with the arguments passed. + +The EVP_PKEY_meth_get functions get the corresponding fields of +B<EVP_PKEY_METHOD> structure to the arguments provided. + +=head1 RETURN VALUES + +EVP_PKEY_meth_new() returns a pointer to a new B<EVP_PKEY_METHOD> +object or returns NULL on error. + +EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values. + +EVP_PKEY_meth_find() returns a pointer to the found B<EVP_PKEY_METHOD> +object or returns NULL if not found. + +EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 +if an error occurred. + +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index b8f678f..f20f815 100644 --- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling L<ERR_get_error(3)|ERR_get_error(3)>. +=head1 WARNING + +The RSA_padding_check_PKCS1_type_2() padding check leaks timing +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. + =head1 SEE ALSO L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod index 746a80c..3e1f895 100644 --- a/doc/crypto/RSA_private_encrypt.pod +++ b/doc/crypto/RSA_private_encrypt.pod @@ -8,10 +8,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations #include <openssl/rsa.h> - int RSA_private_encrypt(int flen, unsigned char *from, + int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); - int RSA_public_decrypt(int flen, unsigned char *from, + int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); =head1 DESCRIPTION diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod index ab0fe3b..4d7c1f2 100644 --- a/doc/crypto/RSA_public_encrypt.pod +++ b/doc/crypto/RSA_public_encrypt.pod @@ -8,10 +8,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography #include <openssl/rsa.h> - int RSA_public_encrypt(int flen, unsigned char *from, + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); - int RSA_private_decrypt(int flen, unsigned char *from, + int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); =head1 DESCRIPTION @@ -67,6 +67,13 @@ recovered plaintext. On error, -1 is returned; the error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +=head1 WARNING + +Decryption failures in the RSA_PKCS1_PADDING mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING. + =head1 CONFORMING TO SSL, PKCS #1 v2.0 diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index eb38b0a..1aee117 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -41,7 +41,7 @@ is no longer valid. X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation. It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only good for one call to X509_verify_cert(); if you want to verify a second -certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup() +certificate with the same B<ctx> then you must call X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before the second call to X509_verify_cert(). The trusted certificate store is set to B<store>, the end entity certificate to be verified is set to B<x509> and a set of additional diff --git a/doc/crypto/X509_check_private_key.pod b/doc/crypto/X509_check_private_key.pod new file mode 100644 index 0000000..a1fb07b --- /dev/null +++ b/doc/crypto/X509_check_private_key.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +X509_check_private_key, X509_REQ_check_private_key - check the consistency +of a private key with the public key in an X509 certificate or certificate +request + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_check_private_key(X509 *x, EVP_PKEY *k); + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); + +=head1 DESCRIPTION + +X509_check_private_key() function checks the consistency of private +key B<k> with the public key in B<x>. + +X509_REQ_check_private_key() is equivalent to X509_check_private_key() +except that B<x> represents a certificate request of structure B<X509_REQ>. + +=head1 RETURN VALUE + +X509_check_private_key() and X509_REQ_check_private_key() return 1 if +the keys match each other, and 0 if not. + +If the key is invalid or an error occurred, the reason code can be +obtained using L<ERR_get_error(3)>. + +=head1 BUGS + +The B<check_private_key> functions don't check if B<k> itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) +of a key pair. So if you pass a public key to these functions in B<k>, it will +return success. + +=head1 SEE ALSO + +L<ERR_get_error(3)> + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index e1add56..339617a 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -123,7 +123,7 @@ architecture dependent I<DES_key_schedule> via the DES_set_key_checked() or DES_set_key_unchecked() function. DES_set_key_checked() will check that the key passed is of odd parity -and is not a week or semi-weak key. If the parity is wrong, then -1 +and is not a weak or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index 2c8f20a..ca9798a 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -38,7 +38,8 @@ B<key_len> bytes long. It places the result in B<md> (which must have space for the output of the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes). If B<md> is NULL, the digest is placed in a static array. The size of -the output is placed in B<md_len>, unless it is B<NULL>. +the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL +value for B<md> to use the static array is not thread safe. B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc. diff --git a/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod b/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod new file mode 100644 index 0000000..3b0a509 --- /dev/null +++ b/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername - handle server name indication +(SNI) + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, + int (*cb)(SSL *, int *, void *)); + long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); + + const char *SSL_get_servername(const SSL *s, const int type); + int SSL_get_servername_type(const SSL *s); + +=head1 DESCRIPTION + +SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb> +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When B<cb> +is NULL, SNI is not used. The B<arg> value is a pointer which is passed to +the application callback. + +SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be +passed into the callback for this B<SSL_CTX>. + +SSL_get_servername() returns a servername extension value of the specified +type if provided in the Client Hello or NULL. + +SSL_get_servername_type() returns the servername type or -1 if no servername +is present. Currently the only supported type (defined in RFC3546) is +B<TLSEXT_NAMETYPE_host_name>. + +=head1 NOTES + +The ALPN and SNI callbacks are both executed during Client Hello processing. +The servername callback is executed first, followed by the ALPN callback. + +=head1 RETURN VALUES + +SSL_CTX_set_tlsext_servername_callback() and +SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. + +=head1 SEE ALSO + +L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>, +L<SSL_get0_alpn_selected(3)> + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/ssl/SSL_export_keying_material.pod b/doc/ssl/SSL_export_keying_material.pod new file mode 100644 index 0000000..ccb99ec --- /dev/null +++ b/doc/ssl/SSL_export_keying_material.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +SSL_export_keying_material - obtain keying material for application use + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +=head1 DESCRIPTION + +During the creation of a TLS or DTLS connection shared keying material is +established between the two endpoints. The function SSL_export_keying_material() +enables an application to use some of this keying material for its own purposes +in accordance with RFC5705. + +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. + +For a given SSL connection B<s>, B<olen> bytes of data will be written to +B<out>. The application specific context should be supplied in the location +pointed to by B<context> and should be B<contextlen> bytes long. Provision of +a context is optional. If the context should be omitted entirely then +B<use_context> should be set to 0. Otherwise it should be any other value. If +B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored. +Note that a zero length context is treated differently to no context at all, and +will result in different keying material being returned. + +An application specific label should be provided in the location pointed to by +B<label> and should be B<llen> bytes long. Typically this will be a value from +the IANA Exporter Label Registry +(L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). +Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard +to be used without registration. + +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. + +=head1 RETURN VALUES + +SSL_export_keying_material() returns 0 or -1 on failure or 1 on success. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod index d88a057..14facc6 100644 --- a/doc/ssl/SSL_set_connect_state.pod +++ b/doc/ssl/SSL_set_connect_state.pod @@ -25,7 +25,7 @@ it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or -SSL_set_ssl_method().) +SSL_set_ssl_method(3).) When beginning a new handshake, the SSL engine must know whether it must call the connect (client) or accept (server) routines. Even though it may diff --git a/openssl.spec b/openssl.spec index 7bbcdf6..18e23ac 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2k +Version: 1.0.2m Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 9bc6153..e6bc761 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -517,6 +517,17 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + /* + * Don't change the *message* read sequence number while listening. For + * the *record* write sequence we reflect the ClientHello sequence number + * when listening. + */ + if (s->d1->listen) + memcpy(s->s3->write_sequence, s->s3->read_sequence, + sizeof(s->s3->write_sequence)); + else + s->d1->handshake_read_seq++; + if (mt >= 0 && s->s3->tmp.message_type != mt) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); @@ -544,10 +555,6 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -1068,7 +1075,9 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) int dtls1_read_failed(SSL *s, int code) { if (code > 0) { +#ifdef TLS_DEBUG fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__); +#endif return 1; } @@ -1140,7 +1149,9 @@ int dtls1_retransmit_buffered_messages(SSL *s) (frag->msg_header.seq, frag->msg_header.is_ccs), 0, &found) <= 0 && found) { +#ifdef TLS_DEBUG fprintf(stderr, "dtls1_retransmit_message() failed\n"); +#endif return -1; } } @@ -1240,7 +1251,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, item = pqueue_find(s->d1->sent_messages, seq64be); if (item == NULL) { +#ifdef TLS_DEBUG fprintf(stderr, "retransmit: message %d non-existant\n", seq); +#endif *found = 0; return 0; } diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 7e2f5c2..76451a3 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -320,8 +320,13 @@ int dtls1_connect(SSL *s) s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + /* fall thru */ case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = ssl3_client_hello(s); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 7a02459..10586fe 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1323,9 +1323,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* XDTLS: check that epoch is consistent */ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - i = SSL_AD_ILLEGAL_PARAMETER; + al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; + goto f_err; } rr->length = 0; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index bc875b5..8502b24 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -282,7 +282,12 @@ int dtls1_accept(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else if (!s->s3->send_connection_binding && @@ -322,7 +327,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SW_FLUSH; s->init_num = 0; - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; case SSL3_ST_SW_HELLO_REQ_C: @@ -346,15 +355,6 @@ int dtls1_accept(SSL *s) s->init_num = 0; - /* - * Reflect ClientHello sequence to remain stateless while - * listening - */ - if (listen) { - memcpy(s->s3->write_sequence, s->s3->read_sequence, - sizeof(s->s3->write_sequence)); - } - /* If we're just listening, stop here */ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; @@ -381,7 +381,11 @@ int dtls1_accept(SSL *s) /* HelloVerifyRequest resets Finished MAC */ if (s->version != DTLS1_BAD_VER) - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; #ifndef OPENSSL_NO_SCTP diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 6850dc0..92f41dd 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -204,7 +204,10 @@ int ssl23_connect(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + goto end; + } s->state = SSL23_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; @@ -732,7 +735,35 @@ static int ssl23_get_server_hello(SSL *s) s->version = TLS1_2_VERSION; s->method = TLSv1_2_client_method(); } else { + /* + * Unrecognised version, we'll send a protocol version alert using + * our preferred version. + */ + switch(s->client_version) { + default: + /* + * Shouldn't happen + * Fall through + */ + case TLS1_2_VERSION: + s->version = TLS1_2_VERSION; + s->method = TLSv1_2_client_method(); + break; + case TLS1_1_VERSION: + s->version = TLS1_1_VERSION; + s->method = TLSv1_1_client_method(); + break; + case TLS1_VERSION: + s->version = TLS1_VERSION; + s->method = TLSv1_client_method(); + break; + case SSL3_VERSION: + s->version = SSL3_VERSION; + s->method = SSLv3_client_method(); + break; + } SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); goto err; } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 470bd3d..d3f6db1 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -195,7 +195,10 @@ int ssl23_accept(SSL *s) s->init_buf = buf; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + goto end; + } s->state = SSL23_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 32f2f1a..5b8b2da 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -263,6 +263,7 @@ int ssl3_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -275,7 +276,11 @@ int ssl3_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } s->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; @@ -1864,6 +1869,7 @@ int ssl3_get_key_exchange(SSL *s) goto err; } if (EC_KEY_set_group(ecdh, ngroup) == 0) { + EC_GROUP_free(ngroup); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index fbc954d..1eee9d9 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -177,32 +177,34 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_init(&s1); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; - if (k > sizeof buf) { + if (k > sizeof(buf)) /* bug: 'buf' is too small for this ciphersuite */ - SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); - return 0; - } + goto err; for (j = 0; j < k; j++) buf[j] = c; c++; - EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); - EVP_DigestUpdate(&s1, buf, k); - EVP_DigestUpdate(&s1, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1, smd, NULL); - - EVP_DigestInit_ex(&m5, EVP_md5(), NULL); - EVP_DigestUpdate(&m5, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); + if (!EVP_DigestInit_ex(&s1, EVP_sha1(), NULL) || + !EVP_DigestUpdate(&s1, buf, k) || + !EVP_DigestUpdate(&s1, s->session->master_key, + s->session->master_key_length) || + !EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&s1, smd, NULL)) + goto err2; + + if (!EVP_DigestInit_ex(&m5, EVP_md5(), NULL) || + !EVP_DigestUpdate(&m5, s->session->master_key, + s->session->master_key_length) || + !EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH)) + goto err2; if ((int)(i + MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal_ex(&m5, smd, NULL); + if (!EVP_DigestFinal_ex(&m5, smd, NULL)) + goto err2; memcpy(km, smd, (num - i)); } else - EVP_DigestFinal_ex(&m5, km, NULL); + if (!EVP_DigestFinal_ex(&m5, km, NULL)) + goto err2; km += MD5_DIGEST_LENGTH; } @@ -210,6 +212,12 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; + err: + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + err2: + EVP_MD_CTX_cleanup(&m5); + EVP_MD_CTX_cleanup(&s1); + return 0; } int ssl3_change_cipher_state(SSL *s, int which) @@ -360,25 +368,33 @@ int ssl3_change_cipher_state(SSL *s, int which) * In here I set both the read and write key/iv to the same value * since only the correct one will be used :-). */ - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, key, j); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); + if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) || + !EVP_DigestUpdate(&md, key, j) || + !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL)) { + EVP_MD_CTX_cleanup(&md); + goto err2; + } key = &(exp_key[0]); if (k > 0) { - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL); + if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) || + !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL)) { + EVP_MD_CTX_cleanup(&md); + goto err2; + } iv = &(exp_iv[0]); } } + EVP_MD_CTX_cleanup(&md); s->session->key_arg_length = 0; - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) + goto err2; #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { @@ -399,7 +415,6 @@ int ssl3_change_cipher_state(SSL *s, int which) OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); - EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); @@ -555,17 +570,20 @@ int ssl3_enc(SSL *s, int send) if ((bs != 1) && !send) return ssl3_cbc_remove_padding(s, rec, bs, mac_size); } - return (1); + return 1; } -void ssl3_init_finished_mac(SSL *s) +int ssl3_init_finished_mac(SSL *s) { if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); s->s3->handshake_buffer = BIO_new(BIO_s_mem()); + if (s->s3->handshake_buffer == NULL) + return 0; (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); + return 1; } void ssl3_free_digest_list(SSL *s) @@ -622,6 +640,10 @@ int ssl3_digest_cached_records(SSL *s) for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); + if (s->s3->handshake_dgst[i] == NULL) { + SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + return 0; + } #ifdef OPENSSL_FIPS if (EVP_MD_nid(md) == NID_md5) { EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], @@ -903,7 +925,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif - OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buf, sizeof(buf)); return (ret); } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 0385e03..1014a3f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) return (int)s->cert->ctype_num; } /* get configured sigalgs */ - siglen = tls12_get_psigalgs(s, &sig); + siglen = tls12_get_psigalgs(s, 1, &sig); if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) nostrict = 0; for (i = 0; i < siglen; i += 2, sig += 2) { diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 6ece87d..04212c5 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -670,7 +670,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ - if (len < tot) { + if ((len < tot) || ((wb->left != 0) && (len < (tot + s->s3->wpend_tot)))) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } @@ -699,6 +699,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) len >= 4 * (int)(max_send_fragment = s->max_send_fragment) && s->compress == NULL && s->msg_callback == NULL && SSL_USE_EXPLICIT_IV(s) && + s->enc_write_ctx != NULL && EVP_CIPHER_flags(s->enc_write_ctx->cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) { unsigned char aad[13]; @@ -1426,7 +1427,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->s3->handshake_fragment_len >= 4) && (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { /* * s->s3->handshake_fragment_len = 0; */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ea56f9c..0fb4845 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -311,7 +311,12 @@ int ssl3_accept(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else if (!s->s3->send_connection_binding && @@ -348,7 +353,11 @@ int ssl3_accept(SSL *s) s->state = SSL3_ST_SW_FLUSH; s->init_num = 0; - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; case SSL3_ST_SW_HELLO_REQ_C: @@ -1704,6 +1713,12 @@ int ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kEECDH) { const EC_GROUP *group; + if (s->s3->tmp.ecdh != NULL) { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + ecdhp = cert->ecdh_tmp; if (s->cert->ecdh_tmp_auto) { /* Get NID of appropriate shared curve */ @@ -1724,17 +1739,7 @@ int ssl3_send_server_key_exchange(SSL *s) goto f_err; } - if (s->s3->tmp.ecdh != NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } if (s->cert->ecdh_tmp_auto) ecdh = ecdhp; else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { @@ -2084,7 +2089,7 @@ int ssl3_send_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; - nl = tls12_get_psigalgs(s, &psigs); + nl = tls12_get_psigalgs(s, 1, &psigs); s2n(nl, p); memcpy(p, psigs, nl); p += nl; @@ -2197,7 +2202,7 @@ int ssl3_get_client_key_exchange(SSL *s) unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; int decrypt_len; unsigned char decrypt_good, version_good; - size_t j; + size_t j, padding_len; /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2265,16 +2270,38 @@ int ssl3_get_client_key_exchange(SSL *s) if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0) goto err; + + /* + * Decrypt with no padding. PKCS#1 padding will be removed as part of + * the timing-sensitive code below. + */ decrypt_len = - RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING); - ERR_clear_error(); + RSA_private_decrypt((int)n, p, p, rsa, RSA_NO_PADDING); + if (decrypt_len < 0) + goto err; + + /* Check the padding. See RFC 3447, section 7.2.2. */ /* - * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will - * be 0xff if so and zero otherwise. + * The smallest padded premaster is 11 bytes of overhead. Small keys + * are publicly invalid, so this may return immediately. This ensures + * PS is at least 8 bytes. */ - decrypt_good = - constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); + if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) { + al = SSL_AD_DECRYPT_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DECRYPTION_FAILED); + goto f_err; + } + + padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH; + decrypt_good = constant_time_eq_int_8(p[0], 0) & + constant_time_eq_int_8(p[1], 2); + for (j = 2; j < padding_len - 1; j++) { + decrypt_good &= ~constant_time_is_zero_8(p[j]); + } + decrypt_good &= constant_time_is_zero_8(p[padding_len - 1]); + p += padding_len; /* * If the version in the decrypted pre-master secret is correct then @@ -3018,6 +3045,11 @@ int ssl3_get_cert_verify(SSL *s) peer = s->session->peer; pkey = X509_get_pubkey(peer); + if (pkey == NULL) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { @@ -3154,7 +3186,9 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } if (i != 64) { +#ifdef SSL_DEBUG fprintf(stderr, "GOST signature length is %d", i); +#endif } for (idx = 0; idx < 64; idx++) { signature[63 - idx] = p[idx]; @@ -3463,8 +3497,22 @@ int ssl3_send_newsession_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) + /* if 0 is returned, write en empty ticket */ + int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + &hctx, 1); + + if (ret == 0) { + l2n(0, p); /* timeout */ + s2n(0, p); /* length */ + ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, + p - ssl_handshake_start(s)); + s->state = SSL3_ST_SW_SESSION_TICKET_B; + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return ssl_do_write(s); + } + if (ret < 0) goto err; } else { if (RAND_bytes(iv, 16) <= 0) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 1be6fb0..155728d 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -412,6 +412,7 @@ CERT *ssl_cert_dup(CERT *cert) #endif ssl_cert_clear_certs(ret); + OPENSSL_free(ret); return NULL; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2ad8f43..ccdf00f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1205,7 +1205,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) #else - while (isalnum(ch) || (ch == '-') || (ch == '.')) + while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')) #endif { ch = *(++l); @@ -2001,7 +2001,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); - return 0; + return 1; } MemCheck_off(); @@ -2013,6 +2013,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } comp->id = id; comp->method = cm; + comp->name = cm->name; load_builtin_compressions(); if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f8054da..3539f4b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1825,26 +1825,34 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, - const unsigned char *p, size_t plen, + const unsigned char *context, size_t contextlen, int use_context) { if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); + llen, context, + contextlen, use_context); } static unsigned long ssl_session_hash(const SSL_SESSION *a) { + const unsigned char *session_id = a->session_id; unsigned long l; + unsigned char tmp_storage[4]; + + if (a->session_id_length < sizeof(tmp_storage)) { + memset(tmp_storage, 0, sizeof(tmp_storage)); + memcpy(tmp_storage, a->session_id, a->session_id_length); + session_id = tmp_storage; + } l = (unsigned long) - ((unsigned int)a->session_id[0]) | - ((unsigned int)a->session_id[1] << 8L) | - ((unsigned long)a->session_id[2] << 16L) | - ((unsigned long)a->session_id[3] << 24L); + ((unsigned long)session_id[0]) | + ((unsigned long)session_id[1] << 8L) | + ((unsigned long)session_id[2] << 16L) | + ((unsigned long)session_id[3] << 24L); return (l); } @@ -3172,6 +3180,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) #endif ssl->cert = ssl_cert_dup(ctx->cert); if (ocert) { + int i; /* Preserve any already negotiated parameters */ if (ssl->server) { ssl->cert->peer_sigalgs = ocert->peer_sigalgs; @@ -3181,11 +3190,17 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; ocert->ciphers_raw = NULL; } + for (i = 0; i < SSL_PKEY_NUM; i++) { + ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest; + } #ifndef OPENSSL_NO_TLSEXT ssl->cert->alpn_proposed = ocert->alpn_proposed; ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len; ocert->alpn_proposed = NULL; ssl->cert->alpn_sent = ocert->alpn_sent; + + if (!custom_exts_copy_flags(&ssl->cert->srv_ext, &ocert->srv_ext)) + return NULL; #endif ssl_cert_free(ocert); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d50edd1..aeffc00 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1158,7 +1158,7 @@ long ssl2_default_timeout(void); const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -void ssl3_init_finished_mac(SSL *s); +int ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); int ssl3_send_cert_status(SSL *s); @@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, long ssl_get_algorithm2(SSL *s); int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); int tls1_process_sigalgs(SSL *s); -size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); +size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs); int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, const unsigned char *sig, EVP_PKEY *pkey); void ssl_set_client_disabled(SSL *s); @@ -1482,6 +1482,8 @@ int custom_ext_add(SSL *s, int server, unsigned char **pret, unsigned char *limit, int *al); int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); +int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); # else diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f679801..af03d45 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -964,6 +964,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) int ret = 0; BIO *bin = NULL; size_t num_extensions = 0; + unsigned char *new_serverinfo; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, @@ -1014,12 +1015,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) goto end; } /* Append the decoded extension to the serverinfo buffer */ - serverinfo = + new_serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); - if (serverinfo == NULL) { + if (new_serverinfo == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } + serverinfo = new_serverinfo; memcpy(serverinfo + serverinfo_length, extension, extension_length); serverinfo_length += extension_length; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c3369a4..23dd3e7 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -261,7 +261,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif - memset(&dest->ex_data, 0, sizeof(dest->ex_data)); /* We deliberately don't copy the prev and next pointers */ dest->prev = NULL; @@ -275,6 +274,9 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (src->peer != NULL) CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) + goto err; + #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); @@ -325,7 +327,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } # endif - if (ticket != 0) { + if (ticket != 0 && src->tlsext_tick != NULL) { dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); if(dest->tlsext_tick == NULL) goto err; @@ -1006,7 +1008,8 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 0; } s->sid_ctx_length = sid_ctx_len; - memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); + if (s->sid_ctx != sid_ctx) + memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); return 1; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 890e476..2d6141c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -311,6 +311,13 @@ static const char *sn_client; static const char *sn_server1; static const char *sn_server2; static int sn_expect = 0; +static int s_ticket1 = 0; +static int s_ticket2 = 0; +static int c_ticket = 0; +static int ticket_expect = -1; +static int sni_in_cert_cb = 0; +static const char *client_sigalgs = NULL; +static const char *server_digest_expect = NULL; static int servername_cb(SSL *s, int *ad, void *arg) { @@ -325,6 +332,9 @@ static int servername_cb(SSL *s, int *ad, void *arg) !strcasecmp(servername, sn_server2)) { BIO_printf(bio_stdout, "Switching server context.\n"); SSL_set_SSL_CTX(s, s_ctx2); + /* Copy over all the SSL_CTX options */ + SSL_clear_options(s, 0xFFFFFFFFL); + SSL_set_options(s, SSL_CTX_get_options(s_ctx2)); } } return SSL_TLSEXT_ERR_OK; @@ -348,6 +358,40 @@ static int verify_servername(SSL *client, SSL *server) BIO_printf(bio_stdout, "Servername: context is unknown\n"); return -1; } +static int cert_cb(SSL *ssl, void *arg) +{ + int unused; + return servername_cb(ssl, &unused, NULL) != SSL_TLSEXT_ERR_ALERT_FATAL; +} + +static int verify_ticket(SSL* ssl) +{ + if (ticket_expect == -1) + return 0; + if (ticket_expect == 0 && + (ssl->session->tlsext_tick == NULL || + ssl->session->tlsext_ticklen == 0)) + return 1; + if (ticket_expect == 1 && + (ssl->session->tlsext_tick != NULL && + ssl->session->tlsext_ticklen != 0)) + return 1; + return -1; +} + +static int verify_server_digest(SSL* ssl) +{ + int nid = NID_undef; + + if (server_digest_expect == NULL) + return 0; + SSL_get_peer_signature_nid(ssl, &nid); + if (strcmp(server_digest_expect, OBJ_nid2sn(nid)) == 0) + return 1; + BIO_printf(bio_stdout, "Expected server digest %s, got %s.\n", + server_digest_expect, OBJ_nid2sn(nid)); + return -1; +} /*- * next_protos_parse parses a comma separated list of strings into a string @@ -477,6 +521,42 @@ static int verify_alpn(SSL *client, SSL *server) return -1; } +#ifndef OPENSSL_NO_TLSEXT + +static int cb_ticket0(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + return 0; +} + +static int cb_ticket1(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + static unsigned char key[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }; + static char name[] = "ticket11ticket11"; + if (SSL_get_options(s) & SSL_OP_NO_TICKET) + return 0; + if (enc) { + RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL); + memcpy(key_name, name, 16); + return 1; + } else { + if (memcmp(key_name, name, 16) == 0) { + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL); + return 1; + } + } + return 0; +} + +static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + fprintf(stderr, "ticket callback for SNI context should never be called\n"); + EXIT(1); +} +#endif + #define SCT_EXT_TYPE 18 /* @@ -773,6 +853,7 @@ static void sv_usage(void) #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); + fprintf(stderr, " -tls12 - use TLSv1.2\n"); #endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls1 - use DTLSv1\n"); @@ -820,6 +901,15 @@ static void sv_usage(void) fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n"); fprintf(stderr, " -sn_expect1 - expected server 1\n"); fprintf(stderr, " -sn_expect2 - expected server 2\n"); +#ifndef OPENSSL_NO_TLSEXT + fprintf(stderr, " -s_ticket1 <yes|no|broken> - enable/disable session tickets on context 1\n"); + fprintf(stderr, " -s_ticket2 <yes|no> - enable/disable session tickets on context 2\n"); + fprintf(stderr, " -c_ticket <yes|no> - enable/disable session tickets on the client\n"); + fprintf(stderr, " -ticket_expect <yes|no> - indicate that the client should (or should not) have a ticket\n"); +#endif + fprintf(stderr, " -sni_in_cert_cb - have the server handle SNI in the certificate callback\n"); + fprintf(stderr, " -client_sigalgs arg - the signature algorithms to configure on the client\n"); + fprintf(stderr, " -server_digest_expect arg - the expected server signing digest\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -946,7 +1036,7 @@ int main(int argc, char *argv[]) int badop = 0; int bio_pair = 0; int force = 0; - int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, tls1 = 0, tls12 = 0, ssl2 = 0, ssl3 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -1100,6 +1190,11 @@ int main(int argc, char *argv[]) no_protocol = 1; #endif tls1 = 1; + } else if (strcmp(*argv, "-tls12") == 0) { +#ifdef OPENSSL_NO_TLS1 + no_protocol = 1; +#endif + tls12 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { #ifdef OPENSSL_NO_SSL3_METHOD no_protocol = 1; @@ -1175,13 +1270,21 @@ int main(int argc, char *argv[]) } else if (strcmp(*argv, "-time") == 0) { print_time = 1; } -#ifndef OPENSSL_NO_COMP else if (strcmp(*argv, "-zlib") == 0) { +#ifndef OPENSSL_NO_COMP comp = COMP_ZLIB; +#else + fprintf(stderr, + "ignoring -zlib, since I'm compiled without COMP\n"); +#endif } else if (strcmp(*argv, "-rle") == 0) { +#ifndef OPENSSL_NO_COMP comp = COMP_RLE; - } +#else + fprintf(stderr, + "ignoring -rle, since I'm compiled without COMP\n"); #endif + } else if (strcmp(*argv, "-named_curve") == 0) { if (--argc < 1) goto bad; @@ -1241,6 +1344,46 @@ int main(int argc, char *argv[]) sn_expect = 1; } else if (strcmp(*argv, "-sn_expect2") == 0) { sn_expect = 2; +#ifndef OPENSSL_NO_TLSEXT + } else if (strcmp(*argv, "-s_ticket1") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + s_ticket1 = 1; + if (strcmp(*argv, "broken") == 0) + s_ticket1 = 2; + } else if (strcmp(*argv, "-s_ticket2") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + s_ticket2 = 1; + } else if (strcmp(*argv, "-c_ticket") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + c_ticket = 1; + } else if (strcmp(*argv, "-ticket_expect") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + ticket_expect = 1; + else if (strcmp(*argv, "no") == 0) + ticket_expect = 0; +#endif + } else if (strcmp(*argv, "-sni_in_cert_cb") == 0) { + sni_in_cert_cb = 1; + } else if (strcmp(*argv, "-client_sigalgs") == 0) { + if (--argc < 1) + goto bad; + client_sigalgs = *(++argv); + } else if (strcmp(*argv, "-server_digest_expect") == 0) { + if (--argc < 1) + goto bad; + server_digest_expect = *(++argv); } else { fprintf(stderr, "unknown option %s\n", *argv); badop = 1; @@ -1271,9 +1414,9 @@ int main(int argc, char *argv[]) goto end; } - if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should " - "be requested.\n"); + if (ssl2 + ssl3 + tls1 + tls12 + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -tls12, -dtls1 or " + "-dtls12 should be requested.\n"); EXIT(1); } @@ -1289,10 +1432,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + if (!ssl2 && !ssl3 && !tls1 && !tls12 && !dtls1 && !dtls12 && number > 1 + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n" + "or add one of ssl2, -ssl3, -tls1, -tls12, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1356,7 +1500,7 @@ int main(int argc, char *argv[]) #endif /* - * At this point, ssl2/ssl3/tls1 is only set if the protocol is + * At this point, ssl2/ssl3/tls1/tls12 is only set if the protocol is * available. (Otherwise we exit early.) However the compiler doesn't * know this, so we ifdef. */ @@ -1380,6 +1524,8 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_TLS1 if (tls1) meth = TLSv1_method(); + else if (tls12) + meth = TLSv1_2_method(); else #endif meth = SSLv23_method(); @@ -1676,8 +1822,33 @@ int main(int argc, char *argv[]) OPENSSL_free(alpn); } - if (sn_server1 || sn_server2) - SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); + if (sn_server1 || sn_server2) { + if (sni_in_cert_cb) + SSL_CTX_set_cert_cb(s_ctx, cert_cb, NULL); + else + SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); + } + +#ifndef OPENSSL_NO_TLSEXT + if (s_ticket1 == 0) + SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET); + /* always set the callback */ + if (s_ticket1 == 2) + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket0); + else + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket1); + + if (!s_ticket2) + SSL_CTX_set_options(s_ctx2, SSL_OP_NO_TICKET); + /* always set the callback - this should never be called */ + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx2, cb_ticket2); + + if (!c_ticket) + SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET); +#endif + + if (client_sigalgs != NULL) + SSL_CTX_set1_sigalgs_list(c_ctx, client_sigalgs); c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); @@ -1742,6 +1913,10 @@ int main(int argc, char *argv[]) ret = 1; if (verify_servername(c_ssl, s_ssl) < 0) ret = 1; + if (verify_ticket(c_ssl) < 0) + ret = 1; + if (verify_server_digest(c_ssl) < 0) + ret = 1; SSL_free(s_ssl); SSL_free(c_ssl); diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 79ed946..0f4aba0 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -179,6 +179,25 @@ int custom_ext_add(SSL *s, int server, return 1; } +/* Copy the flags from src to dst for any extensions that exist in both */ +int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src) +{ + size_t i; + custom_ext_method *methsrc = src->meths; + + for (i = 0; i < src->meths_count; i++, methsrc++) { + custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type); + + if (methdst == NULL) + continue; + + methdst->ext_flags = methsrc->ext_flags; + } + + return 1; +} + /* Copy table of custom extensions */ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) { @@ -223,16 +242,14 @@ static int custom_ext_meth_add(custom_ext_methods *exts, /* Search for duplicate */ if (custom_ext_find(exts, ext_type)) return 0; - exts->meths = OPENSSL_realloc(exts->meths, - (exts->meths_count + - 1) * sizeof(custom_ext_method)); - - if (!exts->meths) { - exts->meths_count = 0; + meth = OPENSSL_realloc(exts->meths, + (exts->meths_count + 1) + * sizeof(custom_ext_method)); + if (meth == NULL) return 0; - } - meth = exts->meths + exts->meths_count; + exts->meths = meth; + meth += exts->meths_count; memset(meth, 0, sizeof(custom_ext_method)); meth->parse_cb = parse_cb; meth->add_cb = add_cb; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e60c88b..6587e8b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1035,7 +1035,7 @@ static unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) }; # endif -size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) +size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other @@ -1057,7 +1057,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) } # endif /* If server use client authentication sigalgs if not NULL */ - if (s->server && s->cert->client_sigalgs) { + if (s->server == sent && s->cert->client_sigalgs) { *psigs = s->cert->client_sigalgs; return s->cert->client_sigalgslen; } else if (s->cert->conf_sigalgs) { @@ -1121,7 +1121,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, # endif /* Check signature matches a type we sent */ - sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); + sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) { if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1]) break; @@ -1169,7 +1169,7 @@ void ssl_set_client_disabled(SSL *s) * Now go through all signature algorithms seeing if we support any for * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. */ - sigalgslen = tls12_get_psigalgs(s, &sigalgs); + sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { switch (sigalgs[1]) { # ifndef OPENSSL_NO_RSA @@ -1440,7 +1440,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (SSL_CLIENT_USE_SIGALGS(s)) { size_t salglen; const unsigned char *salg; - salglen = tls12_get_psigalgs(s, &salg); + salglen = tls12_get_psigalgs(s, 1, &salg); /*- * check for enough space. @@ -1769,6 +1769,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, return NULL; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); + } else { + /* if we don't add the above TLSEXT, we can't add a session ticket later */ + s->tlsext_ticket_expected = 0; } if (s->tlsext_status_expected) { @@ -3574,8 +3577,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); + slen -= p - sdec; OPENSSL_free(sdec); if (sess) { + /* Some additional consistency checks */ + if (slen != 0 || sess->session_id_length != 0) { + SSL_SESSION_free(sess); + return 2; + } /* * The session ID, if non-empty, is used by some clients to detect * that the ticket has been accepted. So we copy it to the session @@ -3803,7 +3812,7 @@ static int tls1_set_shared_sigalgs(SSL *s) conf = c->conf_sigalgs; conflen = c->conf_sigalgslen; } else - conflen = tls12_get_psigalgs(s, &conf); + conflen = tls12_get_psigalgs(s, 0, &conf); if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { pref = conf; preflen = conflen; @@ -317,7 +317,7 @@ int SSL_get_servername_type(const SSL *s); */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, - const unsigned char *p, size_t plen, + const unsigned char *context, size_t contextlen, int use_context); int SSL_get_sigalgs(SSL *s, int idx, diff --git a/test/Makefile b/test/Makefile index 8f272ef..a324eeb 100644 --- a/test/Makefile +++ b/test/Makefile @@ -307,6 +307,7 @@ test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ fi ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist @sh ./testssl keyU.ss certU.ss certCA.ss + @sh ./testssl keyU.ss certU.ss certCA.ss -rle @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss diff --git a/test/evptests.txt b/test/evptests.txt deleted file mode 100644 index 4e9958b..0000000 --- a/test/evptests.txt +++ /dev/null @@ -1,401 +0,0 @@ -#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) -#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt) -#digest:::input:output - -# SHA(1) tests (from shatest.c) -SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d - -# MD5 tests (from md5test.c) -MD5::::d41d8cd98f00b204e9800998ecf8427e -MD5:::61:0cc175b9c0f1b6a831c399e269772661 -MD5:::616263:900150983cd24fb0d6963f7d28e17f72 -MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0 -MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b -MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f -MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a - -# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 - -# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 - -# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 - -# AES 128 ECB tests (from NIST test vectors, encrypt) - -#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 - -# AES 128 ECB tests (from NIST test vectors, decrypt) - -#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 - -# AES 192 ECB tests (from NIST test vectors, decrypt) - -#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 - -# AES 256 ECB tests (from NIST test vectors, decrypt) - -#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 - -# AES 128 CBC tests (from NIST test vectors, encrypt) - -#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 - -# AES 192 CBC tests (from NIST test vectors, encrypt) - -#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 - -# AES 256 CBC tests (from NIST test vectors, encrypt) - -#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 - -# AES 128 CBC tests (from NIST test vectors, decrypt) - -#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 - -# AES tests from NIST document SP800-38A -# For all ECB encrypts and decrypts, the transformed sequence is -# AES-bits-ECB:key::plaintext:ciphertext:encdec -# ECB-AES128.Encrypt and ECB-AES128.Decrypt -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 -# ECB-AES192.Encrypt and ECB-AES192.Decrypt -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E -# ECB-AES256.Encrypt and ECB-AES256.Decrypt -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 -# For all CBC encrypts and decrypts, the transformed sequence is -# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-AES128.Encrypt and CBC-AES128.Decrypt -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 -# CBC-AES192.Encrypt and CBC-AES192.Decrypt -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD -# CBC-AES256.Encrypt and CBC-AES256.Decrypt -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B -# We don't support CFB{1,8}-AESxxx.{En,De}crypt -# For all CFB128 encrypts and decrypts, the transformed sequence is -# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-AES128.Encrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1 -# CFB128-AES128.Decrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0 -# CFB128-AES192.Encrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1 -# CFB128-AES192.Decrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0 -# CFB128-AES256.Encrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1 -# CFB128-AES256.Decrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0 -# For all OFB encrypts and decrypts, the transformed sequence is -# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-AES128.Encrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 -# OFB-AES128.Decrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 -# OFB-AES192.Encrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 -# OFB-AES192.Decrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 -# OFB-AES256.Encrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 -# OFB-AES256.Decrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 - -# AES Counter test vectors from RFC3686 -aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 -aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 -aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 - -aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1 -aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1 -aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1 - -aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 -aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 -aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 - -# DES ECB tests (from destest) - -DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 -DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58 -DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B -DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533 -DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D -DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD -DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4 - -# DESX-CBC tests (from destest) -DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 - -# DES EDE3 CBC tests (from destest) -DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 - -# RC4 tests (from rc4test) -RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 -RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 -RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a -RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 -RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf -RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 - - -# Camellia tests from RFC3713 -# For all ECB encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec -CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 -CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 -CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 - -# ECB-CAMELLIA128.Encrypt -CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 -CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 -CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 - -# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A - -# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 - -# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B - -# For all CBC encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 - -# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 - -# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F - -# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt -# For all CFB128 encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-CAMELLIA128.Encrypt -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 - -# CFB128-CAMELLIA128.Decrypt -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 - -# CFB128-CAMELLIA192.Encrypt -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 - -# CFB128-CAMELLIA192.Decrypt -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 - -# CFB128-CAMELLIA256.Encrypt -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 - -# CFB128-CAMELLIA256.Decrypt -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 - -# For all OFB encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-CAMELLIA128.Encrypt -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 - -# OFB-CAMELLIA128.Decrypt -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 - -# OFB-CAMELLIA192.Encrypt -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 - -# OFB-CAMELLIA192.Decrypt -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 - -# OFB-CAMELLIA256.Encrypt -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 - -# OFB-CAMELLIA256.Decrypt -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 - -# SEED test vectors from RFC4269 -SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 -SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 -SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 -SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 -SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 -SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 -SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 -SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 - -# AES CCM 256 bit key -aes-256-ccm:1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e:5b8e40746f6b98e00f1d13ff41:53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a:9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726:c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0:2024931d73bca480c24a24ece6b6c2bf - -# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000::::58e2fccefa7e3061367f1d57a4e7455a -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78::ab6e47d42cec13bdf53a67b21257bddf -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985::4d5c2af327cd64a62cf35abd2ba6fab4 -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091:feedfacedeadbeeffeedfacedeadbeefabaddad2:5bc94fbc3221a5db94fae95ae7121a47 -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598:feedfacedeadbeeffeedfacedeadbeefabaddad2:3612d2e79e3b0785561be14aaca2fccb -aes-128-gcm:feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5:feedfacedeadbeeffeedfacedeadbeefabaddad2:619cc5aefffe0bfa462af43c1699d050 -aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000::::cd33b28ac773f74ba00ed1f312572435 -aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:98e7247c07f0fe411c267e4384b0f600::2ff58d80033927ab8ef4d4587514f0fb -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256::9924a7c8587336bfb118024db8674a14 -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710:feedfacedeadbeeffeedfacedeadbeefabaddad2:2519498e80f1478f37ba55bd6d27618c -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7:feedfacedeadbeeffeedfacedeadbeefabaddad2:65dcc57fcf623a24094fcca40d3533f8 -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b:feedfacedeadbeeffeedfacedeadbeefabaddad2:dcf566ff291c25bbb8568fc3d376a6d9 -aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000::::530f8afbc74536b9a963b4f1c4cb738b -aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:cea7403d4d606b6e074ec5d3baf39d18::d0d1c8a799996bf0265b98b5d48ab919 -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad::b094dac5d93471bdec1a502270e3cc6c -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662:feedfacedeadbeeffeedfacedeadbeefabaddad2:76fc6ece0f4e1768cddf8853bb2d551b -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f:feedfacedeadbeeffeedfacedeadbeefabaddad2:3a337dbf46a792c45e454913fe2ea8f2 -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f:feedfacedeadbeeffeedfacedeadbeefabaddad2:a44a8266ee1c8eb0c8b5d4cf5ae9f19a -# local add-ons, primarily streaming ghash tests -# 128 bytes aad -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:::d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad:5fea793a2d6f974d37e68e0cb8ff9492 -# 48 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0::9dd0a376b08e40eb00c35f29f9ea61a4 -# 80 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291::98885a3a22bd4742fe7b72172193b163 -# 128 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40::cac45f60e31efd3b5a43b98a22ce1aa1 -# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -aes-128-gcm:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606::566f8ef683078bfdeeffa869d751a017 -# 80 bytes plaintext, submitted by Intel -aes-128-gcm:843ffcf5d2b72694d19ed01d01249412:dbcca32ebf9b804617c3aa9e:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f:6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5:00000000000000000000000000000000101112131415161718191a1b1c1d1e1f:3b629ccfbc1119b7319e1dce2cd6fd6d - -# AES XTS test vectors from IEEE Std 1619-2007 -aes-128-xts:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000:917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -aes-128-xts:1111111111111111111111111111111122222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:00000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:01000000000000000000000000000000:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:02000000000000000000000000000000:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd:fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fd000000000000000000000000000000:8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fe000000000000000000000000000000:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:ff000000000000000000000000000000:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a:3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd - -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ff000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffff0000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffff00000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffff000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffffff0000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 - -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10:6c1625db4671522d3d7599601de7ca09ed -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f1011:d069444b7a7e0cab09e24447d24deb1fedbf -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f101112:e5df1351c0544ba1350b3363cd8ef4beedbf9d -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10111213:9d84c813f719aa2c7be3f66171c7c5c2edbf9dac -aes-128-xts:e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf:21436587a90000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 -# AES wrap tests from RFC3394 -id-aes128-wrap:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 -id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 -id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 diff --git a/test/ssltest_old b/test/ssltest_old Binary files differnew file mode 100755 index 0000000..3e3a27d --- /dev/null +++ b/test/ssltest_old diff --git a/test/testssl b/test/testssl index a6f9fa7..21bc4d8 100644 --- a/test/testssl +++ b/test/testssl @@ -292,4 +292,34 @@ if [ -z "$extra" -a `uname -m` = "x86_64" ]; then $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1 fi +############################################################################# +# Signature algorithms + SNI + +$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1 +$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1 +# Switching SSL_CTX on SNI must not break signature algorithm negotiation. +$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1 +$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1 + + +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect yes || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1 + +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1 + +$ssltest -bio_pair -s_ticket1 broken -c_ticket yes -ticket_expect no || exit 1 + exit 0 diff --git a/test/testutil.h b/test/testutil.h index 75f0c8a..e40b37e 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -103,7 +103,7 @@ * TEST_CASE_NAME is defined as the name of the test case function where * possible; otherwise we get by with the file name and line number. */ -# if __STDC_VERSION__ < 199901L +# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L # if defined(_MSC_VER) # define TEST_CASE_NAME __FUNCTION__ # else diff --git a/test/v3ext b/test/v3ext Binary files differnew file mode 100755 index 0000000..09a0c3a --- /dev/null +++ b/test/v3ext diff --git a/test/x509aux b/test/x509aux Binary files differnew file mode 100755 index 0000000..35378a8 --- /dev/null +++ b/test/x509aux diff --git a/tools/c_rehash b/tools/c_rehash deleted file mode 100644 index 6a27c02..0000000 --- a/tools/c_rehash +++ /dev/null @@ -1,210 +0,0 @@ -#!/usr/bin/perl - -# Perl c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. - -my $dir = "/usr/local/ssl"; -my $prefix = "/usr/local/ssl"; - -my $openssl = $ENV{OPENSSL} || "openssl"; -my $pwd; -my $x509hash = "-subject_hash"; -my $crlhash = "-hash"; -my $verbose = 0; -my $symlink_exists=eval {symlink("",""); 1}; -my $removelinks = 1; - -## Parse flags. -while ( $ARGV[0] =~ /^-/ ) { - my $flag = shift @ARGV; - last if ( $flag eq '--'); - if ( $flag eq '-old') { - $x509hash = "-subject_hash_old"; - $crlhash = "-hash_old"; - } elsif ( $flag eq '-h') { - help(); - } elsif ( $flag eq '-n' ) { - $removelinks = 0; - } elsif ( $flag eq '-v' ) { - $verbose++; - } - else { - print STDERR "Usage error; try -help.\n"; - exit 1; - } -} - -sub help { - print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; - print " -old use old-style digest\n"; - print " -h print this help text\n"; - print " -v print files removed and linked\n"; - exit 0; -} - -eval "require Cwd"; -if (defined(&Cwd::getcwd)) { - $pwd=Cwd::getcwd(); -} else { - $pwd=`pwd`; - chomp($pwd); -} - -# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. -my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; -$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); - -if(! -x $openssl) { - my $found = 0; - foreach (split /$path_delim/, $ENV{PATH}) { - if(-x "$_/$openssl") { - $found = 1; - $openssl = "$_/$openssl"; - last; - } - } - if($found == 0) { - print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; - exit 0; - } -} - -if(@ARGV) { - @dirlist = @ARGV; -} elsif($ENV{SSL_CERT_DIR}) { - @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; -} else { - $dirlist[0] = "$dir/certs"; -} - -if (-d $dirlist[0]) { - chdir $dirlist[0]; - $openssl="$pwd/$openssl" if (!-x $openssl); - chdir $pwd; -} - -foreach (@dirlist) { - if(-d $_ and -w $_) { - hash_dir($_); - } -} - -sub hash_dir { - my %hashlist; - print "Doing $_[0]\n"; - chdir $_[0]; - opendir(DIR, "."); - my @flist = readdir(DIR); - closedir DIR; - if ( $removelinks ) { - # Delete any existing symbolic links - foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { - if(-l $_) { - unlink $_; - print "unlink $_" if $verbose; - } - } - } - FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { - # Check to see if certificates and/or CRLs present. - my ($cert, $crl) = check_file($fname); - if(!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; - } - link_hash_cert($fname) if($cert); - link_hash_crl($fname) if($crl); - } -} - -sub check_file { - my ($is_cert, $is_crl) = (0,0); - my $fname = $_[0]; - open IN, $fname; - while(<IN>) { - if(/^-----BEGIN (.*)-----/) { - my $hdr = $1; - if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { - $is_cert = 1; - last if($is_crl); - } elsif($hdr eq "X509 CRL") { - $is_crl = 1; - last if($is_cert); - } - } - } - close IN; - return ($is_cert, $is_crl); -} - - -# Link a certificate to its subject name hash value, each hash is of -# the form <hash>.<n> where n is an integer. If the hash value already exists -# then we need to up the value of n, unless its a duplicate in which -# case we skip the link. We check for duplicates by comparing the -# certificate fingerprints - -sub link_hash_cert { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if($hashlist{"$hash.$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate certificate $fname\n"; - return; - } - $suffix++; - } - $hash .= ".$suffix"; - if ($symlink_exists) { - symlink $fname, $hash; - print "link $fname -> $hash\n" if $verbose; - } else { - open IN,"<$fname" or die "can't open $fname for read"; - open OUT,">$hash" or die "can't open $hash for write"; - print OUT <IN>; # does the job for small text files - close OUT; - close IN; - print "copy $fname -> $hash\n" if $verbose; - } - $hashlist{$hash} = $fprint; -} - -# Same as above except for a CRL. CRL links are of the form <hash>.r<n> - -sub link_hash_crl { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.r$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if($hashlist{"$hash.r$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate CRL $fname\n"; - return; - } - $suffix++; - } - $hash .= ".r$suffix"; - if ($symlink_exists) { - symlink $fname, $hash; - print "link $fname -> $hash\n" if $verbose; - } else { - system ("cp", $fname, $hash); - print "cp $fname -> $hash\n" if $verbose; - } - $hashlist{$hash} = $fprint; -} - diff --git a/util/copy-if-different.pl b/util/copy-if-different.pl index ec99e08..e1245f5 100644 --- a/util/copy-if-different.pl +++ b/util/copy-if-different.pl @@ -12,7 +12,7 @@ my @filelist; foreach my $arg (@ARGV) { $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... - foreach (glob $arg) + foreach (glob qq("$arg")) { push @filelist, $_; } diff --git a/util/copy.pl b/util/copy.pl index eba6d58..a6b2a54 100644 --- a/util/copy.pl +++ b/util/copy.pl @@ -19,7 +19,7 @@ foreach $arg (@ARGV) { next; } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... - foreach (glob $arg) + foreach (glob qq("$arg")) { push @filelist, $_; } @@ -34,11 +34,11 @@ else ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new RC=$? fi -if ! cmp -s Makefile.save Makefile.new; then - mv Makefile.new Makefile -else +if cmp -s Makefile.save Makefile.new; then mv Makefile.save Makefile rm -f Makefile.new +else + mv Makefile.new Makefile fi # unfake the presence of Kerberos rm $TOP/krb5.h diff --git a/util/libeay.num b/util/libeay.num index 2094ab3..fddfe1c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA @@ -4416,3 +4416,17 @@ X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION: +EVP_PKEY_meth_get_init 4775 EXIST::FUNCTION: +EVP_PKEY_meth_get_verify_recover 4776 EXIST::FUNCTION: +EVP_PKEY_meth_get_keygen 4777 EXIST::FUNCTION: +EVP_PKEY_meth_get_derive 4778 EXIST::FUNCTION: +EVP_PKEY_meth_get_verifyctx 4779 EXIST::FUNCTION: +EVP_PKEY_meth_get_paramgen 4780 EXIST::FUNCTION: +EVP_PKEY_meth_get_verify 4781 EXIST::FUNCTION: +EVP_PKEY_meth_get_sign 4782 EXIST::FUNCTION: +EVP_PKEY_meth_get_signctx 4783 EXIST::FUNCTION: +EVP_PKEY_meth_get_ctrl 4784 EXIST::FUNCTION: +EVP_PKEY_meth_get_decrypt 4785 EXIST::FUNCTION: +EVP_PKEY_meth_get_cleanup 4786 EXIST::FUNCTION: +EVP_PKEY_meth_get_encrypt 4787 EXIST::FUNCTION: +EVP_PKEY_meth_get_copy 4788 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 7a3ae11..6b31496 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -428,7 +428,7 @@ EOF { $extra_install .= <<"EOF" \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\" - \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\" + \$(CP) \$(E_SHLIB) \"\$(INSTALLTOP)${o}lib${o}engines\" EOF } } @@ -608,7 +608,7 @@ install: all \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" - \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\" \$(MKDIR) \"\$(OPENSSLDIR)\" \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" $extra_install @@ -1207,6 +1207,7 @@ sub read_options "no-ssl3-method" => 0, "no-tlsext" => \$no_tlsext, "no-tls1" => \$no_tls1, + "no-dtls1" => 0, "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, |