summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/des/FILES096
-rw-r--r--src/lib/libcrypto/engine/hw_sureware.c1039
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/sureware.h239
-rw-r--r--src/lib/libcrypto/idea/version12
-rw-r--r--src/lib/libcrypto/mdc2/mdc2test.c146
-rw-r--r--src/lib/libcrypto/rc5/rc5s.cpp70
-rw-r--r--src/lib/libcrypto/util/bat.sh2
-rw-r--r--src/lib/libcrypto/util/extract-names.pl22
-rw-r--r--src/lib/libcrypto/util/mkcerts.sh6
-rw-r--r--src/lib/libcrypto/util/pl/VC-CE.pl111
-rw-r--r--src/lib/libssl/src/INSTALL.DJGPP14
-rw-r--r--src/lib/libssl/src/INSTALL.WCE71
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c575
-rw-r--r--src/lib/libssl/src/crypto/des/FILES096
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_sureware.c1039
-rw-r--r--src/lib/libssl/src/crypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--src/lib/libssl/src/crypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--src/lib/libssl/src/crypto/engine/vendor_defns/sureware.h239
-rw-r--r--src/lib/libssl/src/crypto/idea/version12
-rw-r--r--src/lib/libssl/src/crypto/mdc2/mdc2test.c146
-rw-r--r--src/lib/libssl/src/crypto/mem_clr.c75
-rw-r--r--src/lib/libssl/src/crypto/rc5/rc5s.cpp70
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c7
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c3
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/Makefile16
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref.c47
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.c5
-rw-r--r--src/lib/libssl/src/doc/HOWTO/keys.txt73
-rw-r--r--src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod43
-rw-r--r--src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod81
-rw-r--r--src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod44
-rw-r--r--src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod96
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod47
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod80
-rw-r--r--src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod149
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS12_create.pod57
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS12_parse.pod50
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod53
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod65
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS7_sign.pod85
-rw-r--r--src/lib/libssl/src/doc/crypto/PKCS7_verify.pod116
-rw-r--r--src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod71
-rw-r--r--src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod59
-rw-r--r--src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod72
-rw-r--r--src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod110
-rw-r--r--src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod106
-rw-r--r--src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod105
-rw-r--r--src/lib/libssl/src/doc/crypto/X509_new.pod37
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_ASN1_OBJECT.pod29
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod82
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod56
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509.pod231
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509_ALGOR.pod30
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod37
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509_NAME.pod31
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod36
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_X509_SIG.pod30
-rw-r--r--src/lib/libssl/src/doc/crypto/engine.pod12
-rw-r--r--src/lib/libssl/src/doc/openssl-shared.txt32
-rw-r--r--src/lib/libssl/src/ms/tencce.bat19
-rw-r--r--src/lib/libssl/src/ms/testce.bat234
-rw-r--r--src/lib/libssl/src/ms/testce2.bat2
-rw-r--r--src/lib/libssl/src/ms/testencce.bat97
-rw-r--r--src/lib/libssl/src/ms/testpemce.bat42
-rw-r--r--src/lib/libssl/src/ms/testssce.bat104
-rw-r--r--src/lib/libssl/src/ms/tpemce.bat8
-rw-r--r--src/lib/libssl/src/shlib/sco5-shared-gcc.sh48
-rw-r--r--src/lib/libssl/src/shlib/sco5-shared-installed28
-rw-r--r--src/lib/libssl/src/shlib/sco5-shared.sh48
-rw-r--r--src/lib/libssl/src/test/evptests.txt183
-rw-r--r--src/lib/libssl/src/util/bat.sh2
-rw-r--r--src/lib/libssl/src/util/extract-names.pl22
-rw-r--r--src/lib/libssl/src/util/mkcerts.sh6
-rw-r--r--src/lib/libssl/src/util/pl/VC-CE.pl111
-rw-r--r--src/lib/libssl/test/evptests.txt183
77 files changed, 8629 insertions, 43 deletions
diff --git a/src/lib/libcrypto/des/FILES0 b/src/lib/libcrypto/des/FILES0
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libcrypto/des/FILES0
@@ -0,0 +1,96 @@
1/* General stuff */
2COPYRIGHT - Copyright info.
3MODES.DES - A description of the features of the different modes of DES.
4FILES - This file.
5INSTALL - How to make things compile.
6Imakefile - For use with kerberos.
7README - What this package is.
8VERSION - Which version this is and what was changed.
9KERBEROS - Kerberos version 4 notes.
10Makefile.PL - An old makefile to build with perl5, not current.
11Makefile.ssl - The SSLeay makefile
12Makefile.uni - The normal unix makefile.
13GNUmakefile - The makefile for use with glibc.
14makefile.bc - A Borland C makefile
15times - Some outputs from 'speed' on some machines.
16vms.com - For use when compiling under VMS
17
18/* My SunOS des(1) replacement */
19des.c - des(1) source code.
20des.man - des(1) manual.
21
22/* Testing and timing programs. */
23destest.c - Source for libdes.a test program.
24speed.c - Source for libdes.a timing program.
25rpw.c - Source for libdes.a testing password reading routines.
26
27/* libdes.a source code */
28des_crypt.man - libdes.a manual page.
29des.h - Public libdes.a header file.
30ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code.
31ecb3_enc.c - des_ecb3_encrypt() source.
32cbc_ckm.c - des_cbc_cksum() source.
33cbc_enc.c - des_cbc_encrypt() source.
34ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies
35 the new iv values back in the passed iv vector.
36ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES.
37cbc3_enc.c - des_3cbc_encrypt() source, don't use this function.
38cfb_enc.c - des_cfb_encrypt() source.
39cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
40 used as a stream cipher.
41cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
42 used as a stream cipher and using triple DES.
43ofb_enc.c - des_cfb_encrypt() source.
44ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be
45 used as a stream cipher.
46ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
47 used as a stream cipher and using triple DES.
48enc_read.c - des_enc_read() source.
49enc_writ.c - des_enc_write() source.
50pcbc_enc.c - des_pcbc_encrypt() source.
51qud_cksm.c - quad_cksum() source.
52rand_key.c - des_random_key() source.
53read_pwd.c - Source for des_read_password() plus related functions.
54set_key.c - Source for des_set_key().
55str2key.c - Covert a string of any length into a key.
56fcrypt.c - A small, fast version of crypt(3).
57des_locl.h - Internal libdes.a header file.
58podd.h - Odd parity tables - used in des_set_key().
59sk.h - Lookup tables used in des_set_key().
60spr.h - What is left of the S tables - used in ecb_encrypt().
61des_ver.h - header file for the external definition of the
62 version string.
63des.doc - SSLeay documentation for the library.
64
65/* The perl scripts - you can ignore these files they are only
66 * included for the curious */
67des.pl - des in perl anyone? des_set_key and des_ecb_encrypt
68 both done in a perl library.
69testdes.pl - Testing program for des.pl
70doIP - Perl script used to develop IP xor/shift code.
71doPC1 - Perl script used to develop PC1 xor/shift code.
72doPC2 - Generates sk.h.
73PC1 - Output of doPC1 should be the same as output from PC1.
74PC2 - used in development of doPC2.
75shifts.pl - Perl library used by my perl scripts.
76
77/* I started making a perl5 dynamic library for libdes
78 * but did not fully finish, these files are part of that effort. */
79DES.pm
80DES.pod
81DES.xs
82t
83typemap
84
85/* The following are for use with sun RPC implementaions. */
86rpc_des.h
87rpc_enc.c
88
89/* The following are contibuted by Mark Murray <mark@grondar.za>. They
90 * are not normally built into libdes due to machine specific routines
91 * contained in them. They are for use in the most recent incarnation of
92 * export kerberos v 4 (eBones). */
93supp.c
94new_rkey.c
95
96
diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
1/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
2*
3*
4* Redistribution and use in source and binary forms, with or without
5* modification, are permitted provided that the following conditions
6* are met:
7*
8* 1. Redistributions of source code must retain the above copyright
9* notice, this list of conditions and the following disclaimer.
10*
11* 2. Redistributions in binary form must reproduce the above copyright
12* notice, this list of conditions and the following disclaimer in
13* the documentation and/or other materials provided with the
14* distribution.
15*
16* 3. All advertising materials mentioning features or use of this
17* software must display the following acknowledgment:
18* "This product includes software developed by the OpenSSL Project
19* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20*
21* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22* endorse or promote products derived from this software without
23* prior written permission. For written permission, please contact
24* licensing@OpenSSL.org.
25*
26* 5. Products derived from this software may not be called "OpenSSL"
27* nor may "OpenSSL" appear in their names without prior written
28* permission of the OpenSSL Project.
29*
30* 6. Redistributions of any form whatsoever must retain the following
31* acknowledgment:
32* "This product includes software developed by the OpenSSL Project
33* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34*
35* Written by Corinne Dive-Reclus(cdive@baltimore.com)
36*
37* Copyright@2001 Baltimore Technologies Ltd.
38* All right Reserved.
39* *
40* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
41* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
42* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
43* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
44* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
45* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
46* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
47* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
48* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
49* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
50* SUCH DAMAGE. *
51====================================================================*/
52
53#include <stdio.h>
54#include "cryptlib.h"
55#include <openssl/crypto.h>
56#include <openssl/pem.h>
57#include <openssl/dso.h>
58#include "eng_int.h"
59#include "engine.h"
60#include <openssl/engine.h>
61
62#ifndef OPENSSL_NO_HW
63#ifndef OPENSSL_NO_HW_SUREWARE
64
65#ifdef FLAT_INC
66#include "sureware.h"
67#else
68#include "vendor_defns/sureware.h"
69#endif
70
71#define SUREWARE_LIB_NAME "sureware engine"
72#include "hw_sureware_err.c"
73
74static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
75static int surewarehk_destroy(ENGINE *e);
76static int surewarehk_init(ENGINE *e);
77static int surewarehk_finish(ENGINE *e);
78static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx);
80
81/* RSA stuff */
82static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
83 RSA *rsa,int padding);
84static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
85 RSA *rsa,int padding);
86
87/* RAND stuff */
88static int surewarehk_rand_bytes(unsigned char *buf, int num);
89static void surewarehk_rand_seed(const void *buf, int num);
90static void surewarehk_rand_add(const void *buf, int num, double entropy);
91
92/* KM stuff */
93static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
94 UI_METHOD *ui_method, void *callback_data);
95static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
96 UI_METHOD *ui_method, void *callback_data);
97static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
98 int idx,long argl, void *argp);
99#if 0
100static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
101 int idx,long argl, void *argp);
102#endif
103
104#ifndef OPENSSL_NO_RSA
105/* This function is aliased to mod_exp (with the mont stuff dropped). */
106static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
108{
109 return surewarehk_modexp(r, a, p, m, ctx);
110}
111
112/* Our internal RSA_METHOD that we provide pointers to */
113static RSA_METHOD surewarehk_rsa =
114 {
115 "SureWare RSA method",
116 NULL, /* pub_enc*/
117 NULL, /* pub_dec*/
118 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
119 surewarehk_rsa_priv_dec, /* priv_dec*/
120 NULL, /*mod_exp*/
121 surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
122 NULL, /* init*/
123 NULL, /* finish*/
124 0, /* RSA flag*/
125 NULL,
126 NULL, /* OpenSSL sign*/
127 NULL /* OpenSSL verify*/
128 };
129#endif
130
131#ifndef OPENSSL_NO_DH
132/* Our internal DH_METHOD that we provide pointers to */
133/* This function is aliased to mod_exp (with the dh and mont dropped). */
134static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
135 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
136{
137 return surewarehk_modexp(r, a, p, m, ctx);
138}
139
140static DH_METHOD surewarehk_dh =
141 {
142 "SureWare DH method",
143 NULL,/*gen_key*/
144 NULL,/*agree,*/
145 surewarehk_modexp_dh, /*dh mod exp*/
146 NULL, /* init*/
147 NULL, /* finish*/
148 0, /* flags*/
149 NULL
150 };
151#endif
152
153static RAND_METHOD surewarehk_rand =
154 {
155 /* "SureWare RAND method", */
156 surewarehk_rand_seed,
157 surewarehk_rand_bytes,
158 NULL,/*cleanup*/
159 surewarehk_rand_add,
160 surewarehk_rand_bytes,
161 NULL,/*rand_status*/
162 };
163
164#ifndef OPENSSL_NO_DSA
165/* DSA stuff */
166static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
167static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
168 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
169 BN_CTX *ctx, BN_MONT_CTX *in_mont)
170{
171 BIGNUM t;
172 int to_return = 0;
173 BN_init(&t);
174 /* let rr = a1 ^ p1 mod m */
175 if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
176 /* let t = a2 ^ p2 mod m */
177 if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
178 /* let rr = rr * t mod m */
179 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
180 to_return = 1;
181end:
182 BN_free(&t);
183 return to_return;
184}
185
186static DSA_METHOD surewarehk_dsa =
187 {
188 "SureWare DSA method",
189 surewarehk_dsa_do_sign,
190 NULL,/*sign setup*/
191 NULL,/*verify,*/
192 surewarehk_dsa_mod_exp,/*mod exp*/
193 NULL,/*bn mod exp*/
194 NULL, /*init*/
195 NULL,/*finish*/
196 0,
197 NULL,
198 };
199#endif
200
201static const char *engine_sureware_id = "sureware";
202static const char *engine_sureware_name = "SureWare hardware engine support";
203
204/* Now, to our own code */
205
206/* As this is only ever called once, there's no need for locking
207 * (indeed - the lock will already be held by our caller!!!) */
208static int bind_sureware(ENGINE *e)
209{
210#ifndef OPENSSL_NO_RSA
211 const RSA_METHOD *meth1;
212#endif
213#ifndef OPENSSL_NO_DSA
214 const DSA_METHOD *meth2;
215#endif
216#ifndef OPENSSL_NO_DH
217 const DH_METHOD *meth3;
218#endif
219
220 if(!ENGINE_set_id(e, engine_sureware_id) ||
221 !ENGINE_set_name(e, engine_sureware_name) ||
222#ifndef OPENSSL_NO_RSA
223 !ENGINE_set_RSA(e, &surewarehk_rsa) ||
224#endif
225#ifndef OPENSSL_NO_DSA
226 !ENGINE_set_DSA(e, &surewarehk_dsa) ||
227#endif
228#ifndef OPENSSL_NO_DH
229 !ENGINE_set_DH(e, &surewarehk_dh) ||
230#endif
231 !ENGINE_set_RAND(e, &surewarehk_rand) ||
232 !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
233 !ENGINE_set_init_function(e, surewarehk_init) ||
234 !ENGINE_set_finish_function(e, surewarehk_finish) ||
235 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
236 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
237 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
238 return 0;
239
240#ifndef OPENSSL_NO_RSA
241 /* We know that the "PKCS1_SSLeay()" functions hook properly
242 * to the cswift-specific mod_exp and mod_exp_crt so we use
243 * those functions. NB: We don't use ENGINE_openssl() or
244 * anything "more generic" because something like the RSAref
245 * code may not hook properly, and if you own one of these
246 * cards then you have the right to do RSA operations on it
247 * anyway! */
248 meth1 = RSA_PKCS1_SSLeay();
249 if (meth1)
250 {
251 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 }
254#endif
255
256#ifndef OPENSSL_NO_DSA
257 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
258 * bits. */
259 meth2 = DSA_OpenSSL();
260 if (meth2)
261 {
262 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
263 }
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 if (meth3)
270 {
271 surewarehk_dh.generate_key = meth3->generate_key;
272 surewarehk_dh.compute_key = meth3->compute_key;
273 }
274#endif
275
276 /* Ensure the sureware error handling is set up */
277 ERR_load_SUREWARE_strings();
278 return 1;
279}
280
281#ifdef ENGINE_DYNAMIC_SUPPORT
282static int bind_helper(ENGINE *e, const char *id)
283 {
284 if(id && (strcmp(id, engine_sureware_id) != 0))
285 return 0;
286 if(!bind_sureware(e))
287 return 0;
288 return 1;
289 }
290IMPLEMENT_DYNAMIC_CHECK_FN()
291IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
292#else
293static ENGINE *engine_sureware(void)
294 {
295 ENGINE *ret = ENGINE_new();
296 if(!ret)
297 return NULL;
298 if(!bind_sureware(ret))
299 {
300 ENGINE_free(ret);
301 return NULL;
302 }
303 return ret;
304 }
305
306void ENGINE_load_sureware(void)
307 {
308 /* Copied from eng_[openssl|dyn].c */
309 ENGINE *toadd = engine_sureware();
310 if(!toadd) return;
311 ENGINE_add(toadd);
312 ENGINE_free(toadd);
313 ERR_clear_error();
314 }
315#endif
316
317/* This is a process-global DSO handle used for loading and unloading
318 * the SureWareHook library. NB: This is only set (or unset) during an
319 * init() or finish() call (reference counts permitting) and they're
320 * operating with global locks, so this should be thread-safe
321 * implicitly. */
322static DSO *surewarehk_dso = NULL;
323#ifndef OPENSSL_NO_RSA
324static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
325#endif
326#ifndef OPENSSL_NO_DSA
327static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
328#endif
329
330/* These are the function pointers that are (un)set when the library has
331 * successfully (un)loaded. */
332static SureWareHook_Init_t *p_surewarehk_Init = NULL;
333static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
334static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
335static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
336static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
337static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
338static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
339static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
340static SureWareHook_Free_t *p_surewarehk_Free=NULL;
341static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
342static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
343static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
344static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
345
346/* Used in the DSO operations. */
347static const char *surewarehk_LIBNAME = "SureWareHook";
348static const char *n_surewarehk_Init = "SureWareHook_Init";
349static const char *n_surewarehk_Finish = "SureWareHook_Finish";
350static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
351static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
352static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
353static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
354static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
355static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
356static const char *n_surewarehk_Free="SureWareHook_Free";
357static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
358static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
359static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
360static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
361static BIO *logstream = NULL;
362
363/* SureWareHook library functions and mechanics - these are used by the
364 * higher-level functions further down. NB: As and where there's no
365 * error checking, take a look lower down where these functions are
366 * called, the checking and error handling is probably down there.
367*/
368static int threadsafe=1;
369static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
370{
371 int to_return = 1;
372
373 switch(cmd)
374 {
375 case ENGINE_CTRL_SET_LOGSTREAM:
376 {
377 BIO *bio = (BIO *)p;
378 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
379 if (logstream)
380 {
381 BIO_free(logstream);
382 logstream = NULL;
383 }
384 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
385 logstream = bio;
386 else
387 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
388 }
389 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
390 break;
391 /* This will prevent the initialisation function from "installing"
392 * the mutex-handling callbacks, even if they are available from
393 * within the library (or were provided to the library from the
394 * calling application). This is to remove any baggage for
395 * applications not using multithreading. */
396 case ENGINE_CTRL_CHIL_NO_LOCKING:
397 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
398 threadsafe = 0;
399 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
400 break;
401
402 /* The command isn't understood by this engine */
403 default:
404 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
405 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
406 to_return = 0;
407 break;
408 }
409
410 return to_return;
411}
412
413/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
414static int surewarehk_destroy(ENGINE *e)
415{
416 ERR_unload_SUREWARE_strings();
417 return 1;
418}
419
420/* (de)initialisation functions. */
421static int surewarehk_init(ENGINE *e)
422{
423 char msg[64]="ENGINE_init";
424 SureWareHook_Init_t *p1=NULL;
425 SureWareHook_Finish_t *p2=NULL;
426 SureWareHook_Rand_Bytes_t *p3=NULL;
427 SureWareHook_Rand_Seed_t *p4=NULL;
428 SureWareHook_Load_Privkey_t *p5=NULL;
429 SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
430 SureWareHook_Free_t *p7=NULL;
431 SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
432 SureWareHook_Rsa_Sign_t *p9=NULL;
433 SureWareHook_Dsa_Sign_t *p12=NULL;
434 SureWareHook_Info_Pubkey_t *p13=NULL;
435 SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
436 SureWareHook_Mod_Exp_t *p15=NULL;
437
438 if(surewarehk_dso != NULL)
439 {
440 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
441 goto err;
442 }
443 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
444 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
445 if(surewarehk_dso == NULL)
446 {
447 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
448 goto err;
449 }
450 if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
451 !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
452 !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
453 !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
454 !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
455 !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
456 !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
457 !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
458 !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
459 !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
460 !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
461 !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
462 !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
463 {
464 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
465 goto err;
466 }
467 /* Copy the pointers */
468 p_surewarehk_Init = p1;
469 p_surewarehk_Finish = p2;
470 p_surewarehk_Rand_Bytes = p3;
471 p_surewarehk_Rand_Seed = p4;
472 p_surewarehk_Load_Privkey = p5;
473 p_surewarehk_Load_Rsa_Pubkey = p6;
474 p_surewarehk_Free = p7;
475 p_surewarehk_Rsa_Priv_Dec = p8;
476 p_surewarehk_Rsa_Sign = p9;
477 p_surewarehk_Dsa_Sign = p12;
478 p_surewarehk_Info_Pubkey = p13;
479 p_surewarehk_Load_Dsa_Pubkey = p14;
480 p_surewarehk_Mod_Exp = p15;
481 /* Contact the hardware and initialises it. */
482 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
483 {
484 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
485 goto err;
486 }
487 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
488 {
489 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
490 goto err;
491 }
492 /* try to load the default private key, if failed does not return a failure but
493 wait for an explicit ENGINE_load_privakey */
494 surewarehk_load_privkey(e,NULL,NULL,NULL);
495
496 /* Everything's fine. */
497#ifndef OPENSSL_NO_RSA
498 if (rsaHndidx == -1)
499 rsaHndidx = RSA_get_ex_new_index(0,
500 "SureWareHook RSA key handle",
501 NULL, NULL, surewarehk_ex_free);
502#endif
503#ifndef OPENSSL_NO_DSA
504 if (dsaHndidx == -1)
505 dsaHndidx = DSA_get_ex_new_index(0,
506 "SureWareHook DSA key handle",
507 NULL, NULL, surewarehk_ex_free);
508#endif
509
510 return 1;
511err:
512 if(surewarehk_dso)
513 DSO_free(surewarehk_dso);
514 surewarehk_dso = NULL;
515 p_surewarehk_Init = NULL;
516 p_surewarehk_Finish = NULL;
517 p_surewarehk_Rand_Bytes = NULL;
518 p_surewarehk_Rand_Seed = NULL;
519 p_surewarehk_Load_Privkey = NULL;
520 p_surewarehk_Load_Rsa_Pubkey = NULL;
521 p_surewarehk_Free = NULL;
522 p_surewarehk_Rsa_Priv_Dec = NULL;
523 p_surewarehk_Rsa_Sign = NULL;
524 p_surewarehk_Dsa_Sign = NULL;
525 p_surewarehk_Info_Pubkey = NULL;
526 p_surewarehk_Load_Dsa_Pubkey = NULL;
527 p_surewarehk_Mod_Exp = NULL;
528 return 0;
529}
530
531static int surewarehk_finish(ENGINE *e)
532{
533 int to_return = 1;
534 if(surewarehk_dso == NULL)
535 {
536 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
537 to_return = 0;
538 goto err;
539 }
540 p_surewarehk_Finish();
541 if(!DSO_free(surewarehk_dso))
542 {
543 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
544 to_return = 0;
545 goto err;
546 }
547 err:
548 if (logstream)
549 BIO_free(logstream);
550 surewarehk_dso = NULL;
551 p_surewarehk_Init = NULL;
552 p_surewarehk_Finish = NULL;
553 p_surewarehk_Rand_Bytes = NULL;
554 p_surewarehk_Rand_Seed = NULL;
555 p_surewarehk_Load_Privkey = NULL;
556 p_surewarehk_Load_Rsa_Pubkey = NULL;
557 p_surewarehk_Free = NULL;
558 p_surewarehk_Rsa_Priv_Dec = NULL;
559 p_surewarehk_Rsa_Sign = NULL;
560 p_surewarehk_Dsa_Sign = NULL;
561 p_surewarehk_Info_Pubkey = NULL;
562 p_surewarehk_Load_Dsa_Pubkey = NULL;
563 p_surewarehk_Mod_Exp = NULL;
564 return to_return;
565}
566
567static void surewarehk_error_handling(char *const msg,int func,int ret)
568{
569 switch (ret)
570 {
571 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
572 ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
573 break;
574 case SUREWAREHOOK_ERROR_FALLBACK:
575 ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
576 break;
577 case SUREWAREHOOK_ERROR_DATA_SIZE:
578 ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
579 break;
580 case SUREWAREHOOK_ERROR_INVALID_PAD:
581 ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
582 break;
583 default:
584 ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
585 break;
586 case 1:/*nothing*/
587 msg[0]='\0';
588 }
589 if (*msg)
590 {
591 ERR_add_error_data(1,msg);
592 if (logstream)
593 {
594 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
595 BIO_write(logstream, msg, strlen(msg));
596 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
597 }
598 }
599}
600
601static int surewarehk_rand_bytes(unsigned char *buf, int num)
602{
603 int ret=0;
604 char msg[64]="ENGINE_rand_bytes";
605 if(!p_surewarehk_Rand_Bytes)
606 {
607 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
608 }
609 else
610 {
611 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
612 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
613 }
614 return ret==1 ? 1 : 0;
615}
616
617static void surewarehk_rand_seed(const void *buf, int num)
618{
619 int ret=0;
620 char msg[64]="ENGINE_rand_seed";
621 if(!p_surewarehk_Rand_Seed)
622 {
623 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
624 }
625 else
626 {
627 ret = p_surewarehk_Rand_Seed(msg,buf, num);
628 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
629 }
630}
631
632static void surewarehk_rand_add(const void *buf, int num, double entropy)
633{
634 surewarehk_rand_seed(buf,num);
635}
636
637static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
638{
639 EVP_PKEY *res = NULL;
640#ifndef OPENSSL_NO_RSA
641 RSA *rsatmp = NULL;
642#endif
643#ifndef OPENSSL_NO_DSA
644 DSA *dsatmp=NULL;
645#endif
646 char msg[64]="sureware_load_public";
647 int ret=0;
648 if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
649 {
650 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
651 goto err;
652 }
653 switch (keytype)
654 {
655#ifndef OPENSSL_NO_RSA
656 case 1: /*RSA*/
657 /* set private external reference */
658 rsatmp = RSA_new_method(e);
659 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
660 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
661
662 /* set public big nums*/
663 rsatmp->e = BN_new();
664 rsatmp->n = BN_new();
665 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
666 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
667 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
668 !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
669 goto err;
670 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
671 (unsigned long *)rsatmp->n->d,
672 (unsigned long *)rsatmp->e->d);
673 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
674 if (ret!=1)
675 {
676 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
677 goto err;
678 }
679 /* normalise pub e and pub n */
680 rsatmp->e->top=el/sizeof(BN_ULONG);
681 bn_fix_top(rsatmp->e);
682 rsatmp->n->top=el/sizeof(BN_ULONG);
683 bn_fix_top(rsatmp->n);
684 /* create an EVP object: engine + rsa key */
685 res = EVP_PKEY_new();
686 EVP_PKEY_assign_RSA(res, rsatmp);
687 break;
688#endif
689
690#ifndef OPENSSL_NO_DSA
691 case 2:/*DSA*/
692 /* set private/public external reference */
693 dsatmp = DSA_new_method(e);
694 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
695 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
696
697 /* set public key*/
698 dsatmp->pub_key = BN_new();
699 dsatmp->p = BN_new();
700 dsatmp->q = BN_new();
701 dsatmp->g = BN_new();
702 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
703 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
704 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
705 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
706 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
707 !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
708 !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
709 !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
710 goto err;
711
712 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
713 (unsigned long *)dsatmp->pub_key->d,
714 (unsigned long *)dsatmp->p->d,
715 (unsigned long *)dsatmp->q->d,
716 (unsigned long *)dsatmp->g->d);
717 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
718 if (ret!=1)
719 {
720 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
721 goto err;
722 }
723 /* set parameters */
724 /* normalise pubkey and parameters in case of */
725 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
726 bn_fix_top(dsatmp->pub_key);
727 dsatmp->p->top=el/sizeof(BN_ULONG);
728 bn_fix_top(dsatmp->p);
729 dsatmp->q->top=20/sizeof(BN_ULONG);
730 bn_fix_top(dsatmp->q);
731 dsatmp->g->top=el/sizeof(BN_ULONG);
732 bn_fix_top(dsatmp->g);
733
734 /* create an EVP object: engine + rsa key */
735 res = EVP_PKEY_new();
736 EVP_PKEY_assign_DSA(res, dsatmp);
737 break;
738#endif
739
740 default:
741 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
742 goto err;
743 }
744 return res;
745 err:
746 if (res)
747 EVP_PKEY_free(res);
748#ifndef OPENSSL_NO_RSA
749 if (rsatmp)
750 RSA_free(rsatmp);
751#endif
752#ifndef OPENSSL_NO_DSA
753 if (dsatmp)
754 DSA_free(dsatmp);
755#endif
756 return NULL;
757}
758
759static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
760 UI_METHOD *ui_method, void *callback_data)
761{
762 EVP_PKEY *res = NULL;
763 int ret=0;
764 unsigned long el=0;
765 char *hptr=NULL;
766 char keytype=0;
767 char msg[64]="ENGINE_load_privkey";
768
769 if(!p_surewarehk_Load_Privkey)
770 {
771 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
772 }
773 else
774 {
775 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
776 if (ret!=1)
777 {
778 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
779 ERR_add_error_data(1,msg);
780 }
781 else
782 res=sureware_load_public(e,key_id,hptr,el,keytype);
783 }
784 return res;
785}
786
787static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
788 UI_METHOD *ui_method, void *callback_data)
789{
790 EVP_PKEY *res = NULL;
791 int ret=0;
792 unsigned long el=0;
793 char *hptr=NULL;
794 char keytype=0;
795 char msg[64]="ENGINE_load_pubkey";
796
797 if(!p_surewarehk_Info_Pubkey)
798 {
799 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
800 }
801 else
802 {
803 /* call once to identify if DSA or RSA */
804 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
805 if (ret!=1)
806 {
807 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
808 ERR_add_error_data(1,msg);
809 }
810 else
811 res=sureware_load_public(e,key_id,hptr,el,keytype);
812 }
813 return res;
814}
815
816/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
817, called when ex_data is freed */
818static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
819 int idx,long argl, void *argp)
820{
821 if(!p_surewarehk_Free)
822 {
823 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
824 }
825 else
826 p_surewarehk_Free((char *)item,0);
827}
828
829#if 0
830/* This cleans up an DH KM key (destroys the key into hardware),
831called when ex_data is freed */
832static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
833 int idx,long argl, void *argp)
834{
835 if(!p_surewarehk_Free)
836 {
837 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
838 }
839 else
840 p_surewarehk_Free((char *)item,1);
841}
842#endif
843
844/*
845* return number of decrypted bytes
846*/
847#ifndef OPENSSL_NO_RSA
848static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
849 RSA *rsa,int padding)
850{
851 int ret=0,tlen;
852 char *buf=NULL,*hptr=NULL;
853 char msg[64]="ENGINE_rsa_priv_dec";
854 if (!p_surewarehk_Rsa_Priv_Dec)
855 {
856 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
857 }
858 /* extract ref to private key */
859 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
860 {
861 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
862 goto err;
863 }
864 /* analyse what padding we can do into the hardware */
865 if (padding==RSA_PKCS1_PADDING)
866 {
867 /* do it one shot */
868 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
869 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
870 if (ret!=1)
871 goto err;
872 ret=tlen;
873 }
874 else /* do with no padding into hardware */
875 {
876 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
877 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
878 if (ret!=1)
879 goto err;
880 /* intermediate buffer for padding */
881 if ((buf=OPENSSL_malloc(tlen)) == NULL)
882 {
883 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
884 goto err;
885 }
886 memcpy(buf,to,tlen);/* transfert to into buf */
887 switch (padding) /* check padding in software */
888 {
889#ifndef OPENSSL_NO_SHA
890 case RSA_PKCS1_OAEP_PADDING:
891 ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
892 break;
893#endif
894 case RSA_SSLV23_PADDING:
895 ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
896 break;
897 case RSA_NO_PADDING:
898 ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
899 break;
900 default:
901 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
902 goto err;
903 }
904 if (ret < 0)
905 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
906 }
907err:
908 if (buf)
909 {
910 OPENSSL_cleanse(buf,tlen);
911 OPENSSL_free(buf);
912 }
913 return ret;
914}
915
916/*
917* Does what OpenSSL rsa_priv_enc does.
918*/
919static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
920 RSA *rsa,int padding)
921{
922 int ret=0,tlen;
923 char *hptr=NULL;
924 char msg[64]="ENGINE_rsa_sign";
925 if (!p_surewarehk_Rsa_Sign)
926 {
927 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
928 }
929 /* extract ref to private key */
930 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
931 {
932 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
933 }
934 else
935 {
936 switch (padding)
937 {
938 case RSA_PKCS1_PADDING: /* do it in one shot */
939 ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
940 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
941 break;
942 case RSA_NO_PADDING:
943 default:
944 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
945 }
946 }
947 return ret==1 ? tlen : ret;
948}
949
950#endif
951
952#ifndef OPENSSL_NO_DSA
953/* DSA sign and verify */
954static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
955{
956 int ret=0;
957 char *hptr=NULL;
958 DSA_SIG *psign=NULL;
959 char msg[64]="ENGINE_dsa_do_sign";
960 if (!p_surewarehk_Dsa_Sign)
961 {
962 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
963 }
964 /* extract ref to private key */
965 else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
966 {
967 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
968 }
969 else
970 {
971 if((psign = DSA_SIG_new()) == NULL)
972 {
973 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
974 goto err;
975 }
976 psign->r=BN_new();
977 psign->s=BN_new();
978 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
979 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
980 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
981 !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
982 goto err;
983 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
984 (unsigned long *)psign->r->d,
985 (unsigned long *)psign->s->d,
986 hptr);
987 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
988 }
989 psign->r->top=20/sizeof(BN_ULONG);
990 bn_fix_top(psign->r);
991 psign->s->top=20/sizeof(BN_ULONG);
992 bn_fix_top(psign->s);
993
994err:
995 if (psign)
996 {
997 DSA_SIG_free(psign);
998 psign=NULL;
999 }
1000 return psign;
1001}
1002#endif
1003
1004static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1005 const BIGNUM *m, BN_CTX *ctx)
1006{
1007 int ret=0;
1008 char msg[64]="ENGINE_modexp";
1009 if (!p_surewarehk_Mod_Exp)
1010 {
1011 SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
1012 }
1013 else
1014 {
1015 bn_expand2(r,m->top);
1016 if (r && r->dmax==m->top)
1017 {
1018 /* do it*/
1019 ret=p_surewarehk_Mod_Exp(msg,
1020 m->top*sizeof(BN_ULONG),
1021 (unsigned long *)m->d,
1022 p->top*sizeof(BN_ULONG),
1023 (unsigned long *)p->d,
1024 a->top*sizeof(BN_ULONG),
1025 (unsigned long *)a->d,
1026 (unsigned long *)r->d);
1027 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
1028 if (ret==1)
1029 {
1030 /* normalise result */
1031 r->top=m->top;
1032 bn_fix_top(r);
1033 }
1034 }
1035 }
1036 return ret;
1037}
1038#endif /* !OPENSSL_NO_HW_SureWare */
1039#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
1/******************************************************************************
2 *
3 * Copyright 2000
4 * Broadcom Corporation
5 * 16215 Alton Parkway
6 * PO Box 57013
7 * Irvine CA 92619-7013
8 *
9 *****************************************************************************/
10/*
11 * Broadcom Corporation uBSec SDK
12 */
13/*
14 * Character device header file.
15 */
16/*
17 * Revision History:
18 *
19 * October 2000 JTT Created.
20 */
21
22#define MAX_PUBLIC_KEY_BITS (1024)
23#define MAX_PUBLIC_KEY_BYTES (1024/8)
24#define SHA_BIT_SIZE (160)
25#define MAX_CRYPTO_KEY_LENGTH 24
26#define MAX_MAC_KEY_LENGTH 64
27#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
28#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
29
30/* Math command types. */
31#define UBSEC_MATH_MODADD 0x0001
32#define UBSEC_MATH_MODSUB 0x0002
33#define UBSEC_MATH_MODMUL 0x0004
34#define UBSEC_MATH_MODEXP 0x0008
35#define UBSEC_MATH_MODREM 0x0010
36#define UBSEC_MATH_MODINV 0x0020
37
38typedef long ubsec_MathCommand_t;
39typedef long ubsec_RNGCommand_t;
40
41typedef struct ubsec_crypto_context_s {
42 unsigned int flags;
43 unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
44 unsigned char auth[MAX_MAC_KEY_LENGTH];
45} ubsec_crypto_context_t, *ubsec_crypto_context_p;
46
47/*
48 * Predeclare the function pointer types that we dynamically load from the DSO.
49 */
50
51typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
52
53typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
54
55typedef int t_UBSEC_ubsec_open(unsigned char *device);
56
57typedef int t_UBSEC_ubsec_close(int fd);
58
59typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
60 unsigned char *x, int *x_len, unsigned char *y, int *y_len,
61 unsigned char *g, int g_len, unsigned char *m, int m_len,
62 unsigned char *userX, int userX_len, int random_bits);
63
64typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
65 unsigned char *x, int x_len, unsigned char *y, int y_len,
66 unsigned char *m, int m_len, unsigned char *k, int *k_len);
67
68typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
69 unsigned char *x, int x_len, unsigned char *m, int m_len,
70 unsigned char *e, int e_len, unsigned char *y, int *y_len);
71
72typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
73 unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
74 unsigned char *edq, int edq_len, unsigned char *q, int q_len,
75 unsigned char *edp, int edp_len, unsigned char *p, int p_len,
76 unsigned char *y, int *y_len);
77
78typedef int t_UBSEC_dsa_sign_ioctl (int fd,
79 int hash, unsigned char *data, int data_len,
80 unsigned char *rndom, int random_len,
81 unsigned char *p, int p_len, unsigned char *q, int q_len,
82 unsigned char *g, int g_len, unsigned char *key, int key_len,
83 unsigned char *r, int *r_len, unsigned char *s, int *s_len);
84
85typedef int t_UBSEC_dsa_verify_ioctl (int fd,
86 int hash, unsigned char *data, int data_len,
87 unsigned char *p, int p_len, unsigned char *q, int q_len,
88 unsigned char *g, int g_len, unsigned char *key, int key_len,
89 unsigned char *r, int r_len, unsigned char *s, int s_len,
90 unsigned char *v, int *v_len);
91
92typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
93 unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
94 unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
95 unsigned char *Result, int *Result_len);
96
97typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
98 unsigned char *Result, int *Result_len);
99
100typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
1/*
2 * ModExp / RSA (with/without KM) plugin API
3 *
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
6 *
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
9 *
10 *
11 * This file is Copyright 1998-2000 nCipher Corporation Limited.
12 *
13 * Redistribution and use in source and binary forms, with opr without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the copyright notice,
18 * this list of conditions, and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions, and the following
22 * disclaimer, in the documentation and/or other materials provided
23 * with the distribution
24 *
25 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
26 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
27 * damages arising directly or indirectly from this file, its use or
28 * this licence. Without prejudice to the generality of the
29 * foregoing: all liability shall be excluded for direct, indirect,
30 * special, incidental, consequential or other damages or any loss of
31 * profits, business, revenue goodwill or anticipated savings;
32 * liability shall be excluded even if nCipher or anyone else has been
33 * advised of the possibility of damage. In any event, if the
34 * exclusion of liability is not effective, the liability of nCipher
35 * or any author or distributor shall be limited to the lesser of the
36 * price paid and 1,000 pounds sterling. This licence only fails to
37 * exclude or limit liability for death or personal injury arising out
38 * of negligence, and only to the extent that such an exclusion or
39 * limitation is not effective.
40 *
41 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
42 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
43 * limited to, any implied warranties of merchantability, fitness for
44 * a particular purpose, satisfactory quality, and/or non-infringement
45 * of any third party rights.
46 *
47 * US Government use: This software and documentation is Commercial
48 * Computer Software and Computer Software Documentation, as defined in
49 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
50 * Noncommercial Computer Software and Noncommercial Computer Software
51 * Documentation." Use, duplication or disclosure by the Government is
52 * subject to the terms and conditions specified here.
53 *
54 * By using or distributing this file you will be accepting these
55 * terms and conditions, including the limitation of liability and
56 * lack of warranty. If you do not wish to accept these terms and
57 * conditions, DO NOT USE THE FILE.
58 *
59 *
60 * The actual dynamically loadable plugin, and the library files for
61 * static linking, which are also provided in some distributions, are
62 * not covered by the licence described above. You should have
63 * received a separate licence with terms and conditions for these
64 * library files; if you received the library files without a licence,
65 * please contact nCipher.
66 *
67 *
68 * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
69 */
70
71#ifndef HWCRYPTOHOOK_H
72#define HWCRYPTOHOOK_H
73
74#include <sys/types.h>
75#include <stdio.h>
76
77#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
78#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
79#endif
80
81#define HWCRYPTOHOOK_ERROR_FAILED -1
82#define HWCRYPTOHOOK_ERROR_FALLBACK -2
83#define HWCRYPTOHOOK_ERROR_MPISIZE -3
84
85#if HWCRYPTOHOOK_DECLARE_APPTYPES
86
87/* These structs are defined by the application and opaque to the
88 * crypto plugin. The application may define these as it sees fit.
89 * Default declarations are provided here, but the application may
90 * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
91 * to prevent these declarations, and instead provide its own
92 * declarations of these types. (Pointers to them must still be
93 * ordinary pointers to structs or unions, or the resulting combined
94 * program will have a type inconsistency.)
95 */
96typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
97typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
98typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
99typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
100
101#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
102
103/* These next two structs are opaque to the application. The crypto
104 * plugin will return pointers to them; the caller simply manipulates
105 * the pointers.
106 */
107typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
108typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
109
110typedef struct {
111 char *buf;
112 size_t size;
113} HWCryptoHook_ErrMsgBuf;
114/* Used for error reporting. When a HWCryptoHook function fails it
115 * will return a sentinel value (0 for pointer-valued functions, or a
116 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
117 * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
118 * an error message there.
119 *
120 * size is the size of the buffer, and will not be modified. If you
121 * pass 0 for size you must pass 0 for buf, and nothing will be
122 * recorded (just as if you passed 0 for the struct pointer).
123 * Messages written to the buffer will always be null-terminated, even
124 * when truncated to fit within size bytes.
125 *
126 * The contents of the buffer are not defined if there is no error.
127 */
128
129typedef struct HWCryptoHook_MPIStruct {
130 unsigned char *buf;
131 size_t size;
132} HWCryptoHook_MPI;
133/* When one of these is returned, a pointer is passed to the function.
134 * At call, size is the space available. Afterwards it is updated to
135 * be set to the actual length (which may be more than the space available,
136 * if there was not enough room and the result was truncated).
137 * buf (the pointer) is not updated.
138 *
139 * size is in bytes and may be zero at call or return, but must be a
140 * multiple of the limb size. Zero limbs at the MS end are not
141 * permitted.
142 */
143
144#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
145#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
146/* Enable requesting fallback to software in case of problems with the
147 * hardware support. This indicates to the crypto provider that the
148 * application is prepared to fall back to software operation if the
149 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
150 * Without this flag those calls will never return
151 * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
152 * provider to avoid repeatedly attempting to contact dead hardware
153 * within a short interval, if appropriate.
154 */
155
156#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
157/* Without _SimpleForkCheck the library is allowed to assume that the
158 * application will not fork and call the library in the child(ren).
159 *
160 * When it is specified, this is allowed. However, after a fork
161 * neither parent nor child may unload any loaded keys or call
162 * _Finish. Instead, they should call exit (or die with a signal)
163 * without calling _Finish. After all the children have died the
164 * parent may unload keys or call _Finish.
165 *
166 * This flag only has any effect on UN*X platforms.
167 */
168
169typedef struct {
170 unsigned long flags;
171 void *logstream; /* usually a FILE*. See below. */
172
173 size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
174 int mslimbfirst; /* 0 or 1 */
175 int msbytefirst; /* 0 or 1; -1 = native */
176
177 /* All the callback functions should return 0 on success, or a
178 * nonzero integer (whose value will be visible in the error message
179 * put in the buffer passed to the call).
180 *
181 * If a callback is not available pass a null function pointer.
182 *
183 * The callbacks may not call down again into the crypto plugin.
184 */
185
186 /* For thread-safety. Set everything to 0 if you promise only to be
187 * singlethreaded. maxsimultaneous is the number of calls to
188 * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
189 * put there then say 0 and the hook library will use a default.
190 *
191 * maxmutexes is a small limit on the number of simultaneous mutexes
192 * which will be requested by the library. If there is no small
193 * limit, set it to 0. If the crypto plugin cannot create the
194 * advertised number of mutexes the calls to its functions may fail.
195 * If a low number of mutexes is advertised the plugin will try to
196 * do the best it can. Making larger numbers of mutexes available
197 * may improve performance and parallelism by reducing contention
198 * over critical sections. Unavailability of any mutexes, implying
199 * single-threaded operation, should be indicated by the setting
200 * mutex_init et al to 0.
201 */
202 int maxmutexes;
203 int maxsimultaneous;
204 size_t mutexsize;
205 int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
206 int (*mutex_acquire)(HWCryptoHook_Mutex*);
207 void (*mutex_release)(HWCryptoHook_Mutex*);
208 void (*mutex_destroy)(HWCryptoHook_Mutex*);
209
210 /* For greater efficiency, can use condition vars internally for
211 * synchronisation. In this case maxsimultaneous is ignored, but
212 * the other mutex stuff must be available. In singlethreaded
213 * programs, set everything to 0.
214 */
215 size_t condvarsize;
216 int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
217 int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
218 void (*condvar_signal)(HWCryptoHook_CondVar*);
219 void (*condvar_broadcast)(HWCryptoHook_CondVar*);
220 void (*condvar_destroy)(HWCryptoHook_CondVar*);
221
222 /* The semantics of acquiring and releasing mutexes and broadcasting
223 * and waiting on condition variables are expected to be those from
224 * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
225 * fast mutexes, recursive mutexes, or nonrecursive ones.
226 *
227 * The _release/_signal/_broadcast and _destroy functions must
228 * always succeed when given a valid argument; if they are given an
229 * invalid argument then the program (crypto plugin + application)
230 * has an internal error, and they should abort the program.
231 */
232
233 int (*getpassphrase)(const char *prompt_info,
234 int *len_io, char *buf,
235 HWCryptoHook_PassphraseContext *ppctx,
236 HWCryptoHook_CallerContext *cactx);
237 /* Passphrases and the prompt_info, if they contain high-bit-set
238 * characters, are UTF-8. The prompt_info may be a null pointer if
239 * no prompt information is available (it should not be an empty
240 * string). It will not contain text like `enter passphrase';
241 * instead it might say something like `Operator Card for John
242 * Smith' or `SmartCard in nFast Module #1, Slot #1'.
243 *
244 * buf points to a buffer in which to return the passphrase; on
245 * entry *len_io is the length of the buffer. It should be updated
246 * by the callback. The returned passphrase should not be
247 * null-terminated by the callback.
248 */
249
250 int (*getphystoken)(const char *prompt_info,
251 const char *wrong_info,
252 HWCryptoHook_PassphraseContext *ppctx,
253 HWCryptoHook_CallerContext *cactx);
254 /* Requests that the human user physically insert a different
255 * smartcard, DataKey, etc. The plugin should check whether the
256 * currently inserted token(s) are appropriate, and if they are it
257 * should not make this call.
258 *
259 * prompt_info is as before. wrong_info is a description of the
260 * currently inserted token(s) so that the user is told what
261 * something is. wrong_info, like prompt_info, may be null, but
262 * should not be an empty string. Its contents should be
263 * syntactically similar to that of prompt_info.
264 */
265
266 /* Note that a single LoadKey operation might cause several calls to
267 * getpassphrase and/or requestphystoken. If requestphystoken is
268 * not provided (ie, a null pointer is passed) then the plugin may
269 * not support loading keys for which authorisation by several cards
270 * is required. If getpassphrase is not provided then cards with
271 * passphrases may not be supported.
272 *
273 * getpassphrase and getphystoken do not need to check that the
274 * passphrase has been entered correctly or the correct token
275 * inserted; the crypto plugin will do that. If this is not the
276 * case then the crypto plugin is responsible for calling these
277 * routines again as appropriate until the correct token(s) and
278 * passphrase(s) are supplied as required, or until any retry limits
279 * implemented by the crypto plugin are reached.
280 *
281 * In either case, the application must allow the user to say `no'
282 * or `cancel' to indicate that they do not know the passphrase or
283 * have the appropriate token; this should cause the callback to
284 * return nonzero indicating error.
285 */
286
287 void (*logmessage)(void *logstream, const char *message);
288 /* A log message will be generated at least every time something goes
289 * wrong and an ErrMsgBuf is filled in (or would be if one was
290 * provided). Other diagnostic information may be written there too,
291 * including more detailed reasons for errors which are reported in an
292 * ErrMsgBuf.
293 *
294 * When a log message is generated, this callback is called. It
295 * should write a message to the relevant logging arrangements.
296 *
297 * The message string passed will be null-terminated and may be of arbitrary
298 * length. It will not be prefixed by the time and date, nor by the
299 * name of the library that is generating it - if this is required,
300 * the logmessage callback must do it. The message will not have a
301 * trailing newline (though it may contain internal newlines).
302 *
303 * If a null pointer is passed for logmessage a default function is
304 * used. The default function treats logstream as a FILE* which has
305 * been converted to a void*. If logstream is 0 it does nothing.
306 * Otherwise it prepends the date and time and library name and
307 * writes the message to logstream. Each line will be prefixed by a
308 * descriptive string containing the date, time and identity of the
309 * crypto plugin. Errors on the logstream are not reported
310 * anywhere, and the default function doesn't flush the stream, so
311 * the application must set the buffering how it wants it.
312 *
313 * The crypto plugin may also provide a facility to have copies of
314 * log messages sent elsewhere, and or for adjusting the verbosity
315 * of the log messages; any such facilities will be configured by
316 * external means.
317 */
318
319} HWCryptoHook_InitInfo;
320
321typedef
322HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
323 size_t initinfosize,
324 const HWCryptoHook_ErrMsgBuf *errors,
325 HWCryptoHook_CallerContext *cactx);
326extern HWCryptoHook_Init_t HWCryptoHook_Init;
327
328/* Caller should set initinfosize to the size of the HWCryptoHook struct,
329 * so it can be extended later.
330 *
331 * On success, a message for display or logging by the server,
332 * including the name and version number of the plugin, will be filled
333 * in into *errors; on failure *errors is used for error handling, as
334 * usual.
335 */
336
337/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
338 * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
339 * the output MPI buffer(s) was too small; the sizes of all have been
340 * set to the desired size (and for those where the buffer was large
341 * enough, the value may have been copied in), and no error message
342 * has been recorded.
343 *
344 * You may pass 0 for the errors struct. In any case, unless you set
345 * _NoStderr at init time then messages may be reported to stderr.
346 */
347
348/* The RSAImmed* functions (and key managed RSA) only work with
349 * modules which have an RSA patent licence - currently that means KM
350 * units; the ModExp* ones work with all modules, so you need a patent
351 * licence in the software in the US. They are otherwise identical.
352 */
353
354typedef
355void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
356extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
357/* You must not have any calls going or keys loaded when you call this. */
358
359typedef
360int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
361 unsigned char *buf, size_t len,
362 const HWCryptoHook_ErrMsgBuf *errors);
363extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
364
365typedef
366int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
367 HWCryptoHook_MPI a,
368 HWCryptoHook_MPI p,
369 HWCryptoHook_MPI n,
370 HWCryptoHook_MPI *r,
371 const HWCryptoHook_ErrMsgBuf *errors);
372extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
373
374typedef
375int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
376 HWCryptoHook_MPI m,
377 HWCryptoHook_MPI e,
378 HWCryptoHook_MPI n,
379 HWCryptoHook_MPI *r,
380 const HWCryptoHook_ErrMsgBuf *errors);
381extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
382
383typedef
384int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
385 HWCryptoHook_MPI a,
386 HWCryptoHook_MPI p,
387 HWCryptoHook_MPI q,
388 HWCryptoHook_MPI dmp1,
389 HWCryptoHook_MPI dmq1,
390 HWCryptoHook_MPI iqmp,
391 HWCryptoHook_MPI *r,
392 const HWCryptoHook_ErrMsgBuf *errors);
393extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
394
395typedef
396int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
397 HWCryptoHook_MPI m,
398 HWCryptoHook_MPI p,
399 HWCryptoHook_MPI q,
400 HWCryptoHook_MPI dmp1,
401 HWCryptoHook_MPI dmq1,
402 HWCryptoHook_MPI iqmp,
403 HWCryptoHook_MPI *r,
404 const HWCryptoHook_ErrMsgBuf *errors);
405extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
406
407/* The RSAImmed* and ModExp* functions may return E_FAILED or
408 * E_FALLBACK for failure.
409 *
410 * E_FAILED means the failure is permanent and definite and there
411 * should be no attempt to fall back to software. (Eg, for some
412 * applications, which support only the acceleration-only
413 * functions, the `key material' may actually be an encoded key
414 * identifier, and doing the operation in software would give wrong
415 * answers.)
416 *
417 * E_FALLBACK means that doing the computation in software would seem
418 * reasonable. If an application pays attention to this and is
419 * able to fall back, it should also set the Fallback init flags.
420 */
421
422typedef
423int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
424 const char *key_ident,
425 HWCryptoHook_RSAKeyHandle *keyhandle_r,
426 const HWCryptoHook_ErrMsgBuf *errors,
427 HWCryptoHook_PassphraseContext *ppctx);
428extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
429/* The key_ident is a null-terminated string configured by the
430 * user via the application's usual configuration mechanisms.
431 * It is provided to the user by the crypto provider's key management
432 * system. The user must be able to enter at least any string of between
433 * 1 and 1023 characters inclusive, consisting of printable 7-bit
434 * ASCII characters. The provider should avoid using
435 * any characters except alphanumerics and the punctuation
436 * characters _ - + . / @ ~ (the user is expected to be able
437 * to enter these without quoting). The string may be case-sensitive.
438 * The application may allow the user to enter other NULL-terminated strings,
439 * and the provider must cope (returning an error if the string is not
440 * valid).
441 *
442 * If the key does not exist, no error is recorded and 0 is returned;
443 * keyhandle_r will be set to 0 instead of to a key handle.
444 */
445
446typedef
447int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
448 HWCryptoHook_MPI *n,
449 HWCryptoHook_MPI *e,
450 const HWCryptoHook_ErrMsgBuf *errors);
451extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
452/* The crypto plugin will not store certificates.
453 *
454 * Although this function for acquiring the public key value is
455 * provided, it is not the purpose of this API to deal fully with the
456 * handling of the public key.
457 *
458 * It is expected that the crypto supplier's key generation program
459 * will provide general facilities for producing X.509
460 * self-certificates and certificate requests in PEM format. These
461 * will be given to the user so that they can configure them in the
462 * application, send them to CAs, or whatever.
463 *
464 * In case this kind of certificate handling is not appropriate, the
465 * crypto supplier's key generation program should be able to be
466 * configured not to generate such a self-certificate or certificate
467 * request. Then the application will need to do all of this, and
468 * will need to store and handle the public key and certificates
469 * itself.
470 */
471
472typedef
473int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
474 const HWCryptoHook_ErrMsgBuf *errors);
475extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
476/* Might fail due to locking problems, or other serious internal problems. */
477
478typedef
479int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
480 HWCryptoHook_RSAKeyHandle k,
481 HWCryptoHook_MPI *r,
482 const HWCryptoHook_ErrMsgBuf *errors);
483extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
484/* RSA private key operation (sign or decrypt) - raw, unpadded. */
485
486#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..1d3789219d
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
1/*
2* Written by Corinne Dive-Reclus(cdive@baltimore.com)
3*
4* Copyright@2001 Baltimore Technologies Ltd.
5* *
6* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
7* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
8* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
9* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
10* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
11* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
12* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
13* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
14* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
15* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
16* SUCH DAMAGE. *
17*
18*
19*/
20#ifdef WIN32
21#define SW_EXPORT __declspec ( dllexport )
22#else
23#define SW_EXPORT
24#endif
25
26/*
27* List of exposed SureWare errors
28*/
29#define SUREWAREHOOK_ERROR_FAILED -1
30#define SUREWAREHOOK_ERROR_FALLBACK -2
31#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
32#define SUREWAREHOOK_ERROR_DATA_SIZE -4
33#define SUREWAREHOOK_ERROR_INVALID_PAD -5
34/*
35* -----------------WARNING-----------------------------------
36* In all the following functions:
37* msg is a string with at least 24 bytes free.
38* A 24 bytes string will be concatenated to the existing content of msg.
39*/
40/*
41* SureWare Initialisation function
42* in param threadsafe, if !=0, thread safe enabled
43* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
44*/
45typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
46extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
47/*
48* SureWare Finish function
49*/
50typedef void SureWareHook_Finish_t();
51extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
52/*
53* PRE_CONDITION:
54* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
55*/
56/*
57* SureWare RAND Bytes function
58* In case of failure, the content of buf is unpredictable.
59* return 1 if success
60* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
61* SureWareHOOK_ERROR_FAILED if error while processing
62* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
63* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
64*
65* in/out param buf : a num bytes long buffer where random bytes will be put
66* in param num : the number of bytes into buf
67*/
68typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
69extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
70
71/*
72* SureWare RAND Seed function
73* Adds some seed to the Hardware Random Number Generator
74* return 1 if success
75* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
76* SureWareHOOK_ERROR_FAILED if error while processing
77* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
78* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
79*
80* in param buf : the seed to add into the HRNG
81* in param num : the number of bytes into buf
82*/
83typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
84extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
85
86/*
87* SureWare Load Private Key function
88* return 1 if success
89* SureWareHOOK_ERROR_FAILED if error while processing
90* No hardware is contact for this function.
91*
92* in param key_id :the name of the private protected key file without the extension
93 ".sws"
94* out param hptr : a pointer to a buffer allocated by SureWare_Hook
95* out param num: the effective key length in bytes
96* out param keytype: 1 if RSA 2 if DSA
97*/
98typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
99extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
100
101/*
102* SureWare Info Public Key function
103* return 1 if success
104* SureWareHOOK_ERROR_FAILED if error while processing
105* No hardware is contact for this function.
106*
107* in param key_id :the name of the private protected key file without the extension
108 ".swp"
109* out param hptr : a pointer to a buffer allocated by SureWare_Hook
110* out param num: the effective key length in bytes
111* out param keytype: 1 if RSA 2 if DSA
112*/
113typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
114 char *keytype);
115extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
116
117/*
118* SureWare Load Public Key function
119* return 1 if success
120* SureWareHOOK_ERROR_FAILED if error while processing
121* No hardware is contact for this function.
122*
123* in param key_id :the name of the public protected key file without the extension
124 ".swp"
125* in param num : the bytes size of n and e
126* out param n: where to write modulus in bn format
127* out param e: where to write exponent in bn format
128*/
129typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
130 unsigned long *n, unsigned long *e);
131extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
132
133/*
134* SureWare Load DSA Public Key function
135* return 1 if success
136* SureWareHOOK_ERROR_FAILED if error while processing
137* No hardware is contact for this function.
138*
139* in param key_id :the name of the public protected key file without the extension
140 ".swp"
141* in param num : the bytes size of n and e
142* out param pub: where to write pub key in bn format
143* out param p: where to write prime in bn format
144* out param q: where to write sunprime (length 20 bytes) in bn format
145* out param g: where to write base in bn format
146*/
147typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
148 unsigned long *pub, unsigned long *p,unsigned long*q,
149 unsigned long *g);
150extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
151
152/*
153* SureWare Free function
154* Destroy the key into the hardware if destroy==1
155*/
156typedef void SureWareHook_Free_t(char *p,int destroy);
157extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
158
159#define SUREWARE_PKCS1_PAD 1
160#define SUREWARE_ISO9796_PAD 2
161#define SUREWARE_NO_PAD 0
162/*
163* SureWare RSA Private Decryption
164* return 1 if success
165* SureWareHOOK_ERROR_FAILED if error while processing
166* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
167* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
168*
169* in param flen : byte size of from and to
170* in param from : encrypted data buffer, should be a not-null valid pointer
171* out param tlen: byte size of decrypted data, if error, unexpected value
172* out param to : decrypted data buffer, should be a not-null valid pointer
173* in param prsa: a protected key pointer, should be a not-null valid pointer
174* int padding: padding id as follow
175* SUREWARE_PKCS1_PAD
176* SUREWARE_NO_PAD
177*
178*/
179typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
180 int *tlen,unsigned char *to,
181 char *prsa,int padding);
182extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
183/*
184* SureWare RSA Signature
185* return 1 if success
186* SureWareHOOK_ERROR_FAILED if error while processing
187* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
188* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
189*
190* in param flen : byte size of from and to
191* in param from : encrypted data buffer, should be a not-null valid pointer
192* out param tlen: byte size of decrypted data, if error, unexpected value
193* out param to : decrypted data buffer, should be a not-null valid pointer
194* in param prsa: a protected key pointer, should be a not-null valid pointer
195* int padding: padding id as follow
196* SUREWARE_PKCS1_PAD
197* SUREWARE_ISO9796_PAD
198*
199*/
200typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
201 int *tlen,unsigned char *to,
202 char *prsa,int padding);
203extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
204/*
205* SureWare DSA Signature
206* return 1 if success
207* SureWareHOOK_ERROR_FAILED if error while processing
208* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
209* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
210*
211* in param flen : byte size of from and to
212* in param from : encrypted data buffer, should be a not-null valid pointer
213* out param to : decrypted data buffer, should be a 40bytes valid pointer
214* in param pdsa: a protected key pointer, should be a not-null valid pointer
215*
216*/
217typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
218 unsigned long *r,unsigned long *s,char *pdsa);
219extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
220
221
222/*
223* SureWare Mod Exp
224* return 1 if success
225* SureWareHOOK_ERROR_FAILED if error while processing
226* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
227* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
228*
229* mod and res are mlen bytes long.
230* exp is elen bytes long
231* data is dlen bytes long
232* mlen,elen and dlen are all multiple of sizeof(unsigned long)
233*/
234typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
235 int elen,const unsigned long *exp,
236 int dlen,unsigned long *data,
237 unsigned long *res);
238extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
239
diff --git a/src/lib/libcrypto/idea/version b/src/lib/libcrypto/idea/version
new file mode 100644
index 0000000000..3f22293795
--- /dev/null
+++ b/src/lib/libcrypto/idea/version
@@ -0,0 +1,12 @@
11.1 07/12/95 - eay
2 Many thanks to Rhys Weatherley <rweather@us.oracle.com>
3 for pointing out that I was assuming little endian byte
4 order for all quantities what idea actually used
5 bigendian. No where in the spec does it mention
6 this, it is all in terms of 16 bit numbers and even the example
7 does not use byte streams for the input example :-(.
8 If you byte swap each pair of input, keys and iv, the functions
9 would produce the output as the old version :-(.
10
111.0 ??/??/95 - eay
12 First version.
diff --git a/src/lib/libcrypto/mdc2/mdc2test.c b/src/lib/libcrypto/mdc2/mdc2test.c
new file mode 100644
index 0000000000..c9abe99d92
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2test.c
@@ -0,0 +1,146 @@
1/* crypto/mdc2/mdc2test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include "../e_os.h"
64
65#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
66#define OPENSSL_NO_MDC2
67#endif
68
69#ifdef OPENSSL_NO_MDC2
70int main(int argc, char *argv[])
71{
72 printf("No MDC2 support\n");
73 return(0);
74}
75#else
76#include <openssl/evp.h>
77#include <openssl/mdc2.h>
78
79#ifdef CHARSET_EBCDIC
80#include <openssl/ebcdic.h>
81#endif
82
83static unsigned char pad1[16]={
84 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
85 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
86 };
87
88static unsigned char pad2[16]={
89 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
90 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
91 };
92
93int main(int argc, char *argv[])
94 {
95 int ret=0;
96 unsigned char md[MDC2_DIGEST_LENGTH];
97 int i;
98 EVP_MD_CTX c;
99 static char *text="Now is the time for all ";
100
101#ifdef CHARSET_EBCDIC
102 ebcdic2ascii(text,text,strlen(text));
103#endif
104
105 EVP_MD_CTX_init(&c);
106 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
107 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
108 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
109
110 if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
111 {
112 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
113 printf("%02X",md[i]);
114 printf(" <- generated\n");
115 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
116 printf("%02X",pad1[i]);
117 printf(" <- correct\n");
118 ret=1;
119 }
120 else
121 printf("pad1 - ok\n");
122
123 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
124 /* FIXME: use a ctl function? */
125 ((MDC2_CTX *)c.md_data)->pad_type=2;
126 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
127 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
128
129 if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
130 {
131 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
132 printf("%02X",md[i]);
133 printf(" <- generated\n");
134 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
135 printf("%02X",pad2[i]);
136 printf(" <- correct\n");
137 ret=1;
138 }
139 else
140 printf("pad2 - ok\n");
141
142 EVP_MD_CTX_cleanup(&c);
143 EXIT(ret);
144 return(ret);
145 }
146#endif
diff --git a/src/lib/libcrypto/rc5/rc5s.cpp b/src/lib/libcrypto/rc5/rc5s.cpp
new file mode 100644
index 0000000000..1c5518bc80
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5s.cpp
@@ -0,0 +1,70 @@
1//
2// gettsc.inl
3//
4// gives access to the Pentium's (secret) cycle counter
5//
6// This software was written by Leonard Janke (janke@unixg.ubc.ca)
7// in 1996-7 and is entered, by him, into the public domain.
8
9#if defined(__WATCOMC__)
10void GetTSC(unsigned long&);
11#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
12#elif defined(__GNUC__)
13inline
14void GetTSC(unsigned long& tsc)
15{
16 asm volatile(".byte 15, 49\n\t"
17 : "=eax" (tsc)
18 :
19 : "%edx", "%eax");
20}
21#elif defined(_MSC_VER)
22inline
23void GetTSC(unsigned long& tsc)
24{
25 unsigned long a;
26 __asm _emit 0fh
27 __asm _emit 31h
28 __asm mov a, eax;
29 tsc=a;
30}
31#endif
32
33#include <stdio.h>
34#include <stdlib.h>
35#include <openssl/rc5.h>
36
37void main(int argc,char *argv[])
38 {
39 RC5_32_KEY key;
40 unsigned long s1,s2,e1,e2;
41 unsigned long data[2];
42 int i,j;
43 static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
44
45 RC5_32_set_key(&key, 16,d,12);
46
47 for (j=0; j<6; j++)
48 {
49 for (i=0; i<1000; i++) /**/
50 {
51 RC5_32_encrypt(&data[0],&key);
52 GetTSC(s1);
53 RC5_32_encrypt(&data[0],&key);
54 RC5_32_encrypt(&data[0],&key);
55 RC5_32_encrypt(&data[0],&key);
56 GetTSC(e1);
57 GetTSC(s2);
58 RC5_32_encrypt(&data[0],&key);
59 RC5_32_encrypt(&data[0],&key);
60 RC5_32_encrypt(&data[0],&key);
61 RC5_32_encrypt(&data[0],&key);
62 GetTSC(e2);
63 RC5_32_encrypt(&data[0],&key);
64 }
65
66 printf("cast %d %d (%d)\n",
67 e1-s1,e2-s2,((e2-s2)-(e1-s1)));
68 }
69 }
70
diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh
index c6f48e8a7b..4d9a8287d0 100644
--- a/src/lib/libcrypto/util/bat.sh
+++ b/src/lib/libcrypto/util/bat.sh
@@ -62,6 +62,7 @@ sub var_add
62 local($dir,$val)=@_; 62 local($dir,$val)=@_;
63 local(@a,$_,$ret); 63 local(@a,$_,$ret);
64 64
65 return("") if $no_engine && $dir =~ /\/engine/;
65 return("") if $no_idea && $dir =~ /\/idea/; 66 return("") if $no_idea && $dir =~ /\/idea/;
66 return("") if $no_rc2 && $dir =~ /\/rc2/; 67 return("") if $no_rc2 && $dir =~ /\/rc2/;
67 return("") if $no_rc4 && $dir =~ /\/rc4/; 68 return("") if $no_rc4 && $dir =~ /\/rc4/;
@@ -116,6 +117,7 @@ sub var_add
116 @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; 117 @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
117 @a=grep(!/_mdc2$/,@a) if $no_mdc2; 118 @a=grep(!/_mdc2$/,@a) if $no_mdc2;
118 119
120 @a=grep(!/^engine$/,@a) if $no_engine;
119 @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; 121 @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
120 @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; 122 @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
121 @a=grep(!/^gendsa$/,@a) if $no_sha1; 123 @a=grep(!/^gendsa$/,@a) if $no_sha1;
diff --git a/src/lib/libcrypto/util/extract-names.pl b/src/lib/libcrypto/util/extract-names.pl
new file mode 100644
index 0000000000..d413a045cc
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-names.pl
@@ -0,0 +1,22 @@
1#!/usr/bin/perl
2
3$/ = ""; # Eat a paragraph at once.
4while(<STDIN>) {
5 chop;
6 s/\n/ /gm;
7 if (/^=head1 /) {
8 $name = 0;
9 } elsif ($name) {
10 if (/ - /) {
11 s/ - .*//;
12 s/[ \t,]+/ /g;
13 push @words, split ' ';
14 }
15 }
16 if (/^=head1 *NAME *$/) {
17 $name = 1;
18 }
19}
20
21print join("\n", @words),"\n";
22
diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh
index 5f8a1dae73..0184fcb70e 100644
--- a/src/lib/libcrypto/util/mkcerts.sh
+++ b/src/lib/libcrypto/util/mkcerts.sh
@@ -1,4 +1,4 @@
1#!bin/sh 1#!/bin/sh
2 2
3# This script will re-make all the required certs. 3# This script will re-make all the required certs.
4# cd apps 4# cd apps
@@ -12,8 +12,8 @@
12# 12#
13 13
14CAbits=1024 14CAbits=1024
15SSLEAY="../apps/ssleay" 15SSLEAY="../apps/openssl"
16CONF="-config ../apps/ssleay.cnf" 16CONF="-config ../apps/openssl.cnf"
17 17
18# create pca request. 18# create pca request.
19echo creating $CAbits bit PCA cert request 19echo creating $CAbits bit PCA cert request
diff --git a/src/lib/libcrypto/util/pl/VC-CE.pl b/src/lib/libcrypto/util/pl/VC-CE.pl
new file mode 100644
index 0000000000..1805ef9d97
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-CE.pl
@@ -0,0 +1,111 @@
1#!/usr/local/bin/perl
2# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
3#
4
5$ssl= "ssleay32";
6$crypto="libeay32";
7$RSAref="RSAref32";
8
9$o='\\';
10$cp='copy nul+'; # Timestamps get stuffed otherwise
11$rm='del';
12
13# C compiler stuff
14$cc='$(CC)';
15$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
16$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
17$mlflags='';
18
19$out_def='out32_$(TARGETCPU)';
20$tmp_def='tmp32_$(TARGETCPU)';
21$inc_def="inc32";
22
23if ($debug)
24 {
25 $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
26 $lflags.=" /debug";
27 $mlflags.=' /debug';
28 }
29
30$obj='.obj';
31$ofile="/Fo";
32
33# EXE linking stuff
34$link="link";
35$efile="/out:";
36$exep='.exe';
37if ($no_sock)
38 { $ex_libs=""; }
39else { $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
40
41# static library stuff
42$mklib='lib';
43$ranlib='';
44$plib="";
45$libp=".lib";
46$shlibp=($shlib)?".dll":".lib";
47$lfile='/out:';
48
49$shlib_ex_obj="";
50#$app_ex_obj="setargv.obj";
51$app_ex_obj="";
52
53$bn_asm_obj='';
54$bn_asm_src='';
55$des_enc_obj='';
56$des_enc_src='';
57$bf_enc_obj='';
58$bf_enc_src='';
59
60if ($shlib)
61 {
62 $mlflags.=" $lflags /dll";
63# $cflags =~ s| /MD| /MT|;
64 $lib_cflag=" -D_WINDLL -D_DLL";
65 $out_def='out32dll_$(TARGETCPU)';
66 $tmp_def='tmp32dll_$(TARGETCPU)';
67 }
68
69$cflags.=" /Fd$out_def";
70
71sub do_lib_rule
72 {
73 local($objs,$target,$name,$shlib)=@_;
74 local($ret,$Name);
75
76 $taget =~ s/\//$o/g if $o ne '/';
77 ($Name=$name) =~ tr/a-z/A-Z/;
78
79# $target="\$(LIB_D)$o$target";
80 $ret.="$target: $objs\n";
81 if (!$shlib)
82 {
83# $ret.="\t\$(RM) \$(O_$Name)\n";
84 $ex =' ';
85 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
86 }
87 else
88 {
89 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
90# $ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
91 $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
92 $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
93 }
94 $ret.="\n";
95 return($ret);
96 }
97
98sub do_link_rule
99 {
100 local($target,$files,$dep_libs,$libs)=@_;
101 local($ret,$_);
102
103 $file =~ s/\//$o/g if $o ne '/';
104 $n=&bname($targer);
105 $ret.="$target: $files $dep_libs\n";
106 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
107 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n\n";
108 return($ret);
109 }
110
1111;
diff --git a/src/lib/libssl/src/INSTALL.DJGPP b/src/lib/libssl/src/INSTALL.DJGPP
index 0120b946b5..cdeac222b2 100644
--- a/src/lib/libssl/src/INSTALL.DJGPP
+++ b/src/lib/libssl/src/INSTALL.DJGPP
@@ -12,12 +12,14 @@
12 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package 12 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
13 requires that PERL and BC also be installed. 13 requires that PERL and BC also be installed.
14 14
15 All of these can be obtained from the usual DJGPP mirror sites, such as 15 All of these can be obtained from the usual DJGPP mirror sites, such
16 "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to have 16 as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
17 the WATT-32 networking package installed before you try to compile 17 have the WATT-32 networking package installed before you try to compile
18 openssl. This can be obtained from "http://www.bgnett.no/~giva/". The 18 openssl. This can be obtained from "http://www.bgnett.no/~giva/".
19 Makefile assumes that the WATT-32 code is in directory "watt32" under 19 The Makefile assumes that the WATT-32 code is in the directory
20 /dev/env/DJDIR. 20 specified by the environment variable WATT_ROOT. If you have watt-32
21 in directory "watt32" under your main DJGPP directory, specify
22 WATT_ROOT="/dev/env/DJDIR/watt32".
21 23
22 To compile openssl, start your BASH shell. Then configure for DOS by 24 To compile openssl, start your BASH shell. Then configure for DOS by
23 running "./Configure" with appropriate arguments. The basic syntax for 25 running "./Configure" with appropriate arguments. The basic syntax for
diff --git a/src/lib/libssl/src/INSTALL.WCE b/src/lib/libssl/src/INSTALL.WCE
new file mode 100644
index 0000000000..ac587d6bd2
--- /dev/null
+++ b/src/lib/libssl/src/INSTALL.WCE
@@ -0,0 +1,71 @@
1
2 INSTALLATION FOR THE WINDOWS CE PLATFORM
3 ----------------------------------------
4
5 Building OpenSSL for Windows CE requires the following external tools:
6
7 * Microsoft eMbedded Visual C++ 3.0
8 * wcecompat compatibility library (www.essemer.com.au)
9 * Optionally ceutils for running automated tests (www.essemer.com.au)
10
11 You also need Perl for Win32. You will need ActiveState Perl, available
12 from http://www.activestate.com/ActivePerl.
13
14 Windows CE support in OpenSSL relies on wcecompat. All Windows CE specific
15 issues should be directed to www.essemer.com.au.
16
17 The C Runtime Library implementation for Windows CE that is included with
18 Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
19 incorrect. wcecompat plugs the holes and tries to bring the Windows CE
20 CRT to a level that is more compatible with ANSI C. wcecompat goes further
21 and provides low-level IO and stream IO support for stdin/stdout/stderr
22 (which Windows CE does not provide). This IO functionality is not needed
23 by the OpenSSL library itself but is used for the tests and openssl.exe.
24 More information is available at www.essemer.com.au.
25
26 Building
27 --------
28
29 Setup the eMbedded Visual C++ environment. There are batch files for doing
30 this installed with eVC++. For an ARM processor, for example, execute:
31
32 > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
33
34 Next indicate where wcecompat is located:
35
36 > set WCECOMPAT=C:\wcecompat
37
38 Next you should run Configure:
39
40 > perl Configure VC-CE
41
42 Next you need to build the Makefiles:
43
44 > ms\do_ms
45
46 If you get errors about things not having numbers assigned then check the
47 troubleshooting section in INSTALL.W32: you probably won't be able to compile
48 it as it stands.
49
50 Then from the VC++ environment at a prompt do:
51
52 - to build static libraries:
53
54 > nmake -f ms\ce.mak
55
56 - or to build DLLs:
57
58 > nmake -f ms\cedll.mak
59
60 If all is well it should compile and you will have some static libraries and
61 executables in out32, or some DLLs and executables in out32dll. If you want
62 to try the tests then make sure the ceutils are in the path and do:
63
64 > cd out32
65 > ..\ms\testce
66
67 This will copy each of the test programs to the Windows CE device and execute
68 them, displaying the output of the tests on this computer. The output should
69 look similar to the output produced by running the tests for a regular Windows
70 build.
71
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 0000000000..b97b394661
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,575 @@
1/*
2 * x86_64 BIGNUM accelerator version 0.1, December 2002.
3 *
4 * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 * project.
6 *
7 * Rights for redistribution and usage in source and binary forms are
8 * granted according to the OpenSSL license. Warranty of any kind is
9 * disclaimed.
10 *
11 * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
12 * versions, like 1.0...
13 * A. Well, that's because this code is basically a quick-n-dirty
14 * proof-of-concept hack. As you can see it's implemented with
15 * inline assembler, which means that you're bound to GCC and that
16 * there must be a room for fine-tuning.
17 *
18 * Q. Why inline assembler?
19 * A. x86_64 features own ABI I'm not familiar with. Which is why
20 * I decided to let the compiler take care of subroutine
21 * prologue/epilogue as well as register allocation.
22 *
23 * Q. How much faster does it get?
24 * A. Unfortunately people sitting on x86_64 hardware are prohibited
25 * to disclose the performance numbers, so they (SuSE labs to be
26 * specific) wouldn't tell me. However! Very similar coding technique
27 * (reaching out for 128-bit result from 64x64-bit multiplication)
28 * results in >3 times performance improvement on MIPS and I see no
29 * reason why gain on x86_64 would be so much different:-)
30 */
31
32#define BN_ULONG unsigned long
33
34/*
35 * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
36 * "g"(0) let the compiler to decide where does it
37 * want to keep the value of zero;
38 */
39#define mul_add(r,a,word,carry) do { \
40 register BN_ULONG high,low; \
41 asm ("mulq %3" \
42 : "=a"(low),"=d"(high) \
43 : "a"(word),"m"(a) \
44 : "cc"); \
45 asm ("addq %2,%0; adcq %3,%1" \
46 : "+r"(carry),"+d"(high)\
47 : "a"(low),"g"(0) \
48 : "cc"); \
49 asm ("addq %2,%0; adcq %3,%1" \
50 : "+m"(r),"+d"(high) \
51 : "r"(carry),"g"(0) \
52 : "cc"); \
53 carry=high; \
54 } while (0)
55
56#define mul(r,a,word,carry) do { \
57 register BN_ULONG high,low; \
58 asm ("mulq %3" \
59 : "=a"(low),"=d"(high) \
60 : "a"(word),"g"(a) \
61 : "cc"); \
62 asm ("addq %2,%0; adcq %3,%1" \
63 : "+r"(carry),"+d"(high)\
64 : "a"(low),"g"(0) \
65 : "cc"); \
66 (r)=carry, carry=high; \
67 } while (0)
68
69#define sqr(r0,r1,a) \
70 asm ("mulq %2" \
71 : "=a"(r0),"=d"(r1) \
72 : "a"(a) \
73 : "cc");
74
75BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
76 {
77 BN_ULONG c1=0;
78
79 if (num <= 0) return(c1);
80
81 while (num&~3)
82 {
83 mul_add(rp[0],ap[0],w,c1);
84 mul_add(rp[1],ap[1],w,c1);
85 mul_add(rp[2],ap[2],w,c1);
86 mul_add(rp[3],ap[3],w,c1);
87 ap+=4; rp+=4; num-=4;
88 }
89 if (num)
90 {
91 mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
92 mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
93 mul_add(rp[2],ap[2],w,c1); return c1;
94 }
95
96 return(c1);
97 }
98
99BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
100 {
101 BN_ULONG c1=0;
102
103 if (num <= 0) return(c1);
104
105 while (num&~3)
106 {
107 mul(rp[0],ap[0],w,c1);
108 mul(rp[1],ap[1],w,c1);
109 mul(rp[2],ap[2],w,c1);
110 mul(rp[3],ap[3],w,c1);
111 ap+=4; rp+=4; num-=4;
112 }
113 if (num)
114 {
115 mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
116 mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
117 mul(rp[2],ap[2],w,c1);
118 }
119 return(c1);
120 }
121
122void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
123 {
124 if (n <= 0) return;
125
126 while (n&~3)
127 {
128 sqr(r[0],r[1],a[0]);
129 sqr(r[2],r[3],a[1]);
130 sqr(r[4],r[5],a[2]);
131 sqr(r[6],r[7],a[3]);
132 a+=4; r+=8; n-=4;
133 }
134 if (n)
135 {
136 sqr(r[0],r[1],a[0]); if (--n == 0) return;
137 sqr(r[2],r[3],a[1]); if (--n == 0) return;
138 sqr(r[4],r[5],a[2]);
139 }
140 }
141
142BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
143{ BN_ULONG ret,waste;
144
145 asm ("divq %3"
146 : "=a"(ret),"=d"(waste)
147 : "a"(l),"d"(h),"g"(d)
148 : "cc");
149
150 return ret;
151}
152
153BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
154{ BN_ULONG ret,i;
155
156 if (n <= 0) return 0;
157
158 asm (
159 " subq %2,%2 \n"
160 ".align 16 \n"
161 "1: movq (%4,%2,8),%0 \n"
162 " adcq (%5,%2,8),%0 \n"
163 " movq %0,(%3,%2,8) \n"
164 " leaq 1(%2),%2 \n"
165 " loop 1b \n"
166 " sbbq %0,%0 \n"
167 : "+a"(ret),"+c"(n),"+r"(i)
168 : "r"(rp),"r"(ap),"r"(bp)
169 : "cc"
170 );
171
172 return ret&1;
173}
174
175#ifndef SIMICS
176BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
177{ BN_ULONG ret,i;
178
179 if (n <= 0) return 0;
180
181 asm (
182 " subq %2,%2 \n"
183 ".align 16 \n"
184 "1: movq (%4,%2,8),%0 \n"
185 " sbbq (%5,%2,8),%0 \n"
186 " movq %0,(%3,%2,8) \n"
187 " leaq 1(%2),%2 \n"
188 " loop 1b \n"
189 " sbbq %0,%0 \n"
190 : "+a"(ret),"+c"(n),"+r"(i)
191 : "r"(rp),"r"(ap),"r"(bp)
192 : "cc"
193 );
194
195 return ret&1;
196}
197#else
198/* Simics 1.4<7 has buggy sbbq:-( */
199#define BN_MASK2 0xffffffffffffffffL
200BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
201 {
202 BN_ULONG t1,t2;
203 int c=0;
204
205 if (n <= 0) return((BN_ULONG)0);
206
207 for (;;)
208 {
209 t1=a[0]; t2=b[0];
210 r[0]=(t1-t2-c)&BN_MASK2;
211 if (t1 != t2) c=(t1 < t2);
212 if (--n <= 0) break;
213
214 t1=a[1]; t2=b[1];
215 r[1]=(t1-t2-c)&BN_MASK2;
216 if (t1 != t2) c=(t1 < t2);
217 if (--n <= 0) break;
218
219 t1=a[2]; t2=b[2];
220 r[2]=(t1-t2-c)&BN_MASK2;
221 if (t1 != t2) c=(t1 < t2);
222 if (--n <= 0) break;
223
224 t1=a[3]; t2=b[3];
225 r[3]=(t1-t2-c)&BN_MASK2;
226 if (t1 != t2) c=(t1 < t2);
227 if (--n <= 0) break;
228
229 a+=4;
230 b+=4;
231 r+=4;
232 }
233 return(c);
234 }
235#endif
236
237/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
238/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
239/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
240/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
241
242#if 0
243/* original macros are kept for reference purposes */
244#define mul_add_c(a,b,c0,c1,c2) { \
245 BN_ULONG ta=(a),tb=(b); \
246 t1 = ta * tb; \
247 t2 = BN_UMULT_HIGH(ta,tb); \
248 c0 += t1; t2 += (c0<t1)?1:0; \
249 c1 += t2; c2 += (c1<t2)?1:0; \
250 }
251
252#define mul_add_c2(a,b,c0,c1,c2) { \
253 BN_ULONG ta=(a),tb=(b),t0; \
254 t1 = BN_UMULT_HIGH(ta,tb); \
255 t0 = ta * tb; \
256 t2 = t1+t1; c2 += (t2<t1)?1:0; \
257 t1 = t0+t0; t2 += (t1<t0)?1:0; \
258 c0 += t1; t2 += (c0<t1)?1:0; \
259 c1 += t2; c2 += (c1<t2)?1:0; \
260 }
261#else
262#define mul_add_c(a,b,c0,c1,c2) do { \
263 asm ("mulq %3" \
264 : "=a"(t1),"=d"(t2) \
265 : "a"(a),"m"(b) \
266 : "cc"); \
267 asm ("addq %2,%0; adcq %3,%1" \
268 : "+r"(c0),"+d"(t2) \
269 : "a"(t1),"g"(0) \
270 : "cc"); \
271 asm ("addq %2,%0; adcq %3,%1" \
272 : "+r"(c1),"+r"(c2) \
273 : "d"(t2),"g"(0) \
274 : "cc"); \
275 } while (0)
276
277#define sqr_add_c(a,i,c0,c1,c2) do { \
278 asm ("mulq %2" \
279 : "=a"(t1),"=d"(t2) \
280 : "a"(a[i]) \
281 : "cc"); \
282 asm ("addq %2,%0; adcq %3,%1" \
283 : "+r"(c0),"+d"(t2) \
284 : "a"(t1),"g"(0) \
285 : "cc"); \
286 asm ("addq %2,%0; adcq %3,%1" \
287 : "+r"(c1),"+r"(c2) \
288 : "d"(t2),"g"(0) \
289 : "cc"); \
290 } while (0)
291
292#define mul_add_c2(a,b,c0,c1,c2) do { \
293 asm ("mulq %3" \
294 : "=a"(t1),"=d"(t2) \
295 : "a"(a),"m"(b) \
296 : "cc"); \
297 asm ("addq %0,%0; adcq %2,%1" \
298 : "+d"(t2),"+r"(c2) \
299 : "g"(0) \
300 : "cc"); \
301 asm ("addq %0,%0; adcq %2,%1" \
302 : "+a"(t1),"+d"(t2) \
303 : "g"(0) \
304 : "cc"); \
305 asm ("addq %2,%0; adcq %3,%1" \
306 : "+r"(c0),"+d"(t2) \
307 : "a"(t1),"g"(0) \
308 : "cc"); \
309 asm ("addq %2,%0; adcq %3,%1" \
310 : "+r"(c1),"+r"(c2) \
311 : "d"(t2),"g"(0) \
312 : "cc"); \
313 } while (0)
314#endif
315
316#define sqr_add_c2(a,i,j,c0,c1,c2) \
317 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
318
319void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
320 {
321 BN_ULONG bl,bh;
322 BN_ULONG t1,t2;
323 BN_ULONG c1,c2,c3;
324
325 c1=0;
326 c2=0;
327 c3=0;
328 mul_add_c(a[0],b[0],c1,c2,c3);
329 r[0]=c1;
330 c1=0;
331 mul_add_c(a[0],b[1],c2,c3,c1);
332 mul_add_c(a[1],b[0],c2,c3,c1);
333 r[1]=c2;
334 c2=0;
335 mul_add_c(a[2],b[0],c3,c1,c2);
336 mul_add_c(a[1],b[1],c3,c1,c2);
337 mul_add_c(a[0],b[2],c3,c1,c2);
338 r[2]=c3;
339 c3=0;
340 mul_add_c(a[0],b[3],c1,c2,c3);
341 mul_add_c(a[1],b[2],c1,c2,c3);
342 mul_add_c(a[2],b[1],c1,c2,c3);
343 mul_add_c(a[3],b[0],c1,c2,c3);
344 r[3]=c1;
345 c1=0;
346 mul_add_c(a[4],b[0],c2,c3,c1);
347 mul_add_c(a[3],b[1],c2,c3,c1);
348 mul_add_c(a[2],b[2],c2,c3,c1);
349 mul_add_c(a[1],b[3],c2,c3,c1);
350 mul_add_c(a[0],b[4],c2,c3,c1);
351 r[4]=c2;
352 c2=0;
353 mul_add_c(a[0],b[5],c3,c1,c2);
354 mul_add_c(a[1],b[4],c3,c1,c2);
355 mul_add_c(a[2],b[3],c3,c1,c2);
356 mul_add_c(a[3],b[2],c3,c1,c2);
357 mul_add_c(a[4],b[1],c3,c1,c2);
358 mul_add_c(a[5],b[0],c3,c1,c2);
359 r[5]=c3;
360 c3=0;
361 mul_add_c(a[6],b[0],c1,c2,c3);
362 mul_add_c(a[5],b[1],c1,c2,c3);
363 mul_add_c(a[4],b[2],c1,c2,c3);
364 mul_add_c(a[3],b[3],c1,c2,c3);
365 mul_add_c(a[2],b[4],c1,c2,c3);
366 mul_add_c(a[1],b[5],c1,c2,c3);
367 mul_add_c(a[0],b[6],c1,c2,c3);
368 r[6]=c1;
369 c1=0;
370 mul_add_c(a[0],b[7],c2,c3,c1);
371 mul_add_c(a[1],b[6],c2,c3,c1);
372 mul_add_c(a[2],b[5],c2,c3,c1);
373 mul_add_c(a[3],b[4],c2,c3,c1);
374 mul_add_c(a[4],b[3],c2,c3,c1);
375 mul_add_c(a[5],b[2],c2,c3,c1);
376 mul_add_c(a[6],b[1],c2,c3,c1);
377 mul_add_c(a[7],b[0],c2,c3,c1);
378 r[7]=c2;
379 c2=0;
380 mul_add_c(a[7],b[1],c3,c1,c2);
381 mul_add_c(a[6],b[2],c3,c1,c2);
382 mul_add_c(a[5],b[3],c3,c1,c2);
383 mul_add_c(a[4],b[4],c3,c1,c2);
384 mul_add_c(a[3],b[5],c3,c1,c2);
385 mul_add_c(a[2],b[6],c3,c1,c2);
386 mul_add_c(a[1],b[7],c3,c1,c2);
387 r[8]=c3;
388 c3=0;
389 mul_add_c(a[2],b[7],c1,c2,c3);
390 mul_add_c(a[3],b[6],c1,c2,c3);
391 mul_add_c(a[4],b[5],c1,c2,c3);
392 mul_add_c(a[5],b[4],c1,c2,c3);
393 mul_add_c(a[6],b[3],c1,c2,c3);
394 mul_add_c(a[7],b[2],c1,c2,c3);
395 r[9]=c1;
396 c1=0;
397 mul_add_c(a[7],b[3],c2,c3,c1);
398 mul_add_c(a[6],b[4],c2,c3,c1);
399 mul_add_c(a[5],b[5],c2,c3,c1);
400 mul_add_c(a[4],b[6],c2,c3,c1);
401 mul_add_c(a[3],b[7],c2,c3,c1);
402 r[10]=c2;
403 c2=0;
404 mul_add_c(a[4],b[7],c3,c1,c2);
405 mul_add_c(a[5],b[6],c3,c1,c2);
406 mul_add_c(a[6],b[5],c3,c1,c2);
407 mul_add_c(a[7],b[4],c3,c1,c2);
408 r[11]=c3;
409 c3=0;
410 mul_add_c(a[7],b[5],c1,c2,c3);
411 mul_add_c(a[6],b[6],c1,c2,c3);
412 mul_add_c(a[5],b[7],c1,c2,c3);
413 r[12]=c1;
414 c1=0;
415 mul_add_c(a[6],b[7],c2,c3,c1);
416 mul_add_c(a[7],b[6],c2,c3,c1);
417 r[13]=c2;
418 c2=0;
419 mul_add_c(a[7],b[7],c3,c1,c2);
420 r[14]=c3;
421 r[15]=c1;
422 }
423
424void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
425 {
426 BN_ULONG bl,bh;
427 BN_ULONG t1,t2;
428 BN_ULONG c1,c2,c3;
429
430 c1=0;
431 c2=0;
432 c3=0;
433 mul_add_c(a[0],b[0],c1,c2,c3);
434 r[0]=c1;
435 c1=0;
436 mul_add_c(a[0],b[1],c2,c3,c1);
437 mul_add_c(a[1],b[0],c2,c3,c1);
438 r[1]=c2;
439 c2=0;
440 mul_add_c(a[2],b[0],c3,c1,c2);
441 mul_add_c(a[1],b[1],c3,c1,c2);
442 mul_add_c(a[0],b[2],c3,c1,c2);
443 r[2]=c3;
444 c3=0;
445 mul_add_c(a[0],b[3],c1,c2,c3);
446 mul_add_c(a[1],b[2],c1,c2,c3);
447 mul_add_c(a[2],b[1],c1,c2,c3);
448 mul_add_c(a[3],b[0],c1,c2,c3);
449 r[3]=c1;
450 c1=0;
451 mul_add_c(a[3],b[1],c2,c3,c1);
452 mul_add_c(a[2],b[2],c2,c3,c1);
453 mul_add_c(a[1],b[3],c2,c3,c1);
454 r[4]=c2;
455 c2=0;
456 mul_add_c(a[2],b[3],c3,c1,c2);
457 mul_add_c(a[3],b[2],c3,c1,c2);
458 r[5]=c3;
459 c3=0;
460 mul_add_c(a[3],b[3],c1,c2,c3);
461 r[6]=c1;
462 r[7]=c2;
463 }
464
465void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
466 {
467 BN_ULONG bl,bh;
468 BN_ULONG t1,t2;
469 BN_ULONG c1,c2,c3;
470
471 c1=0;
472 c2=0;
473 c3=0;
474 sqr_add_c(a,0,c1,c2,c3);
475 r[0]=c1;
476 c1=0;
477 sqr_add_c2(a,1,0,c2,c3,c1);
478 r[1]=c2;
479 c2=0;
480 sqr_add_c(a,1,c3,c1,c2);
481 sqr_add_c2(a,2,0,c3,c1,c2);
482 r[2]=c3;
483 c3=0;
484 sqr_add_c2(a,3,0,c1,c2,c3);
485 sqr_add_c2(a,2,1,c1,c2,c3);
486 r[3]=c1;
487 c1=0;
488 sqr_add_c(a,2,c2,c3,c1);
489 sqr_add_c2(a,3,1,c2,c3,c1);
490 sqr_add_c2(a,4,0,c2,c3,c1);
491 r[4]=c2;
492 c2=0;
493 sqr_add_c2(a,5,0,c3,c1,c2);
494 sqr_add_c2(a,4,1,c3,c1,c2);
495 sqr_add_c2(a,3,2,c3,c1,c2);
496 r[5]=c3;
497 c3=0;
498 sqr_add_c(a,3,c1,c2,c3);
499 sqr_add_c2(a,4,2,c1,c2,c3);
500 sqr_add_c2(a,5,1,c1,c2,c3);
501 sqr_add_c2(a,6,0,c1,c2,c3);
502 r[6]=c1;
503 c1=0;
504 sqr_add_c2(a,7,0,c2,c3,c1);
505 sqr_add_c2(a,6,1,c2,c3,c1);
506 sqr_add_c2(a,5,2,c2,c3,c1);
507 sqr_add_c2(a,4,3,c2,c3,c1);
508 r[7]=c2;
509 c2=0;
510 sqr_add_c(a,4,c3,c1,c2);
511 sqr_add_c2(a,5,3,c3,c1,c2);
512 sqr_add_c2(a,6,2,c3,c1,c2);
513 sqr_add_c2(a,7,1,c3,c1,c2);
514 r[8]=c3;
515 c3=0;
516 sqr_add_c2(a,7,2,c1,c2,c3);
517 sqr_add_c2(a,6,3,c1,c2,c3);
518 sqr_add_c2(a,5,4,c1,c2,c3);
519 r[9]=c1;
520 c1=0;
521 sqr_add_c(a,5,c2,c3,c1);
522 sqr_add_c2(a,6,4,c2,c3,c1);
523 sqr_add_c2(a,7,3,c2,c3,c1);
524 r[10]=c2;
525 c2=0;
526 sqr_add_c2(a,7,4,c3,c1,c2);
527 sqr_add_c2(a,6,5,c3,c1,c2);
528 r[11]=c3;
529 c3=0;
530 sqr_add_c(a,6,c1,c2,c3);
531 sqr_add_c2(a,7,5,c1,c2,c3);
532 r[12]=c1;
533 c1=0;
534 sqr_add_c2(a,7,6,c2,c3,c1);
535 r[13]=c2;
536 c2=0;
537 sqr_add_c(a,7,c3,c1,c2);
538 r[14]=c3;
539 r[15]=c1;
540 }
541
542void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
543 {
544 BN_ULONG bl,bh;
545 BN_ULONG t1,t2;
546 BN_ULONG c1,c2,c3;
547
548 c1=0;
549 c2=0;
550 c3=0;
551 sqr_add_c(a,0,c1,c2,c3);
552 r[0]=c1;
553 c1=0;
554 sqr_add_c2(a,1,0,c2,c3,c1);
555 r[1]=c2;
556 c2=0;
557 sqr_add_c(a,1,c3,c1,c2);
558 sqr_add_c2(a,2,0,c3,c1,c2);
559 r[2]=c3;
560 c3=0;
561 sqr_add_c2(a,3,0,c1,c2,c3);
562 sqr_add_c2(a,2,1,c1,c2,c3);
563 r[3]=c1;
564 c1=0;
565 sqr_add_c(a,2,c2,c3,c1);
566 sqr_add_c2(a,3,1,c2,c3,c1);
567 r[4]=c2;
568 c2=0;
569 sqr_add_c2(a,3,2,c3,c1,c2);
570 r[5]=c3;
571 c3=0;
572 sqr_add_c(a,3,c1,c2,c3);
573 r[6]=c1;
574 r[7]=c2;
575 }
diff --git a/src/lib/libssl/src/crypto/des/FILES0 b/src/lib/libssl/src/crypto/des/FILES0
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/FILES0
@@ -0,0 +1,96 @@
1/* General stuff */
2COPYRIGHT - Copyright info.
3MODES.DES - A description of the features of the different modes of DES.
4FILES - This file.
5INSTALL - How to make things compile.
6Imakefile - For use with kerberos.
7README - What this package is.
8VERSION - Which version this is and what was changed.
9KERBEROS - Kerberos version 4 notes.
10Makefile.PL - An old makefile to build with perl5, not current.
11Makefile.ssl - The SSLeay makefile
12Makefile.uni - The normal unix makefile.
13GNUmakefile - The makefile for use with glibc.
14makefile.bc - A Borland C makefile
15times - Some outputs from 'speed' on some machines.
16vms.com - For use when compiling under VMS
17
18/* My SunOS des(1) replacement */
19des.c - des(1) source code.
20des.man - des(1) manual.
21
22/* Testing and timing programs. */
23destest.c - Source for libdes.a test program.
24speed.c - Source for libdes.a timing program.
25rpw.c - Source for libdes.a testing password reading routines.
26
27/* libdes.a source code */
28des_crypt.man - libdes.a manual page.
29des.h - Public libdes.a header file.
30ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code.
31ecb3_enc.c - des_ecb3_encrypt() source.
32cbc_ckm.c - des_cbc_cksum() source.
33cbc_enc.c - des_cbc_encrypt() source.
34ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies
35 the new iv values back in the passed iv vector.
36ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES.
37cbc3_enc.c - des_3cbc_encrypt() source, don't use this function.
38cfb_enc.c - des_cfb_encrypt() source.
39cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
40 used as a stream cipher.
41cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
42 used as a stream cipher and using triple DES.
43ofb_enc.c - des_cfb_encrypt() source.
44ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be
45 used as a stream cipher.
46ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
47 used as a stream cipher and using triple DES.
48enc_read.c - des_enc_read() source.
49enc_writ.c - des_enc_write() source.
50pcbc_enc.c - des_pcbc_encrypt() source.
51qud_cksm.c - quad_cksum() source.
52rand_key.c - des_random_key() source.
53read_pwd.c - Source for des_read_password() plus related functions.
54set_key.c - Source for des_set_key().
55str2key.c - Covert a string of any length into a key.
56fcrypt.c - A small, fast version of crypt(3).
57des_locl.h - Internal libdes.a header file.
58podd.h - Odd parity tables - used in des_set_key().
59sk.h - Lookup tables used in des_set_key().
60spr.h - What is left of the S tables - used in ecb_encrypt().
61des_ver.h - header file for the external definition of the
62 version string.
63des.doc - SSLeay documentation for the library.
64
65/* The perl scripts - you can ignore these files they are only
66 * included for the curious */
67des.pl - des in perl anyone? des_set_key and des_ecb_encrypt
68 both done in a perl library.
69testdes.pl - Testing program for des.pl
70doIP - Perl script used to develop IP xor/shift code.
71doPC1 - Perl script used to develop PC1 xor/shift code.
72doPC2 - Generates sk.h.
73PC1 - Output of doPC1 should be the same as output from PC1.
74PC2 - used in development of doPC2.
75shifts.pl - Perl library used by my perl scripts.
76
77/* I started making a perl5 dynamic library for libdes
78 * but did not fully finish, these files are part of that effort. */
79DES.pm
80DES.pod
81DES.xs
82t
83typemap
84
85/* The following are for use with sun RPC implementaions. */
86rpc_des.h
87rpc_enc.c
88
89/* The following are contibuted by Mark Murray <mark@grondar.za>. They
90 * are not normally built into libdes due to machine specific routines
91 * contained in them. They are for use in the most recent incarnation of
92 * export kerberos v 4 (eBones). */
93supp.c
94new_rkey.c
95
96
diff --git a/src/lib/libssl/src/crypto/engine/hw_sureware.c b/src/lib/libssl/src/crypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
1/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
2*
3*
4* Redistribution and use in source and binary forms, with or without
5* modification, are permitted provided that the following conditions
6* are met:
7*
8* 1. Redistributions of source code must retain the above copyright
9* notice, this list of conditions and the following disclaimer.
10*
11* 2. Redistributions in binary form must reproduce the above copyright
12* notice, this list of conditions and the following disclaimer in
13* the documentation and/or other materials provided with the
14* distribution.
15*
16* 3. All advertising materials mentioning features or use of this
17* software must display the following acknowledgment:
18* "This product includes software developed by the OpenSSL Project
19* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20*
21* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22* endorse or promote products derived from this software without
23* prior written permission. For written permission, please contact
24* licensing@OpenSSL.org.
25*
26* 5. Products derived from this software may not be called "OpenSSL"
27* nor may "OpenSSL" appear in their names without prior written
28* permission of the OpenSSL Project.
29*
30* 6. Redistributions of any form whatsoever must retain the following
31* acknowledgment:
32* "This product includes software developed by the OpenSSL Project
33* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34*
35* Written by Corinne Dive-Reclus(cdive@baltimore.com)
36*
37* Copyright@2001 Baltimore Technologies Ltd.
38* All right Reserved.
39* *
40* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
41* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
42* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
43* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
44* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
45* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
46* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
47* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
48* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
49* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
50* SUCH DAMAGE. *
51====================================================================*/
52
53#include <stdio.h>
54#include "cryptlib.h"
55#include <openssl/crypto.h>
56#include <openssl/pem.h>
57#include <openssl/dso.h>
58#include "eng_int.h"
59#include "engine.h"
60#include <openssl/engine.h>
61
62#ifndef OPENSSL_NO_HW
63#ifndef OPENSSL_NO_HW_SUREWARE
64
65#ifdef FLAT_INC
66#include "sureware.h"
67#else
68#include "vendor_defns/sureware.h"
69#endif
70
71#define SUREWARE_LIB_NAME "sureware engine"
72#include "hw_sureware_err.c"
73
74static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
75static int surewarehk_destroy(ENGINE *e);
76static int surewarehk_init(ENGINE *e);
77static int surewarehk_finish(ENGINE *e);
78static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx);
80
81/* RSA stuff */
82static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
83 RSA *rsa,int padding);
84static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
85 RSA *rsa,int padding);
86
87/* RAND stuff */
88static int surewarehk_rand_bytes(unsigned char *buf, int num);
89static void surewarehk_rand_seed(const void *buf, int num);
90static void surewarehk_rand_add(const void *buf, int num, double entropy);
91
92/* KM stuff */
93static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
94 UI_METHOD *ui_method, void *callback_data);
95static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
96 UI_METHOD *ui_method, void *callback_data);
97static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
98 int idx,long argl, void *argp);
99#if 0
100static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
101 int idx,long argl, void *argp);
102#endif
103
104#ifndef OPENSSL_NO_RSA
105/* This function is aliased to mod_exp (with the mont stuff dropped). */
106static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
108{
109 return surewarehk_modexp(r, a, p, m, ctx);
110}
111
112/* Our internal RSA_METHOD that we provide pointers to */
113static RSA_METHOD surewarehk_rsa =
114 {
115 "SureWare RSA method",
116 NULL, /* pub_enc*/
117 NULL, /* pub_dec*/
118 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
119 surewarehk_rsa_priv_dec, /* priv_dec*/
120 NULL, /*mod_exp*/
121 surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
122 NULL, /* init*/
123 NULL, /* finish*/
124 0, /* RSA flag*/
125 NULL,
126 NULL, /* OpenSSL sign*/
127 NULL /* OpenSSL verify*/
128 };
129#endif
130
131#ifndef OPENSSL_NO_DH
132/* Our internal DH_METHOD that we provide pointers to */
133/* This function is aliased to mod_exp (with the dh and mont dropped). */
134static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
135 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
136{
137 return surewarehk_modexp(r, a, p, m, ctx);
138}
139
140static DH_METHOD surewarehk_dh =
141 {
142 "SureWare DH method",
143 NULL,/*gen_key*/
144 NULL,/*agree,*/
145 surewarehk_modexp_dh, /*dh mod exp*/
146 NULL, /* init*/
147 NULL, /* finish*/
148 0, /* flags*/
149 NULL
150 };
151#endif
152
153static RAND_METHOD surewarehk_rand =
154 {
155 /* "SureWare RAND method", */
156 surewarehk_rand_seed,
157 surewarehk_rand_bytes,
158 NULL,/*cleanup*/
159 surewarehk_rand_add,
160 surewarehk_rand_bytes,
161 NULL,/*rand_status*/
162 };
163
164#ifndef OPENSSL_NO_DSA
165/* DSA stuff */
166static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
167static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
168 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
169 BN_CTX *ctx, BN_MONT_CTX *in_mont)
170{
171 BIGNUM t;
172 int to_return = 0;
173 BN_init(&t);
174 /* let rr = a1 ^ p1 mod m */
175 if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
176 /* let t = a2 ^ p2 mod m */
177 if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
178 /* let rr = rr * t mod m */
179 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
180 to_return = 1;
181end:
182 BN_free(&t);
183 return to_return;
184}
185
186static DSA_METHOD surewarehk_dsa =
187 {
188 "SureWare DSA method",
189 surewarehk_dsa_do_sign,
190 NULL,/*sign setup*/
191 NULL,/*verify,*/
192 surewarehk_dsa_mod_exp,/*mod exp*/
193 NULL,/*bn mod exp*/
194 NULL, /*init*/
195 NULL,/*finish*/
196 0,
197 NULL,
198 };
199#endif
200
201static const char *engine_sureware_id = "sureware";
202static const char *engine_sureware_name = "SureWare hardware engine support";
203
204/* Now, to our own code */
205
206/* As this is only ever called once, there's no need for locking
207 * (indeed - the lock will already be held by our caller!!!) */
208static int bind_sureware(ENGINE *e)
209{
210#ifndef OPENSSL_NO_RSA
211 const RSA_METHOD *meth1;
212#endif
213#ifndef OPENSSL_NO_DSA
214 const DSA_METHOD *meth2;
215#endif
216#ifndef OPENSSL_NO_DH
217 const DH_METHOD *meth3;
218#endif
219
220 if(!ENGINE_set_id(e, engine_sureware_id) ||
221 !ENGINE_set_name(e, engine_sureware_name) ||
222#ifndef OPENSSL_NO_RSA
223 !ENGINE_set_RSA(e, &surewarehk_rsa) ||
224#endif
225#ifndef OPENSSL_NO_DSA
226 !ENGINE_set_DSA(e, &surewarehk_dsa) ||
227#endif
228#ifndef OPENSSL_NO_DH
229 !ENGINE_set_DH(e, &surewarehk_dh) ||
230#endif
231 !ENGINE_set_RAND(e, &surewarehk_rand) ||
232 !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
233 !ENGINE_set_init_function(e, surewarehk_init) ||
234 !ENGINE_set_finish_function(e, surewarehk_finish) ||
235 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
236 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
237 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
238 return 0;
239
240#ifndef OPENSSL_NO_RSA
241 /* We know that the "PKCS1_SSLeay()" functions hook properly
242 * to the cswift-specific mod_exp and mod_exp_crt so we use
243 * those functions. NB: We don't use ENGINE_openssl() or
244 * anything "more generic" because something like the RSAref
245 * code may not hook properly, and if you own one of these
246 * cards then you have the right to do RSA operations on it
247 * anyway! */
248 meth1 = RSA_PKCS1_SSLeay();
249 if (meth1)
250 {
251 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 }
254#endif
255
256#ifndef OPENSSL_NO_DSA
257 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
258 * bits. */
259 meth2 = DSA_OpenSSL();
260 if (meth2)
261 {
262 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
263 }
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 if (meth3)
270 {
271 surewarehk_dh.generate_key = meth3->generate_key;
272 surewarehk_dh.compute_key = meth3->compute_key;
273 }
274#endif
275
276 /* Ensure the sureware error handling is set up */
277 ERR_load_SUREWARE_strings();
278 return 1;
279}
280
281#ifdef ENGINE_DYNAMIC_SUPPORT
282static int bind_helper(ENGINE *e, const char *id)
283 {
284 if(id && (strcmp(id, engine_sureware_id) != 0))
285 return 0;
286 if(!bind_sureware(e))
287 return 0;
288 return 1;
289 }
290IMPLEMENT_DYNAMIC_CHECK_FN()
291IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
292#else
293static ENGINE *engine_sureware(void)
294 {
295 ENGINE *ret = ENGINE_new();
296 if(!ret)
297 return NULL;
298 if(!bind_sureware(ret))
299 {
300 ENGINE_free(ret);
301 return NULL;
302 }
303 return ret;
304 }
305
306void ENGINE_load_sureware(void)
307 {
308 /* Copied from eng_[openssl|dyn].c */
309 ENGINE *toadd = engine_sureware();
310 if(!toadd) return;
311 ENGINE_add(toadd);
312 ENGINE_free(toadd);
313 ERR_clear_error();
314 }
315#endif
316
317/* This is a process-global DSO handle used for loading and unloading
318 * the SureWareHook library. NB: This is only set (or unset) during an
319 * init() or finish() call (reference counts permitting) and they're
320 * operating with global locks, so this should be thread-safe
321 * implicitly. */
322static DSO *surewarehk_dso = NULL;
323#ifndef OPENSSL_NO_RSA
324static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
325#endif
326#ifndef OPENSSL_NO_DSA
327static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
328#endif
329
330/* These are the function pointers that are (un)set when the library has
331 * successfully (un)loaded. */
332static SureWareHook_Init_t *p_surewarehk_Init = NULL;
333static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
334static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
335static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
336static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
337static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
338static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
339static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
340static SureWareHook_Free_t *p_surewarehk_Free=NULL;
341static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
342static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
343static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
344static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
345
346/* Used in the DSO operations. */
347static const char *surewarehk_LIBNAME = "SureWareHook";
348static const char *n_surewarehk_Init = "SureWareHook_Init";
349static const char *n_surewarehk_Finish = "SureWareHook_Finish";
350static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
351static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
352static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
353static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
354static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
355static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
356static const char *n_surewarehk_Free="SureWareHook_Free";
357static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
358static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
359static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
360static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
361static BIO *logstream = NULL;
362
363/* SureWareHook library functions and mechanics - these are used by the
364 * higher-level functions further down. NB: As and where there's no
365 * error checking, take a look lower down where these functions are
366 * called, the checking and error handling is probably down there.
367*/
368static int threadsafe=1;
369static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
370{
371 int to_return = 1;
372
373 switch(cmd)
374 {
375 case ENGINE_CTRL_SET_LOGSTREAM:
376 {
377 BIO *bio = (BIO *)p;
378 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
379 if (logstream)
380 {
381 BIO_free(logstream);
382 logstream = NULL;
383 }
384 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
385 logstream = bio;
386 else
387 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
388 }
389 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
390 break;
391 /* This will prevent the initialisation function from "installing"
392 * the mutex-handling callbacks, even if they are available from
393 * within the library (or were provided to the library from the
394 * calling application). This is to remove any baggage for
395 * applications not using multithreading. */
396 case ENGINE_CTRL_CHIL_NO_LOCKING:
397 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
398 threadsafe = 0;
399 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
400 break;
401
402 /* The command isn't understood by this engine */
403 default:
404 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
405 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
406 to_return = 0;
407 break;
408 }
409
410 return to_return;
411}
412
413/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
414static int surewarehk_destroy(ENGINE *e)
415{
416 ERR_unload_SUREWARE_strings();
417 return 1;
418}
419
420/* (de)initialisation functions. */
421static int surewarehk_init(ENGINE *e)
422{
423 char msg[64]="ENGINE_init";
424 SureWareHook_Init_t *p1=NULL;
425 SureWareHook_Finish_t *p2=NULL;
426 SureWareHook_Rand_Bytes_t *p3=NULL;
427 SureWareHook_Rand_Seed_t *p4=NULL;
428 SureWareHook_Load_Privkey_t *p5=NULL;
429 SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
430 SureWareHook_Free_t *p7=NULL;
431 SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
432 SureWareHook_Rsa_Sign_t *p9=NULL;
433 SureWareHook_Dsa_Sign_t *p12=NULL;
434 SureWareHook_Info_Pubkey_t *p13=NULL;
435 SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
436 SureWareHook_Mod_Exp_t *p15=NULL;
437
438 if(surewarehk_dso != NULL)
439 {
440 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
441 goto err;
442 }
443 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
444 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
445 if(surewarehk_dso == NULL)
446 {
447 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
448 goto err;
449 }
450 if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
451 !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
452 !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
453 !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
454 !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
455 !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
456 !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
457 !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
458 !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
459 !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
460 !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
461 !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
462 !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
463 {
464 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
465 goto err;
466 }
467 /* Copy the pointers */
468 p_surewarehk_Init = p1;
469 p_surewarehk_Finish = p2;
470 p_surewarehk_Rand_Bytes = p3;
471 p_surewarehk_Rand_Seed = p4;
472 p_surewarehk_Load_Privkey = p5;
473 p_surewarehk_Load_Rsa_Pubkey = p6;
474 p_surewarehk_Free = p7;
475 p_surewarehk_Rsa_Priv_Dec = p8;
476 p_surewarehk_Rsa_Sign = p9;
477 p_surewarehk_Dsa_Sign = p12;
478 p_surewarehk_Info_Pubkey = p13;
479 p_surewarehk_Load_Dsa_Pubkey = p14;
480 p_surewarehk_Mod_Exp = p15;
481 /* Contact the hardware and initialises it. */
482 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
483 {
484 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
485 goto err;
486 }
487 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
488 {
489 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
490 goto err;
491 }
492 /* try to load the default private key, if failed does not return a failure but
493 wait for an explicit ENGINE_load_privakey */
494 surewarehk_load_privkey(e,NULL,NULL,NULL);
495
496 /* Everything's fine. */
497#ifndef OPENSSL_NO_RSA
498 if (rsaHndidx == -1)
499 rsaHndidx = RSA_get_ex_new_index(0,
500 "SureWareHook RSA key handle",
501 NULL, NULL, surewarehk_ex_free);
502#endif
503#ifndef OPENSSL_NO_DSA
504 if (dsaHndidx == -1)
505 dsaHndidx = DSA_get_ex_new_index(0,
506 "SureWareHook DSA key handle",
507 NULL, NULL, surewarehk_ex_free);
508#endif
509
510 return 1;
511err:
512 if(surewarehk_dso)
513 DSO_free(surewarehk_dso);
514 surewarehk_dso = NULL;
515 p_surewarehk_Init = NULL;
516 p_surewarehk_Finish = NULL;
517 p_surewarehk_Rand_Bytes = NULL;
518 p_surewarehk_Rand_Seed = NULL;
519 p_surewarehk_Load_Privkey = NULL;
520 p_surewarehk_Load_Rsa_Pubkey = NULL;
521 p_surewarehk_Free = NULL;
522 p_surewarehk_Rsa_Priv_Dec = NULL;
523 p_surewarehk_Rsa_Sign = NULL;
524 p_surewarehk_Dsa_Sign = NULL;
525 p_surewarehk_Info_Pubkey = NULL;
526 p_surewarehk_Load_Dsa_Pubkey = NULL;
527 p_surewarehk_Mod_Exp = NULL;
528 return 0;
529}
530
531static int surewarehk_finish(ENGINE *e)
532{
533 int to_return = 1;
534 if(surewarehk_dso == NULL)
535 {
536 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
537 to_return = 0;
538 goto err;
539 }
540 p_surewarehk_Finish();
541 if(!DSO_free(surewarehk_dso))
542 {
543 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
544 to_return = 0;
545 goto err;
546 }
547 err:
548 if (logstream)
549 BIO_free(logstream);
550 surewarehk_dso = NULL;
551 p_surewarehk_Init = NULL;
552 p_surewarehk_Finish = NULL;
553 p_surewarehk_Rand_Bytes = NULL;
554 p_surewarehk_Rand_Seed = NULL;
555 p_surewarehk_Load_Privkey = NULL;
556 p_surewarehk_Load_Rsa_Pubkey = NULL;
557 p_surewarehk_Free = NULL;
558 p_surewarehk_Rsa_Priv_Dec = NULL;
559 p_surewarehk_Rsa_Sign = NULL;
560 p_surewarehk_Dsa_Sign = NULL;
561 p_surewarehk_Info_Pubkey = NULL;
562 p_surewarehk_Load_Dsa_Pubkey = NULL;
563 p_surewarehk_Mod_Exp = NULL;
564 return to_return;
565}
566
567static void surewarehk_error_handling(char *const msg,int func,int ret)
568{
569 switch (ret)
570 {
571 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
572 ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
573 break;
574 case SUREWAREHOOK_ERROR_FALLBACK:
575 ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
576 break;
577 case SUREWAREHOOK_ERROR_DATA_SIZE:
578 ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
579 break;
580 case SUREWAREHOOK_ERROR_INVALID_PAD:
581 ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
582 break;
583 default:
584 ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
585 break;
586 case 1:/*nothing*/
587 msg[0]='\0';
588 }
589 if (*msg)
590 {
591 ERR_add_error_data(1,msg);
592 if (logstream)
593 {
594 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
595 BIO_write(logstream, msg, strlen(msg));
596 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
597 }
598 }
599}
600
601static int surewarehk_rand_bytes(unsigned char *buf, int num)
602{
603 int ret=0;
604 char msg[64]="ENGINE_rand_bytes";
605 if(!p_surewarehk_Rand_Bytes)
606 {
607 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
608 }
609 else
610 {
611 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
612 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
613 }
614 return ret==1 ? 1 : 0;
615}
616
617static void surewarehk_rand_seed(const void *buf, int num)
618{
619 int ret=0;
620 char msg[64]="ENGINE_rand_seed";
621 if(!p_surewarehk_Rand_Seed)
622 {
623 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
624 }
625 else
626 {
627 ret = p_surewarehk_Rand_Seed(msg,buf, num);
628 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
629 }
630}
631
632static void surewarehk_rand_add(const void *buf, int num, double entropy)
633{
634 surewarehk_rand_seed(buf,num);
635}
636
637static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
638{
639 EVP_PKEY *res = NULL;
640#ifndef OPENSSL_NO_RSA
641 RSA *rsatmp = NULL;
642#endif
643#ifndef OPENSSL_NO_DSA
644 DSA *dsatmp=NULL;
645#endif
646 char msg[64]="sureware_load_public";
647 int ret=0;
648 if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
649 {
650 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
651 goto err;
652 }
653 switch (keytype)
654 {
655#ifndef OPENSSL_NO_RSA
656 case 1: /*RSA*/
657 /* set private external reference */
658 rsatmp = RSA_new_method(e);
659 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
660 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
661
662 /* set public big nums*/
663 rsatmp->e = BN_new();
664 rsatmp->n = BN_new();
665 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
666 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
667 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
668 !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
669 goto err;
670 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
671 (unsigned long *)rsatmp->n->d,
672 (unsigned long *)rsatmp->e->d);
673 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
674 if (ret!=1)
675 {
676 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
677 goto err;
678 }
679 /* normalise pub e and pub n */
680 rsatmp->e->top=el/sizeof(BN_ULONG);
681 bn_fix_top(rsatmp->e);
682 rsatmp->n->top=el/sizeof(BN_ULONG);
683 bn_fix_top(rsatmp->n);
684 /* create an EVP object: engine + rsa key */
685 res = EVP_PKEY_new();
686 EVP_PKEY_assign_RSA(res, rsatmp);
687 break;
688#endif
689
690#ifndef OPENSSL_NO_DSA
691 case 2:/*DSA*/
692 /* set private/public external reference */
693 dsatmp = DSA_new_method(e);
694 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
695 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
696
697 /* set public key*/
698 dsatmp->pub_key = BN_new();
699 dsatmp->p = BN_new();
700 dsatmp->q = BN_new();
701 dsatmp->g = BN_new();
702 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
703 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
704 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
705 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
706 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
707 !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
708 !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
709 !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
710 goto err;
711
712 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
713 (unsigned long *)dsatmp->pub_key->d,
714 (unsigned long *)dsatmp->p->d,
715 (unsigned long *)dsatmp->q->d,
716 (unsigned long *)dsatmp->g->d);
717 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
718 if (ret!=1)
719 {
720 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
721 goto err;
722 }
723 /* set parameters */
724 /* normalise pubkey and parameters in case of */
725 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
726 bn_fix_top(dsatmp->pub_key);
727 dsatmp->p->top=el/sizeof(BN_ULONG);
728 bn_fix_top(dsatmp->p);
729 dsatmp->q->top=20/sizeof(BN_ULONG);
730 bn_fix_top(dsatmp->q);
731 dsatmp->g->top=el/sizeof(BN_ULONG);
732 bn_fix_top(dsatmp->g);
733
734 /* create an EVP object: engine + rsa key */
735 res = EVP_PKEY_new();
736 EVP_PKEY_assign_DSA(res, dsatmp);
737 break;
738#endif
739
740 default:
741 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
742 goto err;
743 }
744 return res;
745 err:
746 if (res)
747 EVP_PKEY_free(res);
748#ifndef OPENSSL_NO_RSA
749 if (rsatmp)
750 RSA_free(rsatmp);
751#endif
752#ifndef OPENSSL_NO_DSA
753 if (dsatmp)
754 DSA_free(dsatmp);
755#endif
756 return NULL;
757}
758
759static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
760 UI_METHOD *ui_method, void *callback_data)
761{
762 EVP_PKEY *res = NULL;
763 int ret=0;
764 unsigned long el=0;
765 char *hptr=NULL;
766 char keytype=0;
767 char msg[64]="ENGINE_load_privkey";
768
769 if(!p_surewarehk_Load_Privkey)
770 {
771 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
772 }
773 else
774 {
775 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
776 if (ret!=1)
777 {
778 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
779 ERR_add_error_data(1,msg);
780 }
781 else
782 res=sureware_load_public(e,key_id,hptr,el,keytype);
783 }
784 return res;
785}
786
787static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
788 UI_METHOD *ui_method, void *callback_data)
789{
790 EVP_PKEY *res = NULL;
791 int ret=0;
792 unsigned long el=0;
793 char *hptr=NULL;
794 char keytype=0;
795 char msg[64]="ENGINE_load_pubkey";
796
797 if(!p_surewarehk_Info_Pubkey)
798 {
799 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
800 }
801 else
802 {
803 /* call once to identify if DSA or RSA */
804 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
805 if (ret!=1)
806 {
807 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
808 ERR_add_error_data(1,msg);
809 }
810 else
811 res=sureware_load_public(e,key_id,hptr,el,keytype);
812 }
813 return res;
814}
815
816/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
817, called when ex_data is freed */
818static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
819 int idx,long argl, void *argp)
820{
821 if(!p_surewarehk_Free)
822 {
823 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
824 }
825 else
826 p_surewarehk_Free((char *)item,0);
827}
828
829#if 0
830/* This cleans up an DH KM key (destroys the key into hardware),
831called when ex_data is freed */
832static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
833 int idx,long argl, void *argp)
834{
835 if(!p_surewarehk_Free)
836 {
837 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
838 }
839 else
840 p_surewarehk_Free((char *)item,1);
841}
842#endif
843
844/*
845* return number of decrypted bytes
846*/
847#ifndef OPENSSL_NO_RSA
848static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
849 RSA *rsa,int padding)
850{
851 int ret=0,tlen;
852 char *buf=NULL,*hptr=NULL;
853 char msg[64]="ENGINE_rsa_priv_dec";
854 if (!p_surewarehk_Rsa_Priv_Dec)
855 {
856 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
857 }
858 /* extract ref to private key */
859 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
860 {
861 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
862 goto err;
863 }
864 /* analyse what padding we can do into the hardware */
865 if (padding==RSA_PKCS1_PADDING)
866 {
867 /* do it one shot */
868 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
869 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
870 if (ret!=1)
871 goto err;
872 ret=tlen;
873 }
874 else /* do with no padding into hardware */
875 {
876 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
877 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
878 if (ret!=1)
879 goto err;
880 /* intermediate buffer for padding */
881 if ((buf=OPENSSL_malloc(tlen)) == NULL)
882 {
883 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
884 goto err;
885 }
886 memcpy(buf,to,tlen);/* transfert to into buf */
887 switch (padding) /* check padding in software */
888 {
889#ifndef OPENSSL_NO_SHA
890 case RSA_PKCS1_OAEP_PADDING:
891 ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
892 break;
893#endif
894 case RSA_SSLV23_PADDING:
895 ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
896 break;
897 case RSA_NO_PADDING:
898 ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
899 break;
900 default:
901 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
902 goto err;
903 }
904 if (ret < 0)
905 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
906 }
907err:
908 if (buf)
909 {
910 OPENSSL_cleanse(buf,tlen);
911 OPENSSL_free(buf);
912 }
913 return ret;
914}
915
916/*
917* Does what OpenSSL rsa_priv_enc does.
918*/
919static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
920 RSA *rsa,int padding)
921{
922 int ret=0,tlen;
923 char *hptr=NULL;
924 char msg[64]="ENGINE_rsa_sign";
925 if (!p_surewarehk_Rsa_Sign)
926 {
927 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
928 }
929 /* extract ref to private key */
930 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
931 {
932 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
933 }
934 else
935 {
936 switch (padding)
937 {
938 case RSA_PKCS1_PADDING: /* do it in one shot */
939 ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
940 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
941 break;
942 case RSA_NO_PADDING:
943 default:
944 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
945 }
946 }
947 return ret==1 ? tlen : ret;
948}
949
950#endif
951
952#ifndef OPENSSL_NO_DSA
953/* DSA sign and verify */
954static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
955{
956 int ret=0;
957 char *hptr=NULL;
958 DSA_SIG *psign=NULL;
959 char msg[64]="ENGINE_dsa_do_sign";
960 if (!p_surewarehk_Dsa_Sign)
961 {
962 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
963 }
964 /* extract ref to private key */
965 else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
966 {
967 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
968 }
969 else
970 {
971 if((psign = DSA_SIG_new()) == NULL)
972 {
973 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
974 goto err;
975 }
976 psign->r=BN_new();
977 psign->s=BN_new();
978 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
979 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
980 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
981 !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
982 goto err;
983 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
984 (unsigned long *)psign->r->d,
985 (unsigned long *)psign->s->d,
986 hptr);
987 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
988 }
989 psign->r->top=20/sizeof(BN_ULONG);
990 bn_fix_top(psign->r);
991 psign->s->top=20/sizeof(BN_ULONG);
992 bn_fix_top(psign->s);
993
994err:
995 if (psign)
996 {
997 DSA_SIG_free(psign);
998 psign=NULL;
999 }
1000 return psign;
1001}
1002#endif
1003
1004static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1005 const BIGNUM *m, BN_CTX *ctx)
1006{
1007 int ret=0;
1008 char msg[64]="ENGINE_modexp";
1009 if (!p_surewarehk_Mod_Exp)
1010 {
1011 SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
1012 }
1013 else
1014 {
1015 bn_expand2(r,m->top);
1016 if (r && r->dmax==m->top)
1017 {
1018 /* do it*/
1019 ret=p_surewarehk_Mod_Exp(msg,
1020 m->top*sizeof(BN_ULONG),
1021 (unsigned long *)m->d,
1022 p->top*sizeof(BN_ULONG),
1023 (unsigned long *)p->d,
1024 a->top*sizeof(BN_ULONG),
1025 (unsigned long *)a->d,
1026 (unsigned long *)r->d);
1027 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
1028 if (ret==1)
1029 {
1030 /* normalise result */
1031 r->top=m->top;
1032 bn_fix_top(r);
1033 }
1034 }
1035 }
1036 return ret;
1037}
1038#endif /* !OPENSSL_NO_HW_SureWare */
1039#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/crypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libssl/src/crypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
1/******************************************************************************
2 *
3 * Copyright 2000
4 * Broadcom Corporation
5 * 16215 Alton Parkway
6 * PO Box 57013
7 * Irvine CA 92619-7013
8 *
9 *****************************************************************************/
10/*
11 * Broadcom Corporation uBSec SDK
12 */
13/*
14 * Character device header file.
15 */
16/*
17 * Revision History:
18 *
19 * October 2000 JTT Created.
20 */
21
22#define MAX_PUBLIC_KEY_BITS (1024)
23#define MAX_PUBLIC_KEY_BYTES (1024/8)
24#define SHA_BIT_SIZE (160)
25#define MAX_CRYPTO_KEY_LENGTH 24
26#define MAX_MAC_KEY_LENGTH 64
27#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
28#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
29
30/* Math command types. */
31#define UBSEC_MATH_MODADD 0x0001
32#define UBSEC_MATH_MODSUB 0x0002
33#define UBSEC_MATH_MODMUL 0x0004
34#define UBSEC_MATH_MODEXP 0x0008
35#define UBSEC_MATH_MODREM 0x0010
36#define UBSEC_MATH_MODINV 0x0020
37
38typedef long ubsec_MathCommand_t;
39typedef long ubsec_RNGCommand_t;
40
41typedef struct ubsec_crypto_context_s {
42 unsigned int flags;
43 unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
44 unsigned char auth[MAX_MAC_KEY_LENGTH];
45} ubsec_crypto_context_t, *ubsec_crypto_context_p;
46
47/*
48 * Predeclare the function pointer types that we dynamically load from the DSO.
49 */
50
51typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
52
53typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
54
55typedef int t_UBSEC_ubsec_open(unsigned char *device);
56
57typedef int t_UBSEC_ubsec_close(int fd);
58
59typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
60 unsigned char *x, int *x_len, unsigned char *y, int *y_len,
61 unsigned char *g, int g_len, unsigned char *m, int m_len,
62 unsigned char *userX, int userX_len, int random_bits);
63
64typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
65 unsigned char *x, int x_len, unsigned char *y, int y_len,
66 unsigned char *m, int m_len, unsigned char *k, int *k_len);
67
68typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
69 unsigned char *x, int x_len, unsigned char *m, int m_len,
70 unsigned char *e, int e_len, unsigned char *y, int *y_len);
71
72typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
73 unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
74 unsigned char *edq, int edq_len, unsigned char *q, int q_len,
75 unsigned char *edp, int edp_len, unsigned char *p, int p_len,
76 unsigned char *y, int *y_len);
77
78typedef int t_UBSEC_dsa_sign_ioctl (int fd,
79 int hash, unsigned char *data, int data_len,
80 unsigned char *rndom, int random_len,
81 unsigned char *p, int p_len, unsigned char *q, int q_len,
82 unsigned char *g, int g_len, unsigned char *key, int key_len,
83 unsigned char *r, int *r_len, unsigned char *s, int *s_len);
84
85typedef int t_UBSEC_dsa_verify_ioctl (int fd,
86 int hash, unsigned char *data, int data_len,
87 unsigned char *p, int p_len, unsigned char *q, int q_len,
88 unsigned char *g, int g_len, unsigned char *key, int key_len,
89 unsigned char *r, int r_len, unsigned char *s, int s_len,
90 unsigned char *v, int *v_len);
91
92typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
93 unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
94 unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
95 unsigned char *Result, int *Result_len);
96
97typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
98 unsigned char *Result, int *Result_len);
99
100typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libssl/src/crypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libssl/src/crypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
1/*
2 * ModExp / RSA (with/without KM) plugin API
3 *
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
6 *
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
9 *
10 *
11 * This file is Copyright 1998-2000 nCipher Corporation Limited.
12 *
13 * Redistribution and use in source and binary forms, with opr without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the copyright notice,
18 * this list of conditions, and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions, and the following
22 * disclaimer, in the documentation and/or other materials provided
23 * with the distribution
24 *
25 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
26 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
27 * damages arising directly or indirectly from this file, its use or
28 * this licence. Without prejudice to the generality of the
29 * foregoing: all liability shall be excluded for direct, indirect,
30 * special, incidental, consequential or other damages or any loss of
31 * profits, business, revenue goodwill or anticipated savings;
32 * liability shall be excluded even if nCipher or anyone else has been
33 * advised of the possibility of damage. In any event, if the
34 * exclusion of liability is not effective, the liability of nCipher
35 * or any author or distributor shall be limited to the lesser of the
36 * price paid and 1,000 pounds sterling. This licence only fails to
37 * exclude or limit liability for death or personal injury arising out
38 * of negligence, and only to the extent that such an exclusion or
39 * limitation is not effective.
40 *
41 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
42 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
43 * limited to, any implied warranties of merchantability, fitness for
44 * a particular purpose, satisfactory quality, and/or non-infringement
45 * of any third party rights.
46 *
47 * US Government use: This software and documentation is Commercial
48 * Computer Software and Computer Software Documentation, as defined in
49 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
50 * Noncommercial Computer Software and Noncommercial Computer Software
51 * Documentation." Use, duplication or disclosure by the Government is
52 * subject to the terms and conditions specified here.
53 *
54 * By using or distributing this file you will be accepting these
55 * terms and conditions, including the limitation of liability and
56 * lack of warranty. If you do not wish to accept these terms and
57 * conditions, DO NOT USE THE FILE.
58 *
59 *
60 * The actual dynamically loadable plugin, and the library files for
61 * static linking, which are also provided in some distributions, are
62 * not covered by the licence described above. You should have
63 * received a separate licence with terms and conditions for these
64 * library files; if you received the library files without a licence,
65 * please contact nCipher.
66 *
67 *
68 * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
69 */
70
71#ifndef HWCRYPTOHOOK_H
72#define HWCRYPTOHOOK_H
73
74#include <sys/types.h>
75#include <stdio.h>
76
77#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
78#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
79#endif
80
81#define HWCRYPTOHOOK_ERROR_FAILED -1
82#define HWCRYPTOHOOK_ERROR_FALLBACK -2
83#define HWCRYPTOHOOK_ERROR_MPISIZE -3
84
85#if HWCRYPTOHOOK_DECLARE_APPTYPES
86
87/* These structs are defined by the application and opaque to the
88 * crypto plugin. The application may define these as it sees fit.
89 * Default declarations are provided here, but the application may
90 * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
91 * to prevent these declarations, and instead provide its own
92 * declarations of these types. (Pointers to them must still be
93 * ordinary pointers to structs or unions, or the resulting combined
94 * program will have a type inconsistency.)
95 */
96typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
97typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
98typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
99typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
100
101#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
102
103/* These next two structs are opaque to the application. The crypto
104 * plugin will return pointers to them; the caller simply manipulates
105 * the pointers.
106 */
107typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
108typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
109
110typedef struct {
111 char *buf;
112 size_t size;
113} HWCryptoHook_ErrMsgBuf;
114/* Used for error reporting. When a HWCryptoHook function fails it
115 * will return a sentinel value (0 for pointer-valued functions, or a
116 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
117 * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
118 * an error message there.
119 *
120 * size is the size of the buffer, and will not be modified. If you
121 * pass 0 for size you must pass 0 for buf, and nothing will be
122 * recorded (just as if you passed 0 for the struct pointer).
123 * Messages written to the buffer will always be null-terminated, even
124 * when truncated to fit within size bytes.
125 *
126 * The contents of the buffer are not defined if there is no error.
127 */
128
129typedef struct HWCryptoHook_MPIStruct {
130 unsigned char *buf;
131 size_t size;
132} HWCryptoHook_MPI;
133/* When one of these is returned, a pointer is passed to the function.
134 * At call, size is the space available. Afterwards it is updated to
135 * be set to the actual length (which may be more than the space available,
136 * if there was not enough room and the result was truncated).
137 * buf (the pointer) is not updated.
138 *
139 * size is in bytes and may be zero at call or return, but must be a
140 * multiple of the limb size. Zero limbs at the MS end are not
141 * permitted.
142 */
143
144#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
145#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
146/* Enable requesting fallback to software in case of problems with the
147 * hardware support. This indicates to the crypto provider that the
148 * application is prepared to fall back to software operation if the
149 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
150 * Without this flag those calls will never return
151 * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
152 * provider to avoid repeatedly attempting to contact dead hardware
153 * within a short interval, if appropriate.
154 */
155
156#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
157/* Without _SimpleForkCheck the library is allowed to assume that the
158 * application will not fork and call the library in the child(ren).
159 *
160 * When it is specified, this is allowed. However, after a fork
161 * neither parent nor child may unload any loaded keys or call
162 * _Finish. Instead, they should call exit (or die with a signal)
163 * without calling _Finish. After all the children have died the
164 * parent may unload keys or call _Finish.
165 *
166 * This flag only has any effect on UN*X platforms.
167 */
168
169typedef struct {
170 unsigned long flags;
171 void *logstream; /* usually a FILE*. See below. */
172
173 size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
174 int mslimbfirst; /* 0 or 1 */
175 int msbytefirst; /* 0 or 1; -1 = native */
176
177 /* All the callback functions should return 0 on success, or a
178 * nonzero integer (whose value will be visible in the error message
179 * put in the buffer passed to the call).
180 *
181 * If a callback is not available pass a null function pointer.
182 *
183 * The callbacks may not call down again into the crypto plugin.
184 */
185
186 /* For thread-safety. Set everything to 0 if you promise only to be
187 * singlethreaded. maxsimultaneous is the number of calls to
188 * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
189 * put there then say 0 and the hook library will use a default.
190 *
191 * maxmutexes is a small limit on the number of simultaneous mutexes
192 * which will be requested by the library. If there is no small
193 * limit, set it to 0. If the crypto plugin cannot create the
194 * advertised number of mutexes the calls to its functions may fail.
195 * If a low number of mutexes is advertised the plugin will try to
196 * do the best it can. Making larger numbers of mutexes available
197 * may improve performance and parallelism by reducing contention
198 * over critical sections. Unavailability of any mutexes, implying
199 * single-threaded operation, should be indicated by the setting
200 * mutex_init et al to 0.
201 */
202 int maxmutexes;
203 int maxsimultaneous;
204 size_t mutexsize;
205 int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
206 int (*mutex_acquire)(HWCryptoHook_Mutex*);
207 void (*mutex_release)(HWCryptoHook_Mutex*);
208 void (*mutex_destroy)(HWCryptoHook_Mutex*);
209
210 /* For greater efficiency, can use condition vars internally for
211 * synchronisation. In this case maxsimultaneous is ignored, but
212 * the other mutex stuff must be available. In singlethreaded
213 * programs, set everything to 0.
214 */
215 size_t condvarsize;
216 int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
217 int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
218 void (*condvar_signal)(HWCryptoHook_CondVar*);
219 void (*condvar_broadcast)(HWCryptoHook_CondVar*);
220 void (*condvar_destroy)(HWCryptoHook_CondVar*);
221
222 /* The semantics of acquiring and releasing mutexes and broadcasting
223 * and waiting on condition variables are expected to be those from
224 * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
225 * fast mutexes, recursive mutexes, or nonrecursive ones.
226 *
227 * The _release/_signal/_broadcast and _destroy functions must
228 * always succeed when given a valid argument; if they are given an
229 * invalid argument then the program (crypto plugin + application)
230 * has an internal error, and they should abort the program.
231 */
232
233 int (*getpassphrase)(const char *prompt_info,
234 int *len_io, char *buf,
235 HWCryptoHook_PassphraseContext *ppctx,
236 HWCryptoHook_CallerContext *cactx);
237 /* Passphrases and the prompt_info, if they contain high-bit-set
238 * characters, are UTF-8. The prompt_info may be a null pointer if
239 * no prompt information is available (it should not be an empty
240 * string). It will not contain text like `enter passphrase';
241 * instead it might say something like `Operator Card for John
242 * Smith' or `SmartCard in nFast Module #1, Slot #1'.
243 *
244 * buf points to a buffer in which to return the passphrase; on
245 * entry *len_io is the length of the buffer. It should be updated
246 * by the callback. The returned passphrase should not be
247 * null-terminated by the callback.
248 */
249
250 int (*getphystoken)(const char *prompt_info,
251 const char *wrong_info,
252 HWCryptoHook_PassphraseContext *ppctx,
253 HWCryptoHook_CallerContext *cactx);
254 /* Requests that the human user physically insert a different
255 * smartcard, DataKey, etc. The plugin should check whether the
256 * currently inserted token(s) are appropriate, and if they are it
257 * should not make this call.
258 *
259 * prompt_info is as before. wrong_info is a description of the
260 * currently inserted token(s) so that the user is told what
261 * something is. wrong_info, like prompt_info, may be null, but
262 * should not be an empty string. Its contents should be
263 * syntactically similar to that of prompt_info.
264 */
265
266 /* Note that a single LoadKey operation might cause several calls to
267 * getpassphrase and/or requestphystoken. If requestphystoken is
268 * not provided (ie, a null pointer is passed) then the plugin may
269 * not support loading keys for which authorisation by several cards
270 * is required. If getpassphrase is not provided then cards with
271 * passphrases may not be supported.
272 *
273 * getpassphrase and getphystoken do not need to check that the
274 * passphrase has been entered correctly or the correct token
275 * inserted; the crypto plugin will do that. If this is not the
276 * case then the crypto plugin is responsible for calling these
277 * routines again as appropriate until the correct token(s) and
278 * passphrase(s) are supplied as required, or until any retry limits
279 * implemented by the crypto plugin are reached.
280 *
281 * In either case, the application must allow the user to say `no'
282 * or `cancel' to indicate that they do not know the passphrase or
283 * have the appropriate token; this should cause the callback to
284 * return nonzero indicating error.
285 */
286
287 void (*logmessage)(void *logstream, const char *message);
288 /* A log message will be generated at least every time something goes
289 * wrong and an ErrMsgBuf is filled in (or would be if one was
290 * provided). Other diagnostic information may be written there too,
291 * including more detailed reasons for errors which are reported in an
292 * ErrMsgBuf.
293 *
294 * When a log message is generated, this callback is called. It
295 * should write a message to the relevant logging arrangements.
296 *
297 * The message string passed will be null-terminated and may be of arbitrary
298 * length. It will not be prefixed by the time and date, nor by the
299 * name of the library that is generating it - if this is required,
300 * the logmessage callback must do it. The message will not have a
301 * trailing newline (though it may contain internal newlines).
302 *
303 * If a null pointer is passed for logmessage a default function is
304 * used. The default function treats logstream as a FILE* which has
305 * been converted to a void*. If logstream is 0 it does nothing.
306 * Otherwise it prepends the date and time and library name and
307 * writes the message to logstream. Each line will be prefixed by a
308 * descriptive string containing the date, time and identity of the
309 * crypto plugin. Errors on the logstream are not reported
310 * anywhere, and the default function doesn't flush the stream, so
311 * the application must set the buffering how it wants it.
312 *
313 * The crypto plugin may also provide a facility to have copies of
314 * log messages sent elsewhere, and or for adjusting the verbosity
315 * of the log messages; any such facilities will be configured by
316 * external means.
317 */
318
319} HWCryptoHook_InitInfo;
320
321typedef
322HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
323 size_t initinfosize,
324 const HWCryptoHook_ErrMsgBuf *errors,
325 HWCryptoHook_CallerContext *cactx);
326extern HWCryptoHook_Init_t HWCryptoHook_Init;
327
328/* Caller should set initinfosize to the size of the HWCryptoHook struct,
329 * so it can be extended later.
330 *
331 * On success, a message for display or logging by the server,
332 * including the name and version number of the plugin, will be filled
333 * in into *errors; on failure *errors is used for error handling, as
334 * usual.
335 */
336
337/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
338 * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
339 * the output MPI buffer(s) was too small; the sizes of all have been
340 * set to the desired size (and for those where the buffer was large
341 * enough, the value may have been copied in), and no error message
342 * has been recorded.
343 *
344 * You may pass 0 for the errors struct. In any case, unless you set
345 * _NoStderr at init time then messages may be reported to stderr.
346 */
347
348/* The RSAImmed* functions (and key managed RSA) only work with
349 * modules which have an RSA patent licence - currently that means KM
350 * units; the ModExp* ones work with all modules, so you need a patent
351 * licence in the software in the US. They are otherwise identical.
352 */
353
354typedef
355void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
356extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
357/* You must not have any calls going or keys loaded when you call this. */
358
359typedef
360int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
361 unsigned char *buf, size_t len,
362 const HWCryptoHook_ErrMsgBuf *errors);
363extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
364
365typedef
366int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
367 HWCryptoHook_MPI a,
368 HWCryptoHook_MPI p,
369 HWCryptoHook_MPI n,
370 HWCryptoHook_MPI *r,
371 const HWCryptoHook_ErrMsgBuf *errors);
372extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
373
374typedef
375int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
376 HWCryptoHook_MPI m,
377 HWCryptoHook_MPI e,
378 HWCryptoHook_MPI n,
379 HWCryptoHook_MPI *r,
380 const HWCryptoHook_ErrMsgBuf *errors);
381extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
382
383typedef
384int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
385 HWCryptoHook_MPI a,
386 HWCryptoHook_MPI p,
387 HWCryptoHook_MPI q,
388 HWCryptoHook_MPI dmp1,
389 HWCryptoHook_MPI dmq1,
390 HWCryptoHook_MPI iqmp,
391 HWCryptoHook_MPI *r,
392 const HWCryptoHook_ErrMsgBuf *errors);
393extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
394
395typedef
396int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
397 HWCryptoHook_MPI m,
398 HWCryptoHook_MPI p,
399 HWCryptoHook_MPI q,
400 HWCryptoHook_MPI dmp1,
401 HWCryptoHook_MPI dmq1,
402 HWCryptoHook_MPI iqmp,
403 HWCryptoHook_MPI *r,
404 const HWCryptoHook_ErrMsgBuf *errors);
405extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
406
407/* The RSAImmed* and ModExp* functions may return E_FAILED or
408 * E_FALLBACK for failure.
409 *
410 * E_FAILED means the failure is permanent and definite and there
411 * should be no attempt to fall back to software. (Eg, for some
412 * applications, which support only the acceleration-only
413 * functions, the `key material' may actually be an encoded key
414 * identifier, and doing the operation in software would give wrong
415 * answers.)
416 *
417 * E_FALLBACK means that doing the computation in software would seem
418 * reasonable. If an application pays attention to this and is
419 * able to fall back, it should also set the Fallback init flags.
420 */
421
422typedef
423int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
424 const char *key_ident,
425 HWCryptoHook_RSAKeyHandle *keyhandle_r,
426 const HWCryptoHook_ErrMsgBuf *errors,
427 HWCryptoHook_PassphraseContext *ppctx);
428extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
429/* The key_ident is a null-terminated string configured by the
430 * user via the application's usual configuration mechanisms.
431 * It is provided to the user by the crypto provider's key management
432 * system. The user must be able to enter at least any string of between
433 * 1 and 1023 characters inclusive, consisting of printable 7-bit
434 * ASCII characters. The provider should avoid using
435 * any characters except alphanumerics and the punctuation
436 * characters _ - + . / @ ~ (the user is expected to be able
437 * to enter these without quoting). The string may be case-sensitive.
438 * The application may allow the user to enter other NULL-terminated strings,
439 * and the provider must cope (returning an error if the string is not
440 * valid).
441 *
442 * If the key does not exist, no error is recorded and 0 is returned;
443 * keyhandle_r will be set to 0 instead of to a key handle.
444 */
445
446typedef
447int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
448 HWCryptoHook_MPI *n,
449 HWCryptoHook_MPI *e,
450 const HWCryptoHook_ErrMsgBuf *errors);
451extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
452/* The crypto plugin will not store certificates.
453 *
454 * Although this function for acquiring the public key value is
455 * provided, it is not the purpose of this API to deal fully with the
456 * handling of the public key.
457 *
458 * It is expected that the crypto supplier's key generation program
459 * will provide general facilities for producing X.509
460 * self-certificates and certificate requests in PEM format. These
461 * will be given to the user so that they can configure them in the
462 * application, send them to CAs, or whatever.
463 *
464 * In case this kind of certificate handling is not appropriate, the
465 * crypto supplier's key generation program should be able to be
466 * configured not to generate such a self-certificate or certificate
467 * request. Then the application will need to do all of this, and
468 * will need to store and handle the public key and certificates
469 * itself.
470 */
471
472typedef
473int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
474 const HWCryptoHook_ErrMsgBuf *errors);
475extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
476/* Might fail due to locking problems, or other serious internal problems. */
477
478typedef
479int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
480 HWCryptoHook_RSAKeyHandle k,
481 HWCryptoHook_MPI *r,
482 const HWCryptoHook_ErrMsgBuf *errors);
483extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
484/* RSA private key operation (sign or decrypt) - raw, unpadded. */
485
486#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libssl/src/crypto/engine/vendor_defns/sureware.h b/src/lib/libssl/src/crypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..1d3789219d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
1/*
2* Written by Corinne Dive-Reclus(cdive@baltimore.com)
3*
4* Copyright@2001 Baltimore Technologies Ltd.
5* *
6* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
7* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
8* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
9* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
10* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
11* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
12* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
13* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
14* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
15* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
16* SUCH DAMAGE. *
17*
18*
19*/
20#ifdef WIN32
21#define SW_EXPORT __declspec ( dllexport )
22#else
23#define SW_EXPORT
24#endif
25
26/*
27* List of exposed SureWare errors
28*/
29#define SUREWAREHOOK_ERROR_FAILED -1
30#define SUREWAREHOOK_ERROR_FALLBACK -2
31#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
32#define SUREWAREHOOK_ERROR_DATA_SIZE -4
33#define SUREWAREHOOK_ERROR_INVALID_PAD -5
34/*
35* -----------------WARNING-----------------------------------
36* In all the following functions:
37* msg is a string with at least 24 bytes free.
38* A 24 bytes string will be concatenated to the existing content of msg.
39*/
40/*
41* SureWare Initialisation function
42* in param threadsafe, if !=0, thread safe enabled
43* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
44*/
45typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
46extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
47/*
48* SureWare Finish function
49*/
50typedef void SureWareHook_Finish_t();
51extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
52/*
53* PRE_CONDITION:
54* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
55*/
56/*
57* SureWare RAND Bytes function
58* In case of failure, the content of buf is unpredictable.
59* return 1 if success
60* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
61* SureWareHOOK_ERROR_FAILED if error while processing
62* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
63* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
64*
65* in/out param buf : a num bytes long buffer where random bytes will be put
66* in param num : the number of bytes into buf
67*/
68typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
69extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
70
71/*
72* SureWare RAND Seed function
73* Adds some seed to the Hardware Random Number Generator
74* return 1 if success
75* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
76* SureWareHOOK_ERROR_FAILED if error while processing
77* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
78* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
79*
80* in param buf : the seed to add into the HRNG
81* in param num : the number of bytes into buf
82*/
83typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
84extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
85
86/*
87* SureWare Load Private Key function
88* return 1 if success
89* SureWareHOOK_ERROR_FAILED if error while processing
90* No hardware is contact for this function.
91*
92* in param key_id :the name of the private protected key file without the extension
93 ".sws"
94* out param hptr : a pointer to a buffer allocated by SureWare_Hook
95* out param num: the effective key length in bytes
96* out param keytype: 1 if RSA 2 if DSA
97*/
98typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
99extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
100
101/*
102* SureWare Info Public Key function
103* return 1 if success
104* SureWareHOOK_ERROR_FAILED if error while processing
105* No hardware is contact for this function.
106*
107* in param key_id :the name of the private protected key file without the extension
108 ".swp"
109* out param hptr : a pointer to a buffer allocated by SureWare_Hook
110* out param num: the effective key length in bytes
111* out param keytype: 1 if RSA 2 if DSA
112*/
113typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
114 char *keytype);
115extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
116
117/*
118* SureWare Load Public Key function
119* return 1 if success
120* SureWareHOOK_ERROR_FAILED if error while processing
121* No hardware is contact for this function.
122*
123* in param key_id :the name of the public protected key file without the extension
124 ".swp"
125* in param num : the bytes size of n and e
126* out param n: where to write modulus in bn format
127* out param e: where to write exponent in bn format
128*/
129typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
130 unsigned long *n, unsigned long *e);
131extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
132
133/*
134* SureWare Load DSA Public Key function
135* return 1 if success
136* SureWareHOOK_ERROR_FAILED if error while processing
137* No hardware is contact for this function.
138*
139* in param key_id :the name of the public protected key file without the extension
140 ".swp"
141* in param num : the bytes size of n and e
142* out param pub: where to write pub key in bn format
143* out param p: where to write prime in bn format
144* out param q: where to write sunprime (length 20 bytes) in bn format
145* out param g: where to write base in bn format
146*/
147typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
148 unsigned long *pub, unsigned long *p,unsigned long*q,
149 unsigned long *g);
150extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
151
152/*
153* SureWare Free function
154* Destroy the key into the hardware if destroy==1
155*/
156typedef void SureWareHook_Free_t(char *p,int destroy);
157extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
158
159#define SUREWARE_PKCS1_PAD 1
160#define SUREWARE_ISO9796_PAD 2
161#define SUREWARE_NO_PAD 0
162/*
163* SureWare RSA Private Decryption
164* return 1 if success
165* SureWareHOOK_ERROR_FAILED if error while processing
166* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
167* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
168*
169* in param flen : byte size of from and to
170* in param from : encrypted data buffer, should be a not-null valid pointer
171* out param tlen: byte size of decrypted data, if error, unexpected value
172* out param to : decrypted data buffer, should be a not-null valid pointer
173* in param prsa: a protected key pointer, should be a not-null valid pointer
174* int padding: padding id as follow
175* SUREWARE_PKCS1_PAD
176* SUREWARE_NO_PAD
177*
178*/
179typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
180 int *tlen,unsigned char *to,
181 char *prsa,int padding);
182extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
183/*
184* SureWare RSA Signature
185* return 1 if success
186* SureWareHOOK_ERROR_FAILED if error while processing
187* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
188* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
189*
190* in param flen : byte size of from and to
191* in param from : encrypted data buffer, should be a not-null valid pointer
192* out param tlen: byte size of decrypted data, if error, unexpected value
193* out param to : decrypted data buffer, should be a not-null valid pointer
194* in param prsa: a protected key pointer, should be a not-null valid pointer
195* int padding: padding id as follow
196* SUREWARE_PKCS1_PAD
197* SUREWARE_ISO9796_PAD
198*
199*/
200typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
201 int *tlen,unsigned char *to,
202 char *prsa,int padding);
203extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
204/*
205* SureWare DSA Signature
206* return 1 if success
207* SureWareHOOK_ERROR_FAILED if error while processing
208* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
209* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
210*
211* in param flen : byte size of from and to
212* in param from : encrypted data buffer, should be a not-null valid pointer
213* out param to : decrypted data buffer, should be a 40bytes valid pointer
214* in param pdsa: a protected key pointer, should be a not-null valid pointer
215*
216*/
217typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
218 unsigned long *r,unsigned long *s,char *pdsa);
219extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
220
221
222/*
223* SureWare Mod Exp
224* return 1 if success
225* SureWareHOOK_ERROR_FAILED if error while processing
226* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
227* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
228*
229* mod and res are mlen bytes long.
230* exp is elen bytes long
231* data is dlen bytes long
232* mlen,elen and dlen are all multiple of sizeof(unsigned long)
233*/
234typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
235 int elen,const unsigned long *exp,
236 int dlen,unsigned long *data,
237 unsigned long *res);
238extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
239
diff --git a/src/lib/libssl/src/crypto/idea/version b/src/lib/libssl/src/crypto/idea/version
new file mode 100644
index 0000000000..3f22293795
--- /dev/null
+++ b/src/lib/libssl/src/crypto/idea/version
@@ -0,0 +1,12 @@
11.1 07/12/95 - eay
2 Many thanks to Rhys Weatherley <rweather@us.oracle.com>
3 for pointing out that I was assuming little endian byte
4 order for all quantities what idea actually used
5 bigendian. No where in the spec does it mention
6 this, it is all in terms of 16 bit numbers and even the example
7 does not use byte streams for the input example :-(.
8 If you byte swap each pair of input, keys and iv, the functions
9 would produce the output as the old version :-(.
10
111.0 ??/??/95 - eay
12 First version.
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2test.c b/src/lib/libssl/src/crypto/mdc2/mdc2test.c
new file mode 100644
index 0000000000..c9abe99d92
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2test.c
@@ -0,0 +1,146 @@
1/* crypto/mdc2/mdc2test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include "../e_os.h"
64
65#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
66#define OPENSSL_NO_MDC2
67#endif
68
69#ifdef OPENSSL_NO_MDC2
70int main(int argc, char *argv[])
71{
72 printf("No MDC2 support\n");
73 return(0);
74}
75#else
76#include <openssl/evp.h>
77#include <openssl/mdc2.h>
78
79#ifdef CHARSET_EBCDIC
80#include <openssl/ebcdic.h>
81#endif
82
83static unsigned char pad1[16]={
84 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
85 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
86 };
87
88static unsigned char pad2[16]={
89 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
90 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
91 };
92
93int main(int argc, char *argv[])
94 {
95 int ret=0;
96 unsigned char md[MDC2_DIGEST_LENGTH];
97 int i;
98 EVP_MD_CTX c;
99 static char *text="Now is the time for all ";
100
101#ifdef CHARSET_EBCDIC
102 ebcdic2ascii(text,text,strlen(text));
103#endif
104
105 EVP_MD_CTX_init(&c);
106 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
107 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
108 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
109
110 if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
111 {
112 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
113 printf("%02X",md[i]);
114 printf(" <- generated\n");
115 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
116 printf("%02X",pad1[i]);
117 printf(" <- correct\n");
118 ret=1;
119 }
120 else
121 printf("pad1 - ok\n");
122
123 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
124 /* FIXME: use a ctl function? */
125 ((MDC2_CTX *)c.md_data)->pad_type=2;
126 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
127 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
128
129 if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
130 {
131 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
132 printf("%02X",md[i]);
133 printf(" <- generated\n");
134 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
135 printf("%02X",pad2[i]);
136 printf(" <- correct\n");
137 ret=1;
138 }
139 else
140 printf("pad2 - ok\n");
141
142 EVP_MD_CTX_cleanup(&c);
143 EXIT(ret);
144 return(ret);
145 }
146#endif
diff --git a/src/lib/libssl/src/crypto/mem_clr.c b/src/lib/libssl/src/crypto/mem_clr.c
new file mode 100644
index 0000000000..e4b7f540b0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/mem_clr.c
@@ -0,0 +1,75 @@
1/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2002.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60#include <openssl/crypto.h>
61
62unsigned char cleanse_ctr = 0;
63
64void OPENSSL_cleanse(void *ptr, size_t len)
65 {
66 unsigned char *p = ptr;
67 size_t loop = len;
68 while(loop--)
69 {
70 *(p++) = cleanse_ctr;
71 cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
72 }
73 if(memchr(ptr, cleanse_ctr, len))
74 cleanse_ctr += 63;
75 }
diff --git a/src/lib/libssl/src/crypto/rc5/rc5s.cpp b/src/lib/libssl/src/crypto/rc5/rc5s.cpp
new file mode 100644
index 0000000000..1c5518bc80
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5s.cpp
@@ -0,0 +1,70 @@
1//
2// gettsc.inl
3//
4// gives access to the Pentium's (secret) cycle counter
5//
6// This software was written by Leonard Janke (janke@unixg.ubc.ca)
7// in 1996-7 and is entered, by him, into the public domain.
8
9#if defined(__WATCOMC__)
10void GetTSC(unsigned long&);
11#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
12#elif defined(__GNUC__)
13inline
14void GetTSC(unsigned long& tsc)
15{
16 asm volatile(".byte 15, 49\n\t"
17 : "=eax" (tsc)
18 :
19 : "%edx", "%eax");
20}
21#elif defined(_MSC_VER)
22inline
23void GetTSC(unsigned long& tsc)
24{
25 unsigned long a;
26 __asm _emit 0fh
27 __asm _emit 31h
28 __asm mov a, eax;
29 tsc=a;
30}
31#endif
32
33#include <stdio.h>
34#include <stdlib.h>
35#include <openssl/rc5.h>
36
37void main(int argc,char *argv[])
38 {
39 RC5_32_KEY key;
40 unsigned long s1,s2,e1,e2;
41 unsigned long data[2];
42 int i,j;
43 static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
44
45 RC5_32_set_key(&key, 16,d,12);
46
47 for (j=0; j<6; j++)
48 {
49 for (i=0; i<1000; i++) /**/
50 {
51 RC5_32_encrypt(&data[0],&key);
52 GetTSC(s1);
53 RC5_32_encrypt(&data[0],&key);
54 RC5_32_encrypt(&data[0],&key);
55 RC5_32_encrypt(&data[0],&key);
56 GetTSC(e1);
57 GetTSC(s2);
58 RC5_32_encrypt(&data[0],&key);
59 RC5_32_encrypt(&data[0],&key);
60 RC5_32_encrypt(&data[0],&key);
61 RC5_32_encrypt(&data[0],&key);
62 GetTSC(e2);
63 RC5_32_encrypt(&data[0],&key);
64 }
65
66 printf("cast %d %d (%d)\n",
67 e1-s1,e2-s2,((e2-s2)-(e1-s1)));
68 }
69 }
70
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
index 00c14f2755..036f48bafa 100644
--- a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
@@ -103,7 +103,7 @@ static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
103 103
104/* DSA stuff */ 104/* DSA stuff */
105#ifndef OPENSSL_NO_DSA 105#ifndef OPENSSL_NO_DSA
106DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); 106static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
107static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len, 107static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
108 DSA_SIG *sig, DSA *dsa); 108 DSA_SIG *sig, DSA *dsa);
109static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 109static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
@@ -245,6 +245,9 @@ static ENGINE *engine_cluster_labs(void)
245 return ret; 245 return ret;
246 } 246 }
247 247
248#ifdef ENGINE_DYNAMIC_SUPPORT
249static
250#endif
248void ENGINE_load_cluster_labs(void) 251void ENGINE_load_cluster_labs(void)
249 { 252 {
250 253
@@ -504,7 +507,7 @@ static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
504 507
505 } 508 }
506 509
507DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) 510static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
508 { 511 {
509 512
510 if(cluster_labs_dso == NULL) 513 if(cluster_labs_dso == NULL)
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
index 881b16a7cb..0c2c39b8a7 100644
--- a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
@@ -288,6 +288,9 @@ static ENGINE *engine_ibmca(void)
288 return ret; 288 return ret;
289 } 289 }
290 290
291#ifdef ENGINE_DYNAMIC_SUPPORT
292static
293#endif
291void ENGINE_load_ibmca(void) 294void ENGINE_load_ibmca(void)
292 { 295 {
293 /* Copied from eng_[openssl|dyn].c */ 296 /* Copied from eng_[openssl|dyn].c */
diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile
index 003e35df2e..63b8c79d27 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/Makefile
+++ b/src/lib/libssl/src/demos/engines/rsaref/Makefile
@@ -34,13 +34,17 @@ update: FORCE.update
34 perl ../../../util/mkerr.pl -conf rsaref.ec \ 34 perl ../../../util/mkerr.pl -conf rsaref.ec \
35 -nostatic -staticloader -write rsaref.c 35 -nostatic -staticloader -write rsaref.c
36 36
37darwin: install $(SHLIB).darwin
38cygwin: install $(SHLIB).cygwin
37gnu: install $(SHLIB).gnu 39gnu: install $(SHLIB).gnu
40alpha-osf1: install $(SHLIB).alpha-osf1
38tru64: install $(SHLIB).tru64 41tru64: install $(SHLIB).tru64
39solaris: install $(SHLIB).solaris 42solaris: install $(SHLIB).solaris
40irix: install $(SHLIB).irix 43irix: install $(SHLIB).irix
41hpux32: install $(SHLIB).hpux32 44hpux32: install $(SHLIB).hpux32
42hpux64: install $(SHLIB).hpux64 45hpux64: install $(SHLIB).hpux64
43aix: install $(SHLIB).aix 46aix: install $(SHLIB).aix
47reliantunix: install $(SHLIB).reliantunix
44 48
45$(LIB): $(OBJ) 49$(LIB): $(OBJ)
46 $(AR) $(LIB) $(OBJ) 50 $(AR) $(LIB) $(OBJ)
@@ -51,6 +55,18 @@ LINK_SO= \
51 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ 55 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
52 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) 56 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
53 57
58$(SHLIB).darwin: $(LIB) install/librsaref.a
59 ALLSYMSFLAGS='-all_load' \
60 SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
61 SHAREDCMD='$(CC)'; \
62 $(LINK_SO)
63 touch $(SHLIB).darwin
64$(SHLIB).cygwin: $(LIB) install/librsaref.a
65 ALLSYMSFLAGS='--whole-archive' \
66 SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
67 SHAREDCMD='$(CC)'; \
68 $(LINK_SO)
69 touch $(SHLIB).cygwin
54$(SHLIB).gnu: $(LIB) install/librsaref.a 70$(SHLIB).gnu: $(LIB) install/librsaref.a
55 ALLSYMSFLAGS='--whole-archive' \ 71 ALLSYMSFLAGS='--whole-archive' \
56 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \ 72 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
index f092acbf3f..872811b8f7 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
@@ -3,11 +3,14 @@
3 be found a little here and there. */ 3 be found a little here and there. */
4 4
5#include <stdio.h> 5#include <stdio.h>
6#include <string.h>
6#include "./source/global.h" 7#include "./source/global.h"
7#include "./source/rsaref.h" 8#include "./source/rsaref.h"
8#include "./source/rsa.h" 9#include "./source/rsa.h"
9#include "./source/des.h" 10#include "./source/des.h"
10#include <openssl/err.h> 11#include <openssl/err.h>
12#define OPENSSL_NO_MD2
13#define OPENSSL_NO_MD5
11#include <openssl/evp.h> 14#include <openssl/evp.h>
12#include <openssl/bn.h> 15#include <openssl/bn.h>
13#include <openssl/engine.h> 16#include <openssl/engine.h>
@@ -93,21 +96,21 @@ static int rsaref_digest_nids[] =
93/***************************************************************************** 96/*****************************************************************************
94 * DES functions 97 * DES functions
95 **/ 98 **/
96int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 99static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
97 const unsigned char *iv, int enc); 100 const unsigned char *iv, int enc);
98int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 101static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
99 const unsigned char *in, unsigned int inl); 102 const unsigned char *in, unsigned int inl);
100int cipher_des_cbc_clean(EVP_CIPHER_CTX *); 103static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
101int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 104static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
102 const unsigned char *iv, int enc); 105 const unsigned char *iv, int enc);
103int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 106static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
104 const unsigned char *in, unsigned int inl); 107 const unsigned char *in, unsigned int inl);
105int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *); 108static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
106int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 109static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
107 const unsigned char *iv, int enc); 110 const unsigned char *iv, int enc);
108int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 111static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
109 const unsigned char *in, unsigned int inl); 112 const unsigned char *in, unsigned int inl);
110int cipher_desx_cbc_clean(EVP_CIPHER_CTX *); 113static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
111 114
112/***************************************************************************** 115/*****************************************************************************
113 * Our DES ciphers 116 * Our DES ciphers
@@ -400,7 +403,7 @@ static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned c
400 403
401 if (!RSAref_Private_eay2ref(rsa,&RSAkey)) 404 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
402 goto err; 405 goto err;
403 if ((i=RSAPrivateDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) 406 if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
404 { 407 {
405 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i); 408 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
406 outlen= -1; 409 outlen= -1;
@@ -423,7 +426,7 @@ static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned c
423 } 426 }
424 if (!RSAref_Private_eay2ref(rsa,&RSAkey)) 427 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
425 goto err; 428 goto err;
426 if ((i=RSAPrivateEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) 429 if ((i=RSAPrivateEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
427 { 430 {
428 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i); 431 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
429 outlen= -1; 432 outlen= -1;
@@ -441,7 +444,7 @@ static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned ch
441 444
442 if (!RSAref_Public_eay2ref(rsa,&RSAkey)) 445 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
443 goto err; 446 goto err;
444 if ((i=RSAPublicDecrypt(to,&outlen,(unsigned char *)from,len,&RSAkey)) != 0) 447 if ((i=RSAPublicDecrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
445 { 448 {
446 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i); 449 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
447 outlen= -1; 450 outlen= -1;
@@ -478,7 +481,7 @@ static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned ch
478 481
479 if (!RSAref_Public_eay2ref(rsa,&RSAkey)) 482 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
480 goto err; 483 goto err;
481 if ((i=RSAPublicEncrypt(to,&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0) 484 if ((i=RSAPublicEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
482 { 485 {
483 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i); 486 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
484 outlen= -1; 487 outlen= -1;
@@ -550,13 +553,13 @@ static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
550 **/ 553 **/
551#undef data 554#undef data
552#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data) 555#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
553int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 556static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
554 const unsigned char *iv, int enc) 557 const unsigned char *iv, int enc)
555 { 558 {
556 DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc); 559 DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
557 return 1; 560 return 1;
558 } 561 }
559int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 562static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
560 const unsigned char *in, unsigned int inl) 563 const unsigned char *in, unsigned int inl)
561 { 564 {
562 int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); 565 int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
@@ -572,7 +575,7 @@ int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
572 } 575 }
573 return !ret; 576 return !ret;
574 } 577 }
575int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx) 578static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
576 { 579 {
577 memset(data(ctx), 0, ctx->cipher->ctx_size); 580 memset(data(ctx), 0, ctx->cipher->ctx_size);
578 return 1; 581 return 1;
@@ -580,14 +583,14 @@ int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
580 583
581#undef data 584#undef data
582#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data) 585#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
583int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 586static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
584 const unsigned char *iv, int enc) 587 const unsigned char *iv, int enc)
585 { 588 {
586 DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, 589 DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
587 enc); 590 enc);
588 return 1; 591 return 1;
589 } 592 }
590int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 593static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
591 const unsigned char *in, unsigned int inl) 594 const unsigned char *in, unsigned int inl)
592 { 595 {
593 int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); 596 int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
@@ -603,7 +606,7 @@ int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
603 } 606 }
604 return !ret; 607 return !ret;
605 } 608 }
606int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx) 609static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
607 { 610 {
608 memset(data(ctx), 0, ctx->cipher->ctx_size); 611 memset(data(ctx), 0, ctx->cipher->ctx_size);
609 return 1; 612 return 1;
@@ -611,14 +614,14 @@ int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
611 614
612#undef data 615#undef data
613#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data) 616#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
614int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 617static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
615 const unsigned char *iv, int enc) 618 const unsigned char *iv, int enc)
616 { 619 {
617 DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, 620 DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
618 enc); 621 enc);
619 return 1; 622 return 1;
620 } 623 }
621int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out, 624static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
622 const unsigned char *in, unsigned int inl) 625 const unsigned char *in, unsigned int inl)
623 { 626 {
624 int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl); 627 int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
@@ -634,7 +637,7 @@ int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
634 } 637 }
635 return !ret; 638 return !ret;
636 } 639 }
637int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx) 640static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
638 { 641 {
639 memset(data(ctx), 0, ctx->cipher->ctx_size); 642 memset(data(ctx), 0, ctx->cipher->ctx_size);
640 return 1; 643 return 1;
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
index 308e18710f..29206b4a29 100644
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
@@ -366,7 +366,7 @@ static int bind_helper ( ENGINE *e )
366/* As this is only ever called once, there's no need for locking 366/* As this is only ever called once, there's no need for locking
367 * (indeed - the lock will already be held by our caller!!!) 367 * (indeed - the lock will already be held by our caller!!!)
368 */ 368 */
369ENGINE *ENGINE_zencod ( void ) 369static ENGINE *ENGINE_zencod ( void )
370{ 370{
371 371
372 ENGINE *eng = ENGINE_new () ; 372 ENGINE *eng = ENGINE_new () ;
@@ -383,6 +383,9 @@ ENGINE *ENGINE_zencod ( void )
383} 383}
384 384
385 385
386#ifdef ENGINE_DYNAMIC_SUPPORT
387static
388#endif
386void ENGINE_load_zencod ( void ) 389void ENGINE_load_zencod ( void )
387{ 390{
388 /* Copied from eng_[openssl|dyn].c */ 391 /* Copied from eng_[openssl|dyn].c */
diff --git a/src/lib/libssl/src/doc/HOWTO/keys.txt b/src/lib/libssl/src/doc/HOWTO/keys.txt
new file mode 100644
index 0000000000..45f42eaaf1
--- /dev/null
+++ b/src/lib/libssl/src/doc/HOWTO/keys.txt
@@ -0,0 +1,73 @@
1<DRAFT!>
2 HOWTO keys
3
41. Introduction
5
6Keys are the basis of public key algorithms and PKI. Keys usually
7come in pairs, with one half being the public key and the other half
8being the private key. With OpenSSL, the private key contains the
9public key information as well, so a public key doesn't need to be
10generated separately.
11
12Public keys come in several flavors, using different cryptographic
13algorithms. The most popular ones associated with certificates are
14RSA and DSA, and this HOWTO will show how to generate each of them.
15
16
172. To generate a RSA key
18
19A RSA key can be used both for encryption and for signing.
20
21Generating a key for the RSA algorithm is quite easy, all you have to
22do is the following:
23
24 openssl genrsa -des3 -out privkey.pem 2048
25
26With this variant, you will be prompted for a protecting password. If
27you don't want your key to be protected by a password, remove the flag
28'-des3' from the command line above.
29
30 NOTE: if you intend to use the key together with a server
31 certificate, it may be a good thing to avoid protecting it
32 with a password, since that would mean someone would have to
33 type in the password every time the server needs to access
34 the key.
35
36The number 2048 is the size of the key, in bits. Today, 2048 or
37higher is recommended for RSA keys, as fewer amount of bits is
38consider insecure or to be insecure pretty soon.
39
40
413. To generate a DSA key
42
43A DSA key can be used both for signing only. This is important to
44keep in mind to know what kind of purposes a certificate request with
45a DSA key can really be used for.
46
47Generating a key for the DSA algorithm is a two-step process. First,
48you have to generate parameters from which to generate the key:
49
50 openssl dsaparam -out dsaparam.pem 2048
51
52The number 2048 is the size of the key, in bits. Today, 2048 or
53higher is recommended for DSA keys, as fewer amount of bits is
54consider insecure or to be insecure pretty soon.
55
56When that is done, you can generate a key using the parameters in
57question (actually, several keys can be generated from the same
58parameters):
59
60 openssl gendsa -des3 -out privkey.pem dsaparam.pem
61
62With this variant, you will be prompted for a protecting password. If
63you don't want your key to be protected by a password, remove the flag
64'-des3' from the command line above.
65
66 NOTE: if you intend to use the key together with a server
67 certificate, it may be a good thing to avoid protecting it
68 with a password, since that would mean someone would have to
69 type in the password every time the server needs to access
70 the key.
71
72--
73Richard Levitte
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod b/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod
new file mode 100644
index 0000000000..51679bfcd9
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod
@@ -0,0 +1,43 @@
1=pod
2
3=head1 NAME
4
5ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
6
7=head1 SYNOPSIS
8
9 ASN1_OBJECT *ASN1_OBJECT_new(void);
10 void ASN1_OBJECT_free(ASN1_OBJECT *a);
11
12=head1 DESCRIPTION
13
14The ASN1_OBJECT allocation routines, allocate and free an
15ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
16
17ASN1_OBJECT_new() allocates and initializes a ASN1_OBJECT structure.
18
19ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
20
21=head1 NOTES
22
23Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it
24is almost never used in applications. The ASN1 object utility functions
25such as OBJ_nid2obj() are used instead.
26
27=head1 RETURN VALUES
28
29If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error
30code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
31Otherwise it returns a pointer to the newly allocated structure.
32
33ASN1_OBJECT_free() returns no value.
34
35=head1 SEE ALSO
36
37L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)|d2i_ASN1_OBJECT(3)>
38
39=head1 HISTORY
40
41ASN1_OBJECT_new() and ASN1_OBJECT_free() are available in all versions of SSLeay and OpenSSL.
42
43=cut
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod
new file mode 100644
index 0000000000..c4ec693f17
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod
@@ -0,0 +1,81 @@
1=pod
2
3=head1 NAME
4
5ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
6ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data -
7ASN1_STRING utility functions
8
9=head1 SYNOPSIS
10
11 int ASN1_STRING_length(ASN1_STRING *x);
12 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
13
14 ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
15
16 int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
17
18 int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
19
20 int ASN1_STRING_type(ASN1_STRING *x);
21
22 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
23
24=head1 DESCRIPTION
25
26These functions allow an B<ASN1_STRING> structure to be manipulated.
27
28ASN1_STRING_length() returns the length of the content of B<x>.
29
30ASN1_STRING_data() returns an internal pointer to the data of B<x>.
31Since this is an internal pointer it should B<not> be freed or
32modified in any way.
33
34ASN1_STRING_dup() returns a copy of the structure B<a>.
35
36ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
37are identical. The string types and content are compared.
38
39ASN1_STRING_set() sets the data of string B<str> to the buffer
40B<data> or length B<len>. The supplied data is copied. If B<len>
41is -1 then the length is determined by strlen(data).
42
43ASN1_STRING_type() returns the type of B<x>, using standard constants
44such as B<V_ASN1_OCTET_STRING>.
45
46ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
47converted data is allocated in a buffer in B<*out>. The length of
48B<out> is returned or a negative error code. The buffer B<*out>
49should be free using OPENSSL_free().
50
51=head1 NOTES
52
53Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
54structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
55to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
56B<ASN1_STRING> is also used for some B<CHOICE> types which consist
57entirely of primitive string types such as B<DirectoryString> and
58B<Time>.
59
60These functions should B<not> be used to examine or modify B<ASN1_INTEGER>
61or B<ASN1_ENUMERATED> types: the relevant B<INTEGER> or B<ENUMERATED>
62utility functions should be used instead.
63
64In general it cannot be assumed that the data returned by ASN1_STRING_data()
65is null terminated or does not contain embedded nulls. The actual format
66of the data will depend on the actual string type itself: for example
67for and IA5String the data will be ASCII, for a BMPString two bytes per
68character in big endian format, UTF8String will be in UTF8 format.
69
70Similar care should be take to ensure the data is in the correct format
71when calling ASN1_STRING_set().
72
73=head1 RETURN VALUES
74
75=head1 SEE ALSO
76
77L<ERR_get_error(3)|ERR_get_error(3)>
78
79=head1 HISTORY
80
81=cut
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod
new file mode 100644
index 0000000000..5b1bbb7eb2
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod
@@ -0,0 +1,44 @@
1=pod
2
3=head1 NAME
4
5ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free -
6ASN1_STRING allocation functions
7
8=head1 SYNOPSIS
9
10 ASN1_STRING * ASN1_STRING_new(void);
11 ASN1_STRING * ASN1_STRING_type_new(int type);
12 void ASN1_STRING_free(ASN1_STRING *a);
13
14=head1 DESCRIPTION
15
16ASN1_STRING_new() returns an allocated B<ASN1_STRING> structure. Its type
17is undefined.
18
19ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
20type B<type>.
21
22ASN1_STRING_free() frees up B<a>.
23
24=head1 NOTES
25
26Other string types call the B<ASN1_STRING> functions. For example
27ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
28
29=head1 RETURN VALUES
30
31ASN1_STRING_new() and ASN1_STRING_type_new() return a valid
32ASN1_STRING structure or B<NULL> if an error occurred.
33
34ASN1_STRING_free() does not return a value.
35
36=head1 SEE ALSO
37
38L<ERR_get_error(3)|ERR_get_error(3)>
39
40=head1 HISTORY
41
42TBA
43
44=cut
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
new file mode 100644
index 0000000000..fbf9a1f141
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
@@ -0,0 +1,96 @@
1=pod
2
3=head1 NAME
4
5ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines.
6
7=head1 SYNOPSIS
8
9 #include <openssl/asn1.h>
10
11 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
12 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
13 int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
14
15
16=head1 DESCRIPTION
17
18These functions output an B<ASN1_STRING> structure. B<ASN1_STRING> is used to
19represent all the ASN1 string types.
20
21ASN1_STRING_print_ex() outputs B<str> to B<out>, the format is determined by
22the options B<flags>. ASN1_STRING_print_ex_fp() is identical except it outputs
23to B<fp> instead.
24
25ASN1_STRING_print() prints B<str> to B<out> but using a different format to
26ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF)
27with '.'.
28
29=head1 NOTES
30
31ASN1_STRING_print() is a legacy function which should be avoided in new applications.
32
33Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is
34suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>.
35
36The complete set of supported options for B<flags> is listed below.
37
38Various characters can be escaped. If B<ASN1_STRFLGS_ESC_2253> is set the characters
39determined by RFC2253 are escaped. If B<ASN1_STRFLGS_ESC_CTRL> is set control
40characters are escaped. If B<ASN1_STRFLGS_ESC_MSB> is set characters with the
41MSB set are escaped: this option should B<not> be used if the terminal correctly
42interprets UTF8 sequences.
43
44Escaping takes several forms.
45
46If the character being escaped is a 16 bit character then the form "\WXXXX" is used
47using exactly four characters for the hex representation. If it is 32 bits then
48"\UXXXXXXXX" is used using eight characters of its hex representation. These forms
49will only be used if UTF8 conversion is not set (see below).
50
51Printable characters are normally escaped using the backslash '\' character. If
52B<ASN1_STRFLGS_ESC_QUOTE> is set then the whole string is instead surrounded by
53double quote characters: this is arguably more readable than the backslash
54notation. Other characters use the "\XX" using exactly two characters of the hex
55representation.
56
57If B<ASN1_STRFLGS_UTF8_CONVERT> is set then characters are converted to UTF8
58format first. If the terminal supports the display of UTF8 sequences then this
59option will correctly display multi byte characters.
60
61If B<ASN1_STRFLGS_IGNORE_TYPE> is set then the string type is not interpreted at
62all: everything is assumed to be one byte per character. This is primarily for
63debugging purposes and can result in confusing output in multi character strings.
64
65If B<ASN1_STRFLGS_SHOW_TYPE> is set then the string type itself is printed out
66before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().
67
68The content of a string instead of being interpreted can be "dumped": this just
69outputs the value of the string using the form #XXXX using hex format for each
70octet.
71
72If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
73
74Normally non character string types (such as OCTET STRING) are assumed to be
75one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will
76be dumped instead.
77
78When a type is dumped normally just the content octets are printed, if
79B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
80instead (including tag and length octets).
81
82B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
83equivalent to:
84 ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
85 ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
86
87=head1 SEE ALSO
88
89L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
90L<ASN1_tag2str(3)|ASN1_tag2str(3)>
91
92=head1 HISTORY
93
94TBA
95
96=cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod
new file mode 100644
index 0000000000..10687e458d
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod
@@ -0,0 +1,47 @@
1=pod
2
3=head1 NAME
4
5EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
6
7=head1 SYNOPSIS
8
9 #include <openssl/evp.h>
10
11 EVP_PKEY *EVP_PKEY_new(void);
12 void EVP_PKEY_free(EVP_PKEY *key);
13
14
15=head1 DESCRIPTION
16
17The EVP_PKEY_new() function allocates an empty B<EVP_PKEY>
18structure which is used by OpenSSL to store private keys.
19
20EVP_PKEY_free() frees up the private key B<key>.
21
22=head1 NOTES
23
24The B<EVP_PKEY> structure is used by various OpenSSL functions
25which require a general private key without reference to any
26particular algorithm.
27
28The structure returned by EVP_PKEY_new() is empty. To add a
29private key to this empty structure the functions described in
30L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
31
32=head1 RETURN VALUES
33
34EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
35structure of B<NULL> if an error occurred.
36
37EVP_PKEY_free() does not return a value.
38
39=head1 SEE ALSO
40
41L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
42
43=head1 HISTORY
44
45TBA
46
47=cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000000..2db692e271
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,80 @@
1=pod
2
3=head1 NAME
4
5EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
6EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
7EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
8EVP_PKEY_type - EVP_PKEY assignment functions.
9
10=head1 SYNOPSIS
11
12 #include <openssl/evp.h>
13
14 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
15 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
16 int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
17 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
18
19 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
20 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
21 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
22 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
23
24 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
25 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
26 int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
27 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
28
29 int EVP_PKEY_type(int type);
30
31=head1 DESCRIPTION
32
33EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
34EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
35
36EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
37EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
38B<NULL> if the key is not of the correct type.
39
40EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
41and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
42however these use the supplied B<key> internally and so B<key>
43will be freed when the parent B<pkey> is freed.
44
45EVP_PKEY_type() returns the type of key corresponding to the value
46B<type>. The type of a key can be obtained with
47EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
48EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
49key types or NID_undef if the key type is unassigned.
50
51=head1 NOTES
52
53In accordance with the OpenSSL naming convention the key obtained
54from or assigned to the B<pkey> using the B<1> functions must be
55freed as well as B<pkey>.
56
57EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
58EVP_PKEY_assign_EC_KEY() are implemented as macros.
59
60=head1 RETURN VALUES
61
62EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
63EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
64
65EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
66EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
67an error occurred.
68
69EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
70and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
71
72=head1 SEE ALSO
73
74L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
75
76=head1 HISTORY
77
78TBA
79
80=cut
diff --git a/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
new file mode 100644
index 0000000000..7dcc07923f
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
@@ -0,0 +1,149 @@
1=pod
2
3=head1 NAME
4
5OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
6OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
7functions
8
9=head1 SYNOPSIS
10
11 ASN1_OBJECT * OBJ_nid2obj(int n);
12 const char * OBJ_nid2ln(int n);
13 const char * OBJ_nid2sn(int n);
14
15 int OBJ_obj2nid(const ASN1_OBJECT *o);
16 int OBJ_ln2nid(const char *ln);
17 int OBJ_sn2nid(const char *sn);
18
19 int OBJ_txt2nid(const char *s);
20
21 ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
22 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
23
24 int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
25 ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
26
27 int OBJ_create(const char *oid,const char *sn,const char *ln);
28 void OBJ_cleanup(void);
29
30=head1 DESCRIPTION
31
32The ASN1 object utility functions process ASN1_OBJECT structures which are
33a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
34
35OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
36an ASN1_OBJECT structure, its long name and its short name respectively,
37or B<NULL> is an error occurred.
38
39OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
40for the object B<o>, the long name <ln> or the short name <sn> respectively
41or NID_undef if an error occurred.
42
43OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
44a long name, a short name or the numerical respresentation of an object.
45
46OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
47If B<no_name> is 0 then long names and short names will be interpreted
48as well as numerical forms. If B<no_name> is 1 only the numerical form
49is acceptable.
50
51OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
52The representation is written as a null terminated string to B<buf>
53at most B<buf_len> bytes are written, truncating the result if necessary.
54The total amount of space required is returned. If B<no_name> is 0 then
55if the object has a long or short name then that will be used, otherwise
56the numerical form will be used. If B<no_name> is 1 then the numerical
57form will always be used.
58
59OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
60
61OBJ_dup() returns a copy of B<o>.
62
63OBJ_create() adds a new object to the internal table. B<oid> is the
64numerical form of the object, B<sn> the short name and B<ln> the
65long name. A new NID is returned for the created object.
66
67OBJ_cleanup() cleans up OpenSSLs internal object table: this should
68be called before an application exits if any new objects were added
69using OBJ_create().
70
71=head1 NOTES
72
73Objects in OpenSSL can have a short name, a long name and a numerical
74identifier (NID) associated with them. A standard set of objects is
75represented in an internal table. The appropriate values are defined
76in the header file B<objects.h>.
77
78For example the OID for commonName has the following definitions:
79
80 #define SN_commonName "CN"
81 #define LN_commonName "commonName"
82 #define NID_commonName 13
83
84New objects can be added by calling OBJ_create().
85
86Table objects have certain advantages over other objects: for example
87their NIDs can be used in a C language switch statement. They are
88also static constant structures which are shared: that is there
89is only a single constant structure for each table object.
90
91Objects which are not in the table have the NID value NID_undef.
92
93Objects do not need to be in the internal tables to be processed,
94the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
95form of an OID.
96
97=head1 EXAMPLES
98
99Create an object for B<commonName>:
100
101 ASN1_OBJECT *o;
102 o = OBJ_nid2obj(NID_commonName);
103
104Check if an object is B<commonName>
105
106 if (OBJ_obj2nid(obj) == NID_commonName)
107 /* Do something */
108
109Create a new NID and initialize an object from it:
110
111 int new_nid;
112 ASN1_OBJECT *obj;
113 new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
114
115 obj = OBJ_nid2obj(new_nid);
116
117Create a new object directly:
118
119 obj = OBJ_txt2obj("1.2.3.4", 1);
120
121=head1 BUGS
122
123OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
124convention of other OpenSSL functions where the buffer can be set
125to B<NULL> to determine the amount of data that should be written.
126Instead B<buf> must point to a valid buffer and B<buf_len> should
127be set to a positive value. A buffer length of 80 should be more
128than enough to handle any OID encountered in practice.
129
130=head1 RETURN VALUES
131
132OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
133error occurred.
134
135OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
136on error.
137
138OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
139a NID or B<NID_undef> on error.
140
141=head1 SEE ALSO
142
143L<ERR_get_error(3)|ERR_get_error(3)>
144
145=head1 HISTORY
146
147TBA
148
149=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS12_create.pod b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod
new file mode 100644
index 0000000000..48f3bb8cb8
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod
@@ -0,0 +1,57 @@
1=pod
2
3=head1 NAME
4
5PKCS12_create - create a PKCS#12 structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/pkcs12.h>
10
11 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
12 int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
13
14=head1 DESCRIPTION
15
16PKCS12_create() creates a PKCS#12 structure.
17
18B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
19the supplied certifictate and key. B<pkey> is the private key to include in
20the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
21is an optional set of certificates to also include in the structure.
22
23B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
24for the key and certificate respectively. B<iter> is the encryption algorithm
25iteration count to use and B<mac_iter> is the MAC iteration count to use.
26B<keytype> is the type of key.
27
28=head1 NOTES
29
30The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
31can all be set to zero and sensible defaults will be used.
32
33These defaults are: 40 bit RC2 encryption for certificates, triple DES
34encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
35(currently 2048) and a MAC iteration count of 1.
36
37The default MAC iteration count is 1 in order to retain compatibility with
38old software which did not interpret MAC iteration counts. If such compatibility
39is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
40
41B<keytype> adds a flag to the store private key. This is a non standard extension
42that is only currently interpreted by MSIE. If set to zero the flag is omitted,
43if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
44it can be used for signing and encryption. This option was useful for old
45export grade software which could use signing only keys of arbitrary size but
46had restrictions on the permissible sizes of keys which could be used for
47encryption.
48
49=head1 SEE ALSO
50
51L<d2i_PKCS12(3)|d2i_PKCS12(3)>
52
53=head1 HISTORY
54
55PKCS12_create was added in OpenSSL 0.9.3
56
57=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod b/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod
new file mode 100644
index 0000000000..51344f883a
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod
@@ -0,0 +1,50 @@
1=pod
2
3=head1 NAME
4
5PKCS12_parse - parse a PKCS#12 structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/pkcs12.h>
10
11int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
12
13=head1 DESCRIPTION
14
15PKCS12_parse() parses a PKCS12 structure.
16
17B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
18If successful the private key will be written to B<*pkey>, the corresponding
19certificate to B<*cert> and any additional certificates to B<*ca>.
20
21=head1 NOTES
22
23The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
24in which case additional certificates will be discarded. B<*ca> can also
25be a valid STACK in which case additional certificates are appended to
26B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
27
28The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
29will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
30
31=head1 BUGS
32
33Only a single private key and corresponding certificate is returned by this function.
34More complex PKCS#12 files with multiple private keys will only return the first
35match.
36
37Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
38Other attributes are discarded.
39
40Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
41
42=head1 SEE ALSO
43
44L<d2i_PKCS12(3)|d2i_PKCS12(3)>
45
46=head1 HISTORY
47
48PKCS12_parse was added in OpenSSL 0.9.3
49
50=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod
new file mode 100644
index 0000000000..b0ca067b89
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod
@@ -0,0 +1,53 @@
1=pod
2
3=head1 NAME
4
5PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
6
7=head1 SYNOPSIS
8
9int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
10
11=head1 DESCRIPTION
12
13PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
14structure. B<pkey> is the private key of the recipient, B<cert> is the
15recipients certificate, B<data> is a BIO to write the content to and
16B<flags> is an optional set of flags.
17
18=head1 NOTES
19
20OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
21function or errors about unknown algorithms will occur.
22
23Although the recipients certificate is not needed to decrypt the data it is needed
24to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
25
26The following flags can be passed in the B<flags> parameter.
27
28If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
29from the content. If the content is not of type B<text/plain> then an error is
30returned.
31
32=head1 RETURN VALUES
33
34PKCS7_decrypt() returns either 1 for success or 0 for failure.
35The error can be obtained from ERR_get_error(3)
36
37=head1 BUGS
38
39PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
40be better if it could look up the correct key and certificate from a database.
41
42The lack of single pass processing and need to hold all data in memory as
43mentioned in PKCS7_sign() also applies to PKCS7_verify().
44
45=head1 SEE ALSO
46
47L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
48
49=head1 HISTORY
50
51PKCS7_decrypt() was added to OpenSSL 0.9.5
52
53=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
new file mode 100644
index 0000000000..1a507b22a2
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
1=pod
2
3=head1 NAME
4
5PKCS7_encrypt - create a PKCS#7 envelopedData structure
6
7=head1 SYNOPSIS
8
9PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
10
11=head1 DESCRIPTION
12
13PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
14is a list of recipient certificates. B<in> is the content to be encrypted.
15B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
16
17=head1 NOTES
18
19Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
20supplied to this function must all contain RSA public keys, though they do not have to
21be signed using the RSA algorithm.
22
23EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
24most clients will support it.
25
26Some old "export grade" clients may only support weak encryption using 40 or 64 bit
27RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
28
29The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
30parameters.
31
32Many browsers implement a "sign and encrypt" option which is simply an S/MIME
33envelopedData containing an S/MIME signed message. This can be readily produced
34by storing the S/MIME signed message in a memory BIO and passing it to
35PKCS7_encrypt().
36
37The following flags can be passed in the B<flags> parameter.
38
39If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
40to the data.
41
42Normally the supplied content is translated into MIME canonical format (as required
43by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
44option should be used if the supplied data is in binary format otherwise the translation
45will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
46
47=head1 RETURN VALUES
48
49PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
50The error can be obtained from ERR_get_error(3).
51
52=head1 BUGS
53
54The lack of single pass processing and need to hold all data in memory as
55mentioned in PKCS7_sign() also applies to PKCS7_verify().
56
57=head1 SEE ALSO
58
59L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
60
61=head1 HISTORY
62
63PKCS7_decrypt() was added to OpenSSL 0.9.5
64
65=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
new file mode 100644
index 0000000000..fc7e649b34
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
@@ -0,0 +1,85 @@
1=pod
2
3=head1 NAME
4
5PKCS7_sign - create a PKCS#7 signedData structure
6
7=head1 SYNOPSIS
8
9PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
10
11=head1 DESCRIPTION
12
13PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
14is the certificate to sign with, B<pkey> is the corresponsding private key.
15B<certs> is an optional additional set of certificates to include in the
16PKCS#7 structure (for example any intermediate CAs in the chain).
17
18The data to be signed is read from BIO B<data>.
19
20B<flags> is an optional set of flags.
21
22=head1 NOTES
23
24Any of the following flags (ored together) can be passed in the B<flags> parameter.
25
26Many S/MIME clients expect the signed content to include valid MIME headers. If
27the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
28to the data.
29
30If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
31PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
32parameter though. This can reduce the size of the signature if the signers certificate
33can be obtained by other means: for example a previously signed message.
34
35The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED>
36is set in which case it is omitted. This is used for PKCS7 detached signatures
37which are used in S/MIME plaintext signed messages for example.
38
39Normally the supplied content is translated into MIME canonical format (as required
40by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
41option should be used if the supplied data is in binary format otherwise the translation
42will corrupt it.
43
44The signedData structure includes several PKCS#7 autenticatedAttributes including
45the signing time, the PKCS#7 content type and the supported list of ciphers in
46an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
47will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
48omitted.
49
50If present the SMIMECapabilities attribute indicates support for the following
51algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
52of these algorithms is disabled then it will not be included.
53
54=head1 BUGS
55
56PKCS7_sign() is somewhat limited. It does not support multiple signers, some
57advanced attributes such as counter signatures are not supported.
58
59The SHA1 digest algorithm is currently always used.
60
61When the signed data is not detached it will be stored in memory within the
62B<PKCS7> structure. This effectively limits the size of messages which can be
63signed due to memory restraints. There should be a way to sign data without
64having to hold it all in memory, this would however require fairly major
65revisions of the OpenSSL ASN1 code.
66
67Clear text signing does not store the content in memory but the way PKCS7_sign()
68operates means that two passes of the data must typically be made: one to compute
69the signatures and a second to output the data along with the signature. There
70should be a way to process the data with only a single pass.
71
72=head1 RETURN VALUES
73
74PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
75The error can be obtained from ERR_get_error(3).
76
77=head1 SEE ALSO
78
79L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
80
81=head1 HISTORY
82
83PKCS7_sign() was added to OpenSSL 0.9.5
84
85=cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
new file mode 100644
index 0000000000..07c9fdad40
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
@@ -0,0 +1,116 @@
1=pod
2
3=head1 NAME
4
5PKCS7_verify - verify a PKCS#7 signedData structure
6
7=head1 SYNOPSIS
8
9int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
10
11int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
12
13=head1 DESCRIPTION
14
15PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
16structure to verify. B<certs> is a set of certificates in which to search for
17the signer's certificate. B<store> is a trusted certficate store (used for
18chain verification). B<indata> is the signed data if the content is not
19present in B<p7> (that is it is detached). The content is written to B<out>
20if it is not NULL.
21
22B<flags> is an optional set of flags, which can be used to modify the verify
23operation.
24
25PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
26B<not> check their validity or whether any signatures are valid. The B<certs>
27and B<flags> parameters have the same meanings as in PKCS7_verify().
28
29=head1 VERIFY PROCESS
30
31Normally the verify process proceeds as follows.
32
33Initially some sanity checks are performed on B<p7>. The type of B<p7> must
34be signedData. There must be at least one signature on the data and if
35the content is detached B<indata> cannot be B<NULL>.
36
37An attempt is made to locate all the signer's certificates, first looking in
38the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
39contained in the B<p7> structure itself. If any signer's certificates cannot be
40located the operation fails.
41
42Each signer's certificate is chain verified using the B<smimesign> purpose and
43the supplied trusted certificate store. Any internal certificates in the message
44are used as untrusted CAs. If any chain verify fails an error code is returned.
45
46Finally the signed content is read (and written to B<out> is it is not NULL) and
47the signature's checked.
48
49If all signature's verify correctly then the function is successful.
50
51Any of the following flags (ored together) can be passed in the B<flags> parameter
52to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
53meaningful to PKCS7_get0_signers().
54
55If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
56searched when locating the signer's certificate. This means that all the signers
57certificates must be in the B<certs> parameter.
58
59If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
60from the content. If the content is not of type B<text/plain> then an error is
61returned.
62
63If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
64
65If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
66not used as untrusted CAs. This means that the whole verify chain (apart from
67the signer's certificate) must be contained in the trusted store.
68
69If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
70
71=head1 NOTES
72
73One application of B<PKCS7_NOINTERN> is to only accept messages signed by
74a small number of certificates. The acceptable certificates would be passed
75in the B<certs> parameter. In this case if the signer is not one of the
76certificates supplied in B<certs> then the verify will fail because the
77signer cannot be found.
78
79Care should be taken when modifying the default verify behaviour, for example
80setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
81and any signed message will be considered valid. This combination is however
82useful if one merely wishes to write the content to B<out> and its validity
83is not considered important.
84
85Chain verification should arguably be performed using the signing time rather
86than the current time. However since the signing time is supplied by the
87signer it cannot be trusted without additional evidence (such as a trusted
88timestamp).
89
90=head1 RETURN VALUES
91
92PKCS7_verify() returns 1 for a successful verification and zero or a negative
93value if an error occurs.
94
95PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
96
97The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
98
99=head1 BUGS
100
101The trusted certificate store is not searched for the signers certificate,
102this is primarily due to the inadequacies of the current B<X509_STORE>
103functionality.
104
105The lack of single pass processing and need to hold all data in memory as
106mentioned in PKCS7_sign() also applies to PKCS7_verify().
107
108=head1 SEE ALSO
109
110L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
111
112=head1 HISTORY
113
114PKCS7_verify() was added to OpenSSL 0.9.5
115
116=cut
diff --git a/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod b/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000000..ffafa37887
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod
@@ -0,0 +1,71 @@
1=pod
2
3=head1 NAME
4
5SMIME_read_PKCS7 - parse S/MIME message.
6
7=head1 SYNOPSIS
8
9PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
10
11=head1 DESCRIPTION
12
13SMIME_read_PKCS7() parses a message in S/MIME format.
14
15B<in> is a BIO to read the message from.
16
17If cleartext signing is used then the content is saved in
18a memory bio which is written to B<*bcont>, otherwise
19B<*bcont> is set to B<NULL>.
20
21The parsed PKCS#7 structure is returned or B<NULL> if an
22error occurred.
23
24=head1 NOTES
25
26If B<*bcont> is not B<NULL> then the message is clear text
27signed. B<*bcont> can then be passed to PKCS7_verify() with
28the B<PKCS7_DETACHED> flag set.
29
30Otherwise the type of the returned structure can be determined
31using PKCS7_type().
32
33To support future functionality if B<bcont> is not B<NULL>
34B<*bcont> should be initialized to B<NULL>. For example:
35
36 BIO *cont = NULL;
37 PKCS7 *p7;
38
39 p7 = SMIME_read_PKCS7(in, &cont);
40
41=head1 BUGS
42
43The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
44While it will handle most S/MIME messages more complex compound
45formats may not work.
46
47The parser assumes that the PKCS7 structure is always base64
48encoded and will not handle the case where it is in binary format
49or uses quoted printable format.
50
51The use of a memory BIO to hold the signed content limits the size
52of message which can be processed due to memory restraints: a
53streaming single pass option should be available.
54
55=head1 RETURN VALUES
56
57SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
58is an error occurred. The error can be obtained from ERR_get_error(3).
59
60=head1 SEE ALSO
61
62L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
63L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
64L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
65L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
66
67=head1 HISTORY
68
69SMIME_read_PKCS7() was added to OpenSSL 0.9.5
70
71=cut
diff --git a/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod b/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000000..2cfad2e049
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod
@@ -0,0 +1,59 @@
1=pod
2
3=head1 NAME
4
5SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
6
7=head1 SYNOPSIS
8
9int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
10
11=head1 DESCRIPTION
12
13SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
14structure to produce an S/MIME message.
15
16B<out> is the BIO to write the data to. B<p7> is the appropriate
17B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
18being used then the signed data must be supplied in the B<data>
19argument. B<flags> is an optional set of flags.
20
21=head1 NOTES
22
23The following flags can be passed in the B<flags> parameter.
24
25If B<PKCS7_DETACHED> is set then cleartext signing will be used,
26this option only makes sense for signedData where B<PKCS7_DETACHED>
27is also set when PKCS7_sign() is also called.
28
29If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
30are added to the content, this only makes sense if B<PKCS7_DETACHED>
31is also set.
32
33If cleartext signing is being used then the data must be read twice:
34once to compute the signature in PKCS7_sign() and once to output the
35S/MIME message.
36
37=head1 BUGS
38
39SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
40should be an option to disable this.
41
42There should really be a way to produce cleartext signing using only
43a single pass of the data.
44
45=head1 RETURN VALUES
46
47SMIME_write_PKCS7() returns 1 for success or 0 for failure.
48
49=head1 SEE ALSO
50
51L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
52L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
53L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
54
55=head1 HISTORY
56
57SMIME_write_PKCS7() was added to OpenSSL 0.9.5
58
59=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000000..d287c18564
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,72 @@
1=pod
2
3=head1 NAME
4
5X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
6X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
7X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
8X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
9
10=head1 SYNOPSIS
11
12ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
13ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
14
15int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
16int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len);
17
18X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len);
19X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
20X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len);
21
22=head1 DESCRIPTION
23
24X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
25and B<ASN1_OBJECT> structure.
26
27X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
28and B<ASN1_STRING> structure.
29
30X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
31
32X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
33B<type> and value determined by B<bytes> and B<len>.
34
35X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
36and X509_NAME_ENTRY_create_by_OBJ() create and return an
37B<X509_NAME_ENTRY> structure.
38
39=head1 NOTES
40
41X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
42used to examine an B<X509_NAME_ENTRY> function as returned by
43X509_NAME_get_entry() for example.
44
45X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
46and X509_NAME_ENTRY_create_by_OBJ() create and return an
47
48X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
49X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
50are seldom used in practice because B<X509_NAME_ENTRY> structures
51are almost always part of B<X509_NAME> structures and the
52corresponding B<X509_NAME> functions are typically used to
53create and add new entries in a single operation.
54
55The arguments of these functions support similar options to the similarly
56named ones of the corresponding B<X509_NAME> functions such as
57X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
58B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
59set first so the relevant field information can be looked up internally.
60
61=head1 RETURN VALUES
62
63=head1 SEE ALSO
64
65L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
66L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
67
68=head1 HISTORY
69
70TBA
71
72=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000000..4472a1c5cf
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,110 @@
1=pod
2
3=head1 NAME
4
5X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
6X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
7
8=head1 SYNOPSIS
9
10int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set);
11int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
12int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
13int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
14X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
15
16=head1 DESCRIPTION
17
18X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
19X509_NAME_add_entry_by_NID() add a field whose name is defined
20by a string B<field>, an object B<obj> or a NID B<nid> respectively.
21The field value to be added is in B<bytes> of length B<len>. If
22B<len> is -1 then the field length is calculated internally using
23strlen(bytes).
24
25The type of field is determined by B<type> which can either be a
26definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
27standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
28added to a position determined by B<loc> and B<set>.
29
30X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
31to B<name>. The new entry is added to a position determined by B<loc>
32and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
33the call.
34
35X509_NAME_delete_entry() deletes an entry from B<name> at position
36B<loc>. The deleted entry is returned and must be freed up.
37
38=head1 NOTES
39
40The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
41is strongly recommened for the B<type> parameter. This allows the
42internal code to correctly determine the type of the field and to
43apply length checks according to the relevant standards. This is
44done using ASN1_STRING_set_by_NID().
45
46If instead an ASN1 type is used no checks are performed and the
47supplied data in B<bytes> is used directly.
48
49In X509_NAME_add_entry_by_txt() the B<field> string represents
50the field name using OBJ_txt2obj(field, 0).
51
52The B<loc> and B<set> parameters determine where a new entry should
53be added. For almost all applications B<loc> can be set to -1 and B<set>
54to 0. This adds a new entry to the end of B<name> as a single valued
55RelativeDistinguishedName (RDN).
56
57B<loc> actually determines the index where the new entry is inserted:
58if it is -1 it is appended.
59
60B<set> determines how the new type is added. If it is zero a
61new RDN is created.
62
63If B<set> is -1 or 1 it is added to the previous or next RDN
64structure respectively. This will then be a multivalued RDN:
65since multivalues RDNs are very seldom used B<set> is almost
66always set to zero.
67
68=head1 EXAMPLES
69
70Create an B<X509_NAME> structure:
71
72"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
73
74 X509_NAME *nm;
75 nm = X509_NAME_new();
76 if (nm == NULL)
77 /* Some error */
78 if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
79 "C", "UK", -1, -1, 0))
80 /* Error */
81 if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
82 "O", "Disorganized Organization", -1, -1, 0))
83 /* Error */
84 if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
85 "CN", "Joe Bloggs", -1, -1, 0))
86 /* Error */
87
88=head1 RETURN VALUES
89
90X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
91X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
92success of 0 if an error occurred.
93
94X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
95structure of B<NULL> if an error occurred.
96
97=head1 BUGS
98
99B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
100different algorithm to determine field types. Since this form does
101not understand multicharacter types, performs no length checks and
102can result in invalid field types its use is strongly discouraged.
103
104=head1 SEE ALSO
105
106L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
107
108=head1 HISTORY
109
110=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000000..333323d734
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,106 @@
1=pod
2
3=head1 NAME
4
5X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
6X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
7X509_NAME lookup and enumeration functions
8
9=head1 SYNOPSIS
10
11int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
12int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
13
14int X509_NAME_entry_count(X509_NAME *name);
15X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
16
17int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
18int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
19
20=head1 DESCRIPTION
21
22These functions allow an B<X509_NAME> structure to be examined. The
23B<X509_NAME> structure is the same as the B<Name> type defined in
24RFC2459 (and elsewhere) and used for example in certificate subject
25and issuer names.
26
27X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
28the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
29should initially be set to -1. If there are no more entries -1 is returned.
30
31X509_NAME_entry_count() returns the total number of entries in B<name>.
32
33X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
34corresponding to index B<loc>. Acceptable values for B<loc> run from
350 to (X509_NAME_entry_count(name) - 1). The value returned is an
36internal pointer which must not be freed.
37
38X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
39the "text" from the first entry in B<name> which matches B<nid> or
40B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
41will be written and the text written to B<buf> will be null
42terminated. The length of the output string written is returned
43excluding the terminating null. If B<buf> is <NULL> then the amount
44of space needed in B<buf> (excluding the final null) is returned.
45
46=head1 NOTES
47
48X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
49legacy functions which have various limitations which make them
50of minimal use in practice. They can only find the first matching
51entry and will copy the contents of the field verbatim: this can
52be highly confusing if the target is a muticharacter string type
53like a BMPString or a UTF8String.
54
55For a more general solution X509_NAME_get_index_by_NID() or
56X509_NAME_get_index_by_OBJ() should be used followed by
57X509_NAME_get_entry() on any matching indices and then the
58various B<X509_NAME_ENTRY> utility functions on the result.
59
60=head1 EXAMPLES
61
62Process all entries:
63
64 int i;
65 X509_NAME_ENTRY *e;
66
67 for (i = 0; i < X509_NAME_entry_count(nm); i++)
68 {
69 e = X509_NAME_get_entry(nm, i);
70 /* Do something with e */
71 }
72
73Process all commonName entries:
74
75 int loc;
76 X509_NAME_ENTRY *e;
77
78 loc = -1;
79 for (;;)
80 {
81 lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
82 if (lastpos == -1)
83 break;
84 e = X509_NAME_get_entry(nm, lastpos);
85 /* Do something with e */
86 }
87
88=head1 RETURN VALUES
89
90X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
91return the index of the next matching entry or -1 if not found.
92
93X509_NAME_entry_count() returns the total number of entries.
94
95X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
96requested entry or B<NULL> if the index is invalid.
97
98=head1 SEE ALSO
99
100L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
101
102=head1 HISTORY
103
104TBA
105
106=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
new file mode 100644
index 0000000000..907c04f684
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
@@ -0,0 +1,105 @@
1=pod
2
3=head1 NAME
4
5X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
6X509_NAME_oneline - X509_NAME printing routines.
7
8=head1 SYNOPSIS
9
10 #include <openssl/x509.h>
11
12 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
13 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
14 char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
15 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
16
17=head1 DESCRIPTION
18
19X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
20line (for multiline formats) is indented by B<indent> spaces. The output format
21can be extensively customised by use of the B<flags> parameter.
22
23X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
24written to FILE pointer B<fp>.
25
26X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
27bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
28and returned, otherwise B<buf> is returned.
29
30X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
31characters. Multiple lines are used if the output (including indent) exceeds
3280 characters.
33
34=head1 NOTES
35
36The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
37produce a non standard output form, they don't handle multi character fields and
38have various quirks and inconsistencies. Their use is strongly discouraged in new
39applications.
40
41Although there are a large number of possible flags for most purposes
42B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
43As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
44for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example
45B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used.
46
47The complete set of the flags supported by X509_NAME_print_ex() is listed below.
48
49Several options can be ored together.
50
51The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
52B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
53to use. Two distinct separators are used between distinct RelativeDistinguishedName
54components and separate values in the same RDN for a multi-valued RDN. Multi-valued
55RDNs are currently very rare so the second separator will hardly ever be used.
56
57B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
58uses comma and plus with spaces: this is more readable that plain comma and plus.
59B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
60spaced newline and plus respectively.
61
62If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
63
64The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
65B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
66use the short name (e.g. CN) the long name (e.g. commonName) always
67use OID numerical form (normally OIDs are only used if the field name is not
68recognised) and no field name respectively.
69
70If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
71separating field names and values.
72
73If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
74printed instead of the values.
75
76If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
77is only of use for multiline format.
78
79Additionally all the options supported by ASN1_STRING_print_ex() can be used to
80control how each field value is displayed.
81
82In addition a number options can be set for commonly used formats.
83
84B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
85is equivalent to:
86 B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
87
88
89B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
90 B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
91
92B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
93 B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
94
95B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
96
97=head1 SEE ALSO
98
99L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
100
101=head1 HISTORY
102
103TBA
104
105=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_new.pod b/src/lib/libssl/src/doc/crypto/X509_new.pod
new file mode 100644
index 0000000000..fd5fc65ce1
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/X509_new.pod
@@ -0,0 +1,37 @@
1=pod
2
3=head1 NAME
4
5X509_new, X509_free - X509 certificate ASN1 allocation functions
6
7=head1 SYNOPSIS
8
9 X509 *X509_new(void);
10 void X509_free(X509 *a);
11
12=head1 DESCRIPTION
13
14The X509 ASN1 allocation routines, allocate and free an
15X509 structure, which represents an X509 certificate.
16
17X509_new() allocates and initializes a X509 structure.
18
19X509_free() frees up the B<X509> structure B<a>.
20
21=head1 RETURN VALUES
22
23If the allocation fails, X509_new() returns B<NULL> and sets an error
24code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
25Otherwise it returns a pointer to the newly allocated structure.
26
27X509_free() returns no value.
28
29=head1 SEE ALSO
30
31L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
32
33=head1 HISTORY
34
35X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
36
37=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_ASN1_OBJECT.pod b/src/lib/libssl/src/doc/crypto/d2i_ASN1_OBJECT.pod
new file mode 100644
index 0000000000..45bb18492c
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_ASN1_OBJECT.pod
@@ -0,0 +1,29 @@
1=pod
2
3=head1 NAME
4
5d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/objects.h>
10
11 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
12 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
13
14=head1 DESCRIPTION
15
16These functions decode and encode an ASN1 OBJECT IDENTIFIER.
17
18Othewise these behave in a similar way to d2i_X509() and i2d_X509()
19described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
20
21=head1 SEE ALSO
22
23L<d2i_X509(3)|d2i_X509(3)>
24
25=head1 HISTORY
26
27TBA
28
29=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod
new file mode 100644
index 0000000000..6ebd30427b
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod
@@ -0,0 +1,82 @@
1=pod
2
3=head1 NAME
4
5d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
6d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
7and parsing functions.
8
9=head1 SYNOPSIS
10
11 #include <openssl/dsa.h>
12
13 DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
14
15 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
16
17 DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
18
19 int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
20
21 DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
22
23 int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
24
25 DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
26
27 int i2d_DSAparams(const DSA *a, unsigned char **pp);
28
29 DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
30
31 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
32
33=head1 DESCRIPTION
34
35d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
36components structure.
37
38d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a
39SubjectPublicKeyInfo (certificate public key) structure.
40
41d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
42components.
43
44d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
45a B<Dss-Parms> structure as defined in RFC2459.
46
47d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
48B<Dss-Sig-Value> structure as defined in RFC2459.
49
50The usage of all of these functions is similar to the d2i_X509() and
51i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
52
53=head1 NOTES
54
55The B<DSA> structure passed to the private key encoding functions should have
56all the private key components present.
57
58The data encoded by the private key functions is unencrypted and therefore
59offers no private key security.
60
61The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
62functions when encoding public keys because they use a standard format.
63
64The B<DSAPublicKey> functions use an non standard format the actual data encoded
65depends on the value of the B<write_params> field of the B<a> key parameter.
66If B<write_params> is zero then only the B<pub_key> field is encoded as an
67B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
68B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
69
70The B<DSAPrivateKey> functions also use a non standard structure consiting
71consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
72B<priv_key> fields respectively.
73
74=head1 SEE ALSO
75
76L<d2i_X509(3)|d2i_X509(3)>
77
78=head1 HISTORY
79
80TBA
81
82=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod b/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod
new file mode 100644
index 0000000000..a54b779088
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -0,0 +1,56 @@
1=pod
2
3=head1 NAME
4
5d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
6i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
7i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
8
9=head1 SYNOPSIS
10
11 #include <openssl/evp.h>
12
13 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
14 EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
15
16 int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
17 char *kstr, int klen,
18 pem_password_cb *cb, void *u);
19
20 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
21 char *kstr, int klen,
22 pem_password_cb *cb, void *u);
23
24 int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
25 char *kstr, int klen,
26 pem_password_cb *cb, void *u);
27
28 int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
29 char *kstr, int klen,
30 pem_password_cb *cb, void *u);
31
32=head1 DESCRIPTION
33
34The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
35PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
36
37Other than the use of DER as opposed to PEM these functions are identical to the
38corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page.
39
40=head1 NOTES
41
42Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
43should be called to initialize the internal algorithm lookup tables otherwise errors about
44unknown algorithms will occur if an attempt is made to decrypt a private key.
45
46These functions are currently the only way to store encrypted private keys using DER format.
47
48Currently all the functions use BIOs or FILE pointers, there are no functions which
49work directly on memory: this can be readily worked around by converting the buffers
50to memory BIOs, see L<BIO_s_mem(3)|BIO_s_mem(3)> for details.
51
52=head1 SEE ALSO
53
54L<pem(3)|pem(3)>
55
56=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509.pod b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
new file mode 100644
index 0000000000..5e3c3d0985
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
@@ -0,0 +1,231 @@
1=pod
2
3=head1 NAME
4
5d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
6i2d_X509_fp - X509 encode and decode functions
7
8=head1 SYNOPSIS
9
10 #include <openssl/x509.h>
11
12 X509 *d2i_X509(X509 **px, unsigned char **in, int len);
13 int i2d_X509(X509 *x, unsigned char **out);
14
15 X509 *d2i_X509_bio(BIO *bp, X509 **x);
16 X509 *d2i_X509_fp(FILE *fp, X509 **x);
17
18 int i2d_X509_bio(X509 *x, BIO *bp);
19 int i2d_X509_fp(X509 *x, FILE *fp);
20
21=head1 DESCRIPTION
22
23The X509 encode and decode routines encode and parse an
24B<X509> structure, which represents an X509 certificate.
25
26d2i_X509() attempts to decode B<len> bytes at B<*out>. If
27successful a pointer to the B<X509> structure is returned. If an error
28occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
29returned structure is written to B<*px>. If B<*px> is not B<NULL>
30then it is assumed that B<*px> contains a valid B<X509>
31structure and an attempt is made to reuse it. If the call is
32successful B<*out> is incremented to the byte following the
33parsed data.
34
35i2d_X509() encodes the structure pointed to by B<x> into DER format.
36If B<out> is not B<NULL> is writes the DER encoded data to the buffer
37at B<*out>, and increments it to point after the data just written.
38If the return value is negative an error occurred, otherwise it
39returns the length of the encoded data.
40
41For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
42allocated for a buffer and the encoded data written to it. In this
43case B<*out> is not incremented and it points to the start of the
44data just written.
45
46d2i_X509_bio() is similar to d2i_X509() except it attempts
47to parse data from BIO B<bp>.
48
49d2i_X509_fp() is similar to d2i_X509() except it attempts
50to parse data from FILE pointer B<fp>.
51
52i2d_X509_bio() is similar to i2d_X509() except it writes
53the encoding of the structure B<x> to BIO B<bp> and it
54returns 1 for success and 0 for failure.
55
56i2d_X509_fp() is similar to i2d_X509() except it writes
57the encoding of the structure B<x> to BIO B<bp> and it
58returns 1 for success and 0 for failure.
59
60=head1 NOTES
61
62The letters B<i> and B<d> in for example B<i2d_X509> stand for
63"internal" (that is an internal C structure) and "DER". So that
64B<i2d_X509> converts from internal to DER.
65
66The functions can also understand B<BER> forms.
67
68The actual X509 structure passed to i2d_X509() must be a valid
69populated B<X509> structure it can B<not> simply be fed with an
70empty structure such as that returned by X509_new().
71
72The encoded data is in binary form and may contain embedded zeroes.
73Therefore any FILE pointers or BIOs should be opened in binary mode.
74Functions such as B<strlen()> will B<not> return the correct length
75of the encoded structure.
76
77The ways that B<*in> and B<*out> are incremented after the operation
78can trap the unwary. See the B<WARNINGS> section for some common
79errors.
80
81The reason for the auto increment behaviour is to reflect a typical
82usage of ASN1 functions: after one structure is encoded or decoded
83another will processed after it.
84
85=head1 EXAMPLES
86
87Allocate and encode the DER encoding of an X509 structure:
88
89 int len;
90 unsigned char *buf, *p;
91
92 len = i2d_X509(x, NULL);
93
94 buf = OPENSSL_malloc(len);
95
96 if (buf == NULL)
97 /* error */
98
99 p = buf;
100
101 i2d_X509(x, &p);
102
103If you are using OpenSSL 0.9.7 or later then this can be
104simplified to:
105
106
107 int len;
108 unsigned char *buf;
109
110 buf = NULL;
111
112 len = i2d_X509(x, &buf);
113
114 if (len < 0)
115 /* error */
116
117Attempt to decode a buffer:
118
119 X509 *x;
120
121 unsigned char *buf, *p;
122
123 int len;
124
125 /* Something to setup buf and len */
126
127 p = buf;
128
129 x = d2i_X509(NULL, &p, len);
130
131 if (x == NULL)
132 /* Some error */
133
134Alternative technique:
135
136 X509 *x;
137
138 unsigned char *buf, *p;
139
140 int len;
141
142 /* Something to setup buf and len */
143
144 p = buf;
145
146 x = NULL;
147
148 if(!d2i_X509(&x, &p, len))
149 /* Some error */
150
151
152=head1 WARNINGS
153
154The use of temporary variable is mandatory. A common
155mistake is to attempt to use a buffer directly as follows:
156
157 int len;
158 unsigned char *buf;
159
160 len = i2d_X509(x, NULL);
161
162 buf = OPENSSL_malloc(len);
163
164 if (buf == NULL)
165 /* error */
166
167 i2d_X509(x, &buf);
168
169 /* Other stuff ... */
170
171 OPENSSL_free(buf);
172
173This code will result in B<buf> apparently containing garbage because
174it was incremented after the call to point after the data just written.
175Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
176and the subsequent call to B<OPENSSL_free()> may well crash.
177
178The auto allocation feature (setting buf to NULL) only works on OpenSSL
1790.9.7 and later. Attempts to use it on earlier versions will typically
180cause a segmentation violation.
181
182Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
183
184 X509 *x;
185
186 if (!d2i_X509(&x, &p, len))
187 /* Some error */
188
189This will probably crash somewhere in B<d2i_X509()>. The reason for this
190is that the variable B<x> is uninitialized and an attempt will be made to
191interpret its (invalid) value as an B<X509> structure, typically causing
192a segmentation violation. If B<x> is set to NULL first then this will not
193happen.
194
195=head1 BUGS
196
197In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
198B<*px> is valid is broken and some parts of the reused structure may
199persist if they are not present in the new one. As a result the use
200of this "reuse" behaviour is strongly discouraged.
201
202i2d_X509() will not return an error in many versions of OpenSSL,
203if mandatory fields are not initialized due to a programming error
204then the encoded structure may contain invalid data or omit the
205fields entirely and will not be parsed by d2i_X509(). This may be
206fixed in future so code should not assume that i2d_X509() will
207always succeed.
208
209=head1 RETURN VALUES
210
211d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
212or B<NULL> if an error occurs. The error code that can be obtained by
213L<ERR_get_error(3)|ERR_get_error(3)>.
214
215i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
216successfully encoded or a negative value if an error occurs. The error code
217can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
218
219i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error
220occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
221
222=head1 SEE ALSO
223
224L<ERR_get_error(3)|ERR_get_error(3)>
225
226=head1 HISTORY
227
228d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
229are available in all versions of SSLeay and OpenSSL.
230
231=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_ALGOR.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_ALGOR.pod
new file mode 100644
index 0000000000..9e5cd92ca7
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_ALGOR.pod
@@ -0,0 +1,30 @@
1=pod
2
3=head1 NAME
4
5d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509.h>
10
11 X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
12 int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
13
14=head1 DESCRIPTION
15
16These functions decode and encode an B<X509_ALGOR> structure which is
17equivalent to the B<AlgorithmIdentifier> structure.
18
19Othewise these behave in a similar way to d2i_X509() and i2d_X509()
20described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
21
22=head1 SEE ALSO
23
24L<d2i_X509(3)|d2i_X509(3)>
25
26=head1 HISTORY
27
28TBA
29
30=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod
new file mode 100644
index 0000000000..06c5b23c09
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod
@@ -0,0 +1,37 @@
1=pod
2
3=head1 NAME
4
5d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
6i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
7
8=head1 SYNOPSIS
9
10 #include <openssl/x509.h>
11
12 X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length);
13 int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
14
15 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
16 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
17
18 int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
19 int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
20
21=head1 DESCRIPTION
22
23These functions decode and encode an X509 CRL (certificate revocation
24list).
25
26Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
27described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
28
29=head1 SEE ALSO
30
31L<d2i_X509(3)|d2i_X509(3)>
32
33=head1 HISTORY
34
35TBA
36
37=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_NAME.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_NAME.pod
new file mode 100644
index 0000000000..343ffe1519
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_NAME.pod
@@ -0,0 +1,31 @@
1=pod
2
3=head1 NAME
4
5d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509.h>
10
11 X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
12 int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
13
14=head1 DESCRIPTION
15
16These functions decode and encode an B<X509_NAME> structure which is the
17the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
18for example in certificate subject and issuer names.
19
20Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
21described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
22
23=head1 SEE ALSO
24
25L<d2i_X509(3)|d2i_X509(3)>
26
27=head1 HISTORY
28
29TBA
30
31=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod
new file mode 100644
index 0000000000..be4ad68257
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod
@@ -0,0 +1,36 @@
1=pod
2
3=head1 NAME
4
5d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
6i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
7
8=head1 SYNOPSIS
9
10 #include <openssl/x509.h>
11
12 X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length);
13 int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
14
15 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
16 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
17
18 int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
19 int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
20
21=head1 DESCRIPTION
22
23These functions decode and encode a PKCS#10 certificate request.
24
25Othewise these behave in a similar way to d2i_X509() and i2d_X509()
26described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
27
28=head1 SEE ALSO
29
30L<d2i_X509(3)|d2i_X509(3)>
31
32=head1 HISTORY
33
34TBA
35
36=cut
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_SIG.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_SIG.pod
new file mode 100644
index 0000000000..e48fd79a51
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_SIG.pod
@@ -0,0 +1,30 @@
1=pod
2
3=head1 NAME
4
5d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509.h>
10
11 X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
12 int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
13
14=head1 DESCRIPTION
15
16These functions decode and encode an X509_SIG structure which is
17equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
18
19Othewise these behave in a similar way to d2i_X509() and i2d_X509()
20described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
21
22=head1 SEE ALSO
23
24L<d2i_X509(3)|d2i_X509(3)>
25
26=head1 HISTORY
27
28TBA
29
30=cut
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
index 61e0264bb7..c77dad5562 100644
--- a/src/lib/libssl/src/doc/crypto/engine.pod
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -187,7 +187,7 @@ tell which one you are dealing with at any given point in time (after all
187they are both simply (ENGINE *) pointers, the difference is in the way they 187they are both simply (ENGINE *) pointers, the difference is in the way they
188are used). 188are used).
189 189
190=head3 Structural references 190I<Structural references>
191 191
192This basic type of reference is typically used for creating new ENGINEs 192This basic type of reference is typically used for creating new ENGINEs
193dynamically, iterating across OpenSSL's internal linked-list of loaded 193dynamically, iterating across OpenSSL's internal linked-list of loaded
@@ -224,7 +224,7 @@ To clarify a particular function's handling of references, one should
224always consult that function's documentation "man" page, or failing that 224always consult that function's documentation "man" page, or failing that
225the openssl/engine.h header file includes some hints. 225the openssl/engine.h header file includes some hints.
226 226
227=head3 Functional references 227I<Functional references>
228 228
229As mentioned, functional references exist when the cryptographic 229As mentioned, functional references exist when the cryptographic
230functionality of an ENGINE is required to be available. A functional 230functionality of an ENGINE is required to be available. A functional
@@ -386,7 +386,7 @@ things, so we will simply illustrate the consequences as they apply to a
386couple of simple cases and leave developers to consider these and the 386couple of simple cases and leave developers to consider these and the
387source code to openssl's builtin utilities as guides. 387source code to openssl's builtin utilities as guides.
388 388
389=head3 Using a specific ENGINE implementation 389I<Using a specific ENGINE implementation>
390 390
391Here we'll assume an application has been configured by its user or admin 391Here we'll assume an application has been configured by its user or admin
392to want to use the "ACME" ENGINE if it is available in the version of 392to want to use the "ACME" ENGINE if it is available in the version of
@@ -418,7 +418,7 @@ illustrates how to approach this;
418 /* Release the structural reference from ENGINE_by_id() */ 418 /* Release the structural reference from ENGINE_by_id() */
419 ENGINE_free(e); 419 ENGINE_free(e);
420 420
421=head3 Automatically using builtin ENGINE implementations 421I<Automatically using builtin ENGINE implementations>
422 422
423Here we'll assume we want to load and register all ENGINE implementations 423Here we'll assume we want to load and register all ENGINE implementations
424bundled with OpenSSL, such that for any cryptographic algorithm required by 424bundled with OpenSSL, such that for any cryptographic algorithm required by
@@ -469,7 +469,7 @@ in same cases both. ENGINE implementations should provide indications of
469this in the descriptions attached to builtin control commands and/or in 469this in the descriptions attached to builtin control commands and/or in
470external product documentation. 470external product documentation.
471 471
472=head3 Issuing control commands to an ENGINE 472I<Issuing control commands to an ENGINE>
473 473
474Let's illustrate by example; a function for which the caller supplies the 474Let's illustrate by example; a function for which the caller supplies the
475name of the ENGINE it wishes to use, a table of string-pairs for use before 475name of the ENGINE it wishes to use, a table of string-pairs for use before
@@ -526,7 +526,7 @@ return success without doing anything. In this case we assume the user is
526only supplying commands specific to the given ENGINE so we set this to 526only supplying commands specific to the given ENGINE so we set this to
527FALSE. 527FALSE.
528 528
529=head3 Discovering supported control commands 529I<Discovering supported control commands>
530 530
531It is possible to discover at run-time the names, numerical-ids, descriptions 531It is possible to discover at run-time the names, numerical-ids, descriptions
532and input parameters of the control commands supported from a structural 532and input parameters of the control commands supported from a structural
diff --git a/src/lib/libssl/src/doc/openssl-shared.txt b/src/lib/libssl/src/doc/openssl-shared.txt
new file mode 100644
index 0000000000..5cf84a054f
--- /dev/null
+++ b/src/lib/libssl/src/doc/openssl-shared.txt
@@ -0,0 +1,32 @@
1The OpenSSL shared libraries are often installed in a directory like
2/usr/local/ssl/lib.
3
4If this directory is not in a standard system path for dynamic/shared
5libraries, then you will have problems linking and executing
6applications that use OpenSSL libraries UNLESS:
7
8* you link with static (archive) libraries. If you are truly
9 paranoid about security, you should use static libraries.
10* you use the GNU libtool code during linking
11 (http://www.gnu.org/software/libtool/libtool.html)
12* you use pkg-config during linking (this requires that
13 PKG_CONFIG_PATH includes the path to the OpenSSL shared
14 library directory), and make use of -R or -rpath.
15 (http://www.freedesktop.org/software/pkgconfig/)
16* you specify the system-wide link path via a command such
17 as crle(1) on Solaris systems.
18* you add the OpenSSL shared library directory to /etc/ld.so.conf
19 and run ldconfig(8) on Linux systems.
20* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
21 DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
22 environment variable and add the OpenSSL shared library
23 directory to it.
24
25One common tool to check the dynamic dependencies of an executable
26or dynamic library is ldd(1) on most UNIX systems.
27
28See any operating system documentation and manpages about shared
29libraries for your version of UNIX. The following manpages may be
30helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
31ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
32chatr(1) [HP].
diff --git a/src/lib/libssl/src/ms/tencce.bat b/src/lib/libssl/src/ms/tencce.bat
new file mode 100644
index 0000000000..6a944d7671
--- /dev/null
+++ b/src/lib/libssl/src/ms/tencce.bat
@@ -0,0 +1,19 @@
1rem called by testencce
2
3echo test %1 %2 %3 %4 %5 %6
4cecopy %input% CE:\OpenSSL
5cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
6cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
7del %out1% >nul 2>&1
8cecopy CE:\OpenSSL\%out1% .
9%cmp% %input% %out1%
10if errorlevel 1 goto err
11
12echo test base64 %1 %2 %3 %4 %5 %6
13cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
14cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
15del %out1% >nul 2>&1
16cecopy CE:\OpenSSL\%out1% .
17%cmp% %input% %out1%
18
19:err
diff --git a/src/lib/libssl/src/ms/testce.bat b/src/lib/libssl/src/ms/testce.bat
new file mode 100644
index 0000000000..2ab010be6a
--- /dev/null
+++ b/src/lib/libssl/src/ms/testce.bat
@@ -0,0 +1,234 @@
1@echo off
2
3cemkdir CE:\OpenSSL
4
5set test=..\ms
6set opath=%PATH%
7PATH=..\ms;%PATH%
8cecopy ..\apps\openssl.cnf CE:\OpenSSL
9set OPENSSL_CONF=\OpenSSL\openssl.cnf
10set HOME=\OpenSSL
11set CERUN_PASS_ENV=OPENSSL_CONF HOME
12
13rem run this from inside the bin directory
14
15rem Copy the DLL's (though they'll only exist if we're in out32dll)
16if exist libeay32.dll cecopy libeay32.dll CE:\OpenSSL
17if exist ssleay32.dll cecopy ssleay32.dll CE:\OpenSSL
18
19echo rsa_test
20call %test%\testce2 rsa_test
21if errorlevel 1 goto done
22
23echo destest
24call %test%\testce2 destest
25if errorlevel 1 goto done
26
27echo ideatest
28call %test%\testce2 ideatest
29if errorlevel 1 goto done
30
31echo bftest
32call %test%\testce2 bftest
33if errorlevel 1 goto done
34
35echo shatest
36call %test%\testce2 shatest
37if errorlevel 1 goto done
38
39echo sha1test
40call %test%\testce2 sha1test
41if errorlevel 1 goto done
42
43echo md5test
44call %test%\testce2 md5test
45if errorlevel 1 goto done
46
47echo md2test
48call %test%\testce2 md2test
49if errorlevel 1 goto done
50
51echo mdc2test
52call %test%\testce2 mdc2test
53if errorlevel 1 goto done
54
55echo rc2test
56call %test%\testce2 rc2test
57if errorlevel 1 goto done
58
59echo rc4test
60call %test%\testce2 rc4test
61if errorlevel 1 goto done
62
63echo randtest
64call %test%\testce2 randtest
65if errorlevel 1 goto done
66
67echo dhtest
68call %test%\testce2 dhtest
69if errorlevel 1 goto done
70
71echo exptest
72call %test%\testce2 exptest
73if errorlevel 1 goto done
74
75echo dsatest
76call %test%\testce2 dsatest
77if errorlevel 1 goto done
78
79echo testenc
80call %test%\testencce openssl.exe
81if errorlevel 1 goto done
82
83echo testpem
84call %test%\testpemce openssl.exe
85if errorlevel 1 goto done
86
87cecopy openssl.exe CE:\OpenSSL
88
89echo verify
90copy ..\certs\*.pem cert.tmp >nul
91cecopy cert.tmp CE:\OpenSSL
92cemkdir CE:\OpenSSL\certs
93rem cecopy ..\certs\*.pem CE:\OpenSSL\certs
94cecopy ..\certs\ca-cert.pem CE:\OpenSSL\certs
95cecopy ..\certs\dsa-ca.pem CE:\OpenSSL\certs
96cecopy ..\certs\dsa-pca.pem CE:\OpenSSL\certs
97cecopy ..\certs\factory.pem CE:\OpenSSL\certs
98cecopy ..\certs\ICE-CA.pem CE:\OpenSSL\certs
99cecopy ..\certs\ICE-root.pem CE:\OpenSSL\certs
100cecopy ..\certs\ICE-user.pem CE:\OpenSSL\certs
101cecopy ..\certs\nortelCA.pem CE:\OpenSSL\certs
102cecopy ..\certs\pca-cert.pem CE:\OpenSSL\certs
103cecopy ..\certs\RegTP-4R.pem CE:\OpenSSL\certs
104cecopy ..\certs\RegTP-5R.pem CE:\OpenSSL\certs
105cecopy ..\certs\RegTP-6R.pem CE:\OpenSSL\certs
106cecopy ..\certs\rsa-cca.pem CE:\OpenSSL\certs
107cecopy ..\certs\thawteCb.pem CE:\OpenSSL\certs
108cecopy ..\certs\thawteCp.pem CE:\OpenSSL\certs
109cecopy ..\certs\timCA.pem CE:\OpenSSL\certs
110cecopy ..\certs\tjhCA.pem CE:\OpenSSL\certs
111cecopy ..\certs\vsign1.pem CE:\OpenSSL\certs
112cecopy ..\certs\vsign2.pem CE:\OpenSSL\certs
113cecopy ..\certs\vsign3.pem CE:\OpenSSL\certs
114cecopy ..\certs\vsignss.pem CE:\OpenSSL\certs
115cecopy ..\certs\vsigntca.pem CE:\OpenSSL\certs
116cerun CE:\OpenSSL\openssl verify -CAfile \OpenSSL\cert.tmp \OpenSSL\certs\*.pem
117
118echo testss
119call %test%\testssce openssl.exe
120if errorlevel 1 goto done
121
122cecopy ssltest.exe CE:\OpenSSL
123cecopy ..\apps\server.pem CE:\OpenSSL
124cecopy ..\apps\client.pem CE:\OpenSSL
125
126echo test sslv2
127cerun CE:\OpenSSL\ssltest -ssl2
128if errorlevel 1 goto done
129
130echo test sslv2 with server authentication
131cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
132if errorlevel 1 goto done
133
134echo test sslv2 with client authentication
135cerun CE:\OpenSSL\ssltest -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
136if errorlevel 1 goto done
137
138echo test sslv2 with both client and server authentication
139cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
140if errorlevel 1 goto done
141
142echo test sslv3
143cerun CE:\OpenSSL\ssltest -ssl3
144if errorlevel 1 goto done
145
146echo test sslv3 with server authentication
147cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
148if errorlevel 1 goto done
149
150echo test sslv3 with client authentication
151cerun CE:\OpenSSL\ssltest -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
152if errorlevel 1 goto done
153
154echo test sslv3 with both client and server authentication
155cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
156if errorlevel 1 goto done
157
158echo test sslv2/sslv3
159cerun CE:\OpenSSL\ssltest
160if errorlevel 1 goto done
161
162echo test sslv2/sslv3 with server authentication
163cerun CE:\OpenSSL\ssltest -server_auth -CAfile \OpenSSL\cert.tmp
164if errorlevel 1 goto done
165
166echo test sslv2/sslv3 with client authentication
167cerun CE:\OpenSSL\ssltest -client_auth -CAfile \OpenSSL\cert.tmp
168if errorlevel 1 goto done
169
170echo test sslv2/sslv3 with both client and server authentication
171cerun CE:\OpenSSL\ssltest -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
172if errorlevel 1 goto done
173
174echo test sslv2 via BIO pair
175cerun CE:\OpenSSL\ssltest -bio_pair -ssl2
176if errorlevel 1 goto done
177
178echo test sslv2/sslv3 with 1024 bit DHE via BIO pair
179cerun CE:\OpenSSL\ssltest -bio_pair -dhe1024dsa -v
180if errorlevel 1 goto done
181
182echo test sslv2 with server authentication via BIO pair
183cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
184if errorlevel 1 goto done
185
186echo test sslv2 with client authentication via BIO pair
187cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
188if errorlevel 1 goto done
189
190echo test sslv2 with both client and server authentication via BIO pair
191cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
192if errorlevel 1 goto done
193
194echo test sslv3 via BIO pair
195cerun CE:\OpenSSL\ssltest -bio_pair -ssl3
196if errorlevel 1 goto done
197
198echo test sslv3 with server authentication via BIO pair
199cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
200if errorlevel 1 goto done
201
202echo test sslv3 with client authentication via BIO pair
203cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
204if errorlevel 1 goto done
205
206echo test sslv3 with both client and server authentication via BIO pair
207cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
208if errorlevel 1 goto done
209
210echo test sslv2/sslv3 via BIO pair
211cerun CE:\OpenSSL\ssltest
212if errorlevel 1 goto done
213
214echo test sslv2/sslv3 with server authentication
215cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -CAfile \OpenSSL\cert.tmp
216if errorlevel 1 goto done
217
218echo test sslv2/sslv3 with client authentication via BIO pair
219cerun CE:\OpenSSL\ssltest -bio_pair -client_auth -CAfile \OpenSSL\cert.tmp
220if errorlevel 1 goto done
221
222echo test sslv2/sslv3 with both client and server authentication via BIO pair
223cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
224if errorlevel 1 goto done
225
226del cert.tmp
227
228echo passed all tests
229goto end
230:done
231echo problems.....
232:end
233PATH=%opath%
234
diff --git a/src/lib/libssl/src/ms/testce2.bat b/src/lib/libssl/src/ms/testce2.bat
new file mode 100644
index 0000000000..24265b948f
--- /dev/null
+++ b/src/lib/libssl/src/ms/testce2.bat
@@ -0,0 +1,2 @@
1cecopy %1.exe CE:\OpenSSL
2cerun CE:\OpenSSL\%1 %2 %3 %4 %5 %6 %7 %8 %9
diff --git a/src/lib/libssl/src/ms/testencce.bat b/src/lib/libssl/src/ms/testencce.bat
new file mode 100644
index 0000000000..04faa5d99b
--- /dev/null
+++ b/src/lib/libssl/src/ms/testencce.bat
@@ -0,0 +1,97 @@
1@echo off
2echo start testenc
3
4path=..\ms;%path%
5set ssleay=%1%
6copy ..\ms\testenc.bat >nul
7set input=testenc.bat
8set tmp1=cipher.out
9set out1=clear.out
10set cmp=perl ..\ms\cmp.pl
11
12cecopy %ssleay% CE:\OpenSSL
13
14cd
15call tencce.bat enc
16if errorlevel 1 goto err
17
18call tencce.bat rc4
19if errorlevel 1 goto err
20
21call tencce.bat des-cfb
22if errorlevel 1 goto err
23
24call tencce.bat des-ede-cfb
25if errorlevel 1 goto err
26
27call tencce.bat des-ede3-cfb
28if errorlevel 1 goto err
29
30call tencce.bat des-ofb
31if errorlevel 1 goto err
32
33call tencce.bat des-ede-ofb
34if errorlevel 1 goto err
35
36call tencce.bat des-ede3-ofb
37if errorlevel 1 goto err
38
39call tencce.bat des-ecb
40if errorlevel 1 goto err
41
42call tencce.bat des-ede
43if errorlevel 1 goto err
44
45call tencce.bat des-ede3
46if errorlevel 1 goto err
47
48call tencce.bat des-cbc
49if errorlevel 1 goto err
50
51call tencce.bat des-ede-cbc
52if errorlevel 1 goto err
53
54call tencce.bat des-ede3-cbc
55if errorlevel 1 goto err
56
57call tencce.bat idea-ecb
58if errorlevel 1 goto err
59
60call tencce.bat idea-cfb
61if errorlevel 1 goto err
62
63call tencce.bat idea-ofb
64if errorlevel 1 goto err
65
66call tencce.bat idea-cbc
67if errorlevel 1 goto err
68
69call tencce.bat rc2-ecb
70if errorlevel 1 goto err
71
72call tencce.bat rc2-cfb
73if errorlevel 1 goto err
74
75call tencce.bat rc2-ofb
76if errorlevel 1 goto err
77
78call tencce.bat rc2-cbc
79if errorlevel 1 goto err
80
81call tencce.bat bf-ecb
82if errorlevel 1 goto err
83
84call tencce.bat bf-cfb
85if errorlevel 1 goto err
86
87call tencce.bat bf-ofb
88if errorlevel 1 goto err
89
90call tencce.bat bf-cbc
91if errorlevel 1 goto err
92
93echo OK
94del %out1% >nul 2>&1
95del %tmp1% >nul 2>&1
96:err
97
diff --git a/src/lib/libssl/src/ms/testpemce.bat b/src/lib/libssl/src/ms/testpemce.bat
new file mode 100644
index 0000000000..c793c3e514
--- /dev/null
+++ b/src/lib/libssl/src/ms/testpemce.bat
@@ -0,0 +1,42 @@
1@echo off
2set ssleay=%1%
3set tmp1=pem.out
4set cmp=fc.exe
5
6cecopy %ssleay% CE:\OpenSSL
7
8copy ..\test\testcrl.pem >nul
9call tpemce.bat crl testcrl.pem
10if errorlevel 1 goto err
11
12copy ..\test\testp7.pem >nul
13call tpemce.bat pkcs7 testp7.pem
14if errorlevel 1 goto err
15
16copy ..\test\testreq2.pem >nul
17call tpemce.bat req testreq2.pem
18if errorlevel 1 goto err
19
20copy ..\test\testrsa.pem >nul
21call tpemce.bat rsa testrsa.pem
22if errorlevel 1 goto err
23
24copy ..\test\testx509.pem >nul
25call tpemce.bat x509 testx509.pem
26if errorlevel 1 goto err
27
28copy ..\test\v3-cert1.pem >nul
29call tpemce.bat x509 v3-cert1.pem
30if errorlevel 1 goto err
31
32copy ..\test\v3-cert1.pem >nul
33call tpemce.bat x509 v3-cert1.pem
34if errorlevel 1 goto err
35
36copy ..\test\testsid.pem >nul
37call tpemce.bat sess_id testsid.pem
38if errorlevel 1 goto err
39
40echo OK
41del %tmp1% >nul 2>&1
42:err
diff --git a/src/lib/libssl/src/ms/testssce.bat b/src/lib/libssl/src/ms/testssce.bat
new file mode 100644
index 0000000000..dbb25abdb0
--- /dev/null
+++ b/src/lib/libssl/src/ms/testssce.bat
@@ -0,0 +1,104 @@
1rem set ssleay=..\out\ssleay
2set ssleay=%1
3
4set reqcmd=%ssleay% req
5set x509cmd=%ssleay% x509
6set verifycmd=%ssleay% verify
7
8set CAkey=\OpenSSL\keyCA.ss
9set CAcert=\OpenSSL\certCA.ss
10set CAserial=\OpenSSL\certCA.srl
11set CAreq=\OpenSSL\reqCA.ss
12cecopy ..\test\CAss.cnf CE:\OpenSSL
13set CAconf=\OpenSSL\CAss.cnf
14set CAreq2=\OpenSSL\req2CA.ss
15
16cecopy ..\test\Uss.cnf CE:\OpenSSL
17set Uconf=\OpenSSL\Uss.cnf
18set Ukey=\OpenSSL\keyU.ss
19set Ureq=\OpenSSL\reqU.ss
20set Ucert=\OpenSSL\certU.ss
21
22echo make a certificate request using 'req'
23cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
24if errorlevel 1 goto e_req
25
26echo convert the certificate request into a self signed certificate using 'x509'
27cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
28if errorlevel 1 goto e_x509
29
30echo --
31echo convert a certificate into a certificate request using 'x509'
32cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
33if errorlevel 1 goto e_x509_2
34
35cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
36if errorlevel 1 goto e_vrfy_1
37
38cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
39if errorlevel 1 goto e_vrfy_2
40
41cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
42if errorlevel 1 goto e_vrfy_3
43
44echo --
45echo make another certificate request using 'req'
46cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
47if errorlevel 1 goto e_req_gen
48
49echo --
50echo sign certificate request with the just created CA via 'x509'
51cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
52if errorlevel 1 goto e_x_sign
53
54cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
55echo --
56echo Certificate details
57cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
58
59cecopy CE:%CAcert% .
60cecopy CE:%CAkey% .
61cecopy CE:%CAserial% .
62cecopy CE:%Ucert% .
63cecopy CE:%Ukey% .
64
65echo Everything appeared to work
66echo --
67echo The generated CA certificate is %CAcert%
68echo The generated CA private key is %CAkey%
69echo The current CA signing serial number is in %CAserial%
70
71echo The generated user certificate is %Ucert%
72echo The generated user private key is %Ukey%
73echo --
74
75cedel CE:\OpenSSL\err.ss
76
77goto end
78
79:e_req
80echo error using 'req' to generate a certificate request
81goto end
82:e_x509
83echo error using 'x509' to self sign a certificate request
84goto end
85:e_x509_2
86echo error using 'x509' convert a certificate to a certificate request
87goto end
88:e_vrfy_1
89echo first generated request is invalid
90goto end
91:e_vrfy_2
92echo second generated request is invalid
93goto end
94:e_vrfy_3
95echo first generated cert is invalid
96goto end
97:e_req_gen
98echo error using 'req' to generate a certificate request
99goto end
100:e_x_sign
101echo error using 'x509' to sign a certificate request
102goto end
103
104:end
diff --git a/src/lib/libssl/src/ms/tpemce.bat b/src/lib/libssl/src/ms/tpemce.bat
new file mode 100644
index 0000000000..17b2acd390
--- /dev/null
+++ b/src/lib/libssl/src/ms/tpemce.bat
@@ -0,0 +1,8 @@
1rem called by testpemce
2
3echo test %1 %2
4cecopy %2 CE:\OpenSSL
5cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
6del %tmp1% >nul 2>&1
7cecopy CE:\OpenSSL\%tmp1% .
8%cmp% %2 %tmp1%
diff --git a/src/lib/libssl/src/shlib/sco5-shared-gcc.sh b/src/lib/libssl/src/shlib/sco5-shared-gcc.sh
new file mode 100644
index 0000000000..fe4a457b52
--- /dev/null
+++ b/src/lib/libssl/src/shlib/sco5-shared-gcc.sh
@@ -0,0 +1,48 @@
1#!/bin/sh
2
3major="0"
4minor="9.7b"
5
6slib=libssl
7sh_slib=$slib.so.$major.$minor
8
9clib=libcrypto
10sh_clib=$clib.so.$major.$minor
11
12FLAGS="-O3 -fomit-frame-pointer"
13SHFLAGS="-DPIC -fPIC"
14
15touch $sh_clib
16touch $sh_slib
17
18echo collecting all object files for $clib.so
19OBJS=
20find . -name \*.o -print > allobjs
21for obj in `ar t libcrypto.a`
22do
23 OBJS="$OBJS `grep $obj allobjs`"
24done
25
26echo linking $clib.so
27gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
28
29rm -f $clib.so
30ln -s $sh_clib $clib.so
31
32echo collecting all object files for $slib.so
33OBJS=
34for obj in `ar t libssl.a`
35do
36 OBJS="$OBJS `grep $obj allobjs`"
37done
38
39echo linking $slib.so
40gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
41
42rm -f $slib.so
43ln -s $sh_slib $slib.so
44
45mv libRSAglue.a libRSAglue.a.orig
46mv libcrypto.a libcrypto.a.orig
47mv libssl.a libssl.a.orig
48
diff --git a/src/lib/libssl/src/shlib/sco5-shared-installed b/src/lib/libssl/src/shlib/sco5-shared-installed
new file mode 100644
index 0000000000..509902833f
--- /dev/null
+++ b/src/lib/libssl/src/shlib/sco5-shared-installed
@@ -0,0 +1,28 @@
1#!/bin/sh
2
3major="0"
4minor="9.7b"
5
6slib=libssl
7sh_slib=$slib.so.$major.$minor
8
9clib=libcrypto
10sh_clib=$clib.so.$major.$minor
11
12# If you want them in /usr/local/lib then change INSTALLTOP to point there.
13#INSTALLTOP=/usr/local/ssl/lib
14INSTALLTOP=/usr/local/lib
15
16cp -p $sh_clib $INSTALLTOP
17cp -p $sh_slib $INSTALLTOP
18
19PWD=`pwd`
20cd $INSTALLTOP
21rm -f $INSTALLTOP/$clib.so
22ln -s $INSTALLTOP/$sh_clib $clib.so
23
24rm -f $INSTALLTOP/$slib.so
25ln -s $INSTALLTOP/$sh_slib $slib.so
26
27cd $PWD
28
diff --git a/src/lib/libssl/src/shlib/sco5-shared.sh b/src/lib/libssl/src/shlib/sco5-shared.sh
new file mode 100644
index 0000000000..b3365d9f51
--- /dev/null
+++ b/src/lib/libssl/src/shlib/sco5-shared.sh
@@ -0,0 +1,48 @@
1#!/bin/sh
2
3major="0"
4minor="9.7b"
5
6slib=libssl
7sh_slib=$slib.so.$major.$minor
8
9clib=libcrypto
10sh_clib=$clib.so.$major.$minor
11
12FLAGS="-O -DFILIO_H -Kalloca"
13SHFLAGS="-Kpic -DPIC"
14
15touch $sh_clib
16touch $sh_slib
17
18echo collecting all object files for $clib.so
19OBJS=
20find . -name \*.o -print > allobjs
21for obj in `ar t libcrypto.a`
22do
23 OBJS="$OBJS `grep $obj allobjs`"
24done
25
26echo linking $clib.so
27cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
28
29rm -f $clib.so
30ln -s $sh_clib $clib.so
31
32echo collecting all object files for $slib.so
33OBJS=
34for obj in `ar t libssl.a`
35do
36 OBJS="$OBJS `grep $obj allobjs`"
37done
38
39echo linking $slib.so
40cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
41
42rm -f $slib.so
43ln -s $sh_slib $slib.so
44
45mv libRSAglue.a libRSAglue.a.orig
46mv libcrypto.a libcrypto.a.orig
47mv libssl.a libssl.a.orig
48
diff --git a/src/lib/libssl/src/test/evptests.txt b/src/lib/libssl/src/test/evptests.txt
new file mode 100644
index 0000000000..80bd9c7765
--- /dev/null
+++ b/src/lib/libssl/src/test/evptests.txt
@@ -0,0 +1,183 @@
1#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
2#digest:::input:output
3
4# SHA(1) tests (from shatest.c)
5SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
6
7# MD5 tests (from md5test.c)
8MD5::::d41d8cd98f00b204e9800998ecf8427e
9MD5:::61:0cc175b9c0f1b6a831c399e269772661
10MD5:::616263:900150983cd24fb0d6963f7d28e17f72
11MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
12MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
13MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
14MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
15
16# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
17
18AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
19
20# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
21
22AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
23
24# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
25
26AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
27
28# AES 128 ECB tests (from NIST test vectors, encrypt)
29
30#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
31
32# AES 128 ECB tests (from NIST test vectors, decrypt)
33
34#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
35
36# AES 192 ECB tests (from NIST test vectors, decrypt)
37
38#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
39
40# AES 256 ECB tests (from NIST test vectors, decrypt)
41
42#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
43
44# AES 128 CBC tests (from NIST test vectors, encrypt)
45
46#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
47
48# AES 192 CBC tests (from NIST test vectors, encrypt)
49
50#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
51
52# AES 256 CBC tests (from NIST test vectors, encrypt)
53
54#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
55
56# AES 128 CBC tests (from NIST test vectors, decrypt)
57
58#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
59
60# AES tests from NIST document SP800-38A
61# For all ECB encrypts and decrypts, the transformed sequence is
62# AES-bits-ECB:key::plaintext:ciphertext:encdec
63# ECB-AES128.Encrypt and ECB-AES128.Decrypt
64AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
65AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
66AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
67AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
68# ECB-AES192.Encrypt and ECB-AES192.Decrypt
69AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
70AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
71AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
72AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
73# ECB-AES256.Encrypt and ECB-AES256.Decrypt
74AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
75AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
76AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
77AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
78# For all CBC encrypts and decrypts, the transformed sequence is
79# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
80# CBC-AES128.Encrypt and CBC-AES128.Decrypt
81AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
82AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
83AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
84AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
85# CBC-AES192.Encrypt and CBC-AES192.Decrypt
86AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
87AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
88AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
89AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
90# CBC-AES256.Encrypt and CBC-AES256.Decrypt
91AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
95# We don't support CFB{1,8}-AESxxx.{En,De}crypt
96# For all CFB128 encrypts and decrypts, the transformed sequence is
97# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
98# CFB128-AES128.Encrypt
99AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
100AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
101AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
102AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
103# CFB128-AES128.Decrypt
104AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
105AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
106AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
107AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
108# CFB128-AES192.Encrypt
109AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
110AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
111AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
112AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
113# CFB128-AES192.Decrypt
114AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
115AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
116AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
117AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
118# CFB128-AES256.Encrypt
119AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
120AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
121AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
122AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
123# CFB128-AES256.Decrypt
124AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
125AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
126AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
127AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
128# For all OFB encrypts and decrypts, the transformed sequence is
129# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
130# OFB-AES128.Encrypt
131AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
132AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
133AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
134AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
135# OFB-AES128.Decrypt
136AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
137AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
138AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
139AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
140# OFB-AES192.Encrypt
141AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
142AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
143AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
144AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
145# OFB-AES192.Decrypt
146AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
147AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
148AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
149AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
150# OFB-AES256.Encrypt
151AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
152AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
153AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
154AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
155# OFB-AES256.Decrypt
156AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
157AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
158AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
159AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
160
161# DES ECB tests (from destest)
162
163DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
164DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
165DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
166DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
167DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
168DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
169DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
170
171# DESX-CBC tests (from destest)
172DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
173
174# DES EDE3 CBC tests (from destest)
175DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
176
177# RC4 tests (from rc4test)
178RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
179RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
180RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
181RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
182RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
183RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
diff --git a/src/lib/libssl/src/util/bat.sh b/src/lib/libssl/src/util/bat.sh
index c6f48e8a7b..4d9a8287d0 100644
--- a/src/lib/libssl/src/util/bat.sh
+++ b/src/lib/libssl/src/util/bat.sh
@@ -62,6 +62,7 @@ sub var_add
62 local($dir,$val)=@_; 62 local($dir,$val)=@_;
63 local(@a,$_,$ret); 63 local(@a,$_,$ret);
64 64
65 return("") if $no_engine && $dir =~ /\/engine/;
65 return("") if $no_idea && $dir =~ /\/idea/; 66 return("") if $no_idea && $dir =~ /\/idea/;
66 return("") if $no_rc2 && $dir =~ /\/rc2/; 67 return("") if $no_rc2 && $dir =~ /\/rc2/;
67 return("") if $no_rc4 && $dir =~ /\/rc4/; 68 return("") if $no_rc4 && $dir =~ /\/rc4/;
@@ -116,6 +117,7 @@ sub var_add
116 @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; 117 @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
117 @a=grep(!/_mdc2$/,@a) if $no_mdc2; 118 @a=grep(!/_mdc2$/,@a) if $no_mdc2;
118 119
120 @a=grep(!/^engine$/,@a) if $no_engine;
119 @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; 121 @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
120 @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; 122 @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
121 @a=grep(!/^gendsa$/,@a) if $no_sha1; 123 @a=grep(!/^gendsa$/,@a) if $no_sha1;
diff --git a/src/lib/libssl/src/util/extract-names.pl b/src/lib/libssl/src/util/extract-names.pl
new file mode 100644
index 0000000000..d413a045cc
--- /dev/null
+++ b/src/lib/libssl/src/util/extract-names.pl
@@ -0,0 +1,22 @@
1#!/usr/bin/perl
2
3$/ = ""; # Eat a paragraph at once.
4while(<STDIN>) {
5 chop;
6 s/\n/ /gm;
7 if (/^=head1 /) {
8 $name = 0;
9 } elsif ($name) {
10 if (/ - /) {
11 s/ - .*//;
12 s/[ \t,]+/ /g;
13 push @words, split ' ';
14 }
15 }
16 if (/^=head1 *NAME *$/) {
17 $name = 1;
18 }
19}
20
21print join("\n", @words),"\n";
22
diff --git a/src/lib/libssl/src/util/mkcerts.sh b/src/lib/libssl/src/util/mkcerts.sh
index 5f8a1dae73..0184fcb70e 100644
--- a/src/lib/libssl/src/util/mkcerts.sh
+++ b/src/lib/libssl/src/util/mkcerts.sh
@@ -1,4 +1,4 @@
1#!bin/sh 1#!/bin/sh
2 2
3# This script will re-make all the required certs. 3# This script will re-make all the required certs.
4# cd apps 4# cd apps
@@ -12,8 +12,8 @@
12# 12#
13 13
14CAbits=1024 14CAbits=1024
15SSLEAY="../apps/ssleay" 15SSLEAY="../apps/openssl"
16CONF="-config ../apps/ssleay.cnf" 16CONF="-config ../apps/openssl.cnf"
17 17
18# create pca request. 18# create pca request.
19echo creating $CAbits bit PCA cert request 19echo creating $CAbits bit PCA cert request
diff --git a/src/lib/libssl/src/util/pl/VC-CE.pl b/src/lib/libssl/src/util/pl/VC-CE.pl
new file mode 100644
index 0000000000..1805ef9d97
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/VC-CE.pl
@@ -0,0 +1,111 @@
1#!/usr/local/bin/perl
2# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
3#
4
5$ssl= "ssleay32";
6$crypto="libeay32";
7$RSAref="RSAref32";
8
9$o='\\';
10$cp='copy nul+'; # Timestamps get stuffed otherwise
11$rm='del';
12
13# C compiler stuff
14$cc='$(CC)';
15$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
16$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
17$mlflags='';
18
19$out_def='out32_$(TARGETCPU)';
20$tmp_def='tmp32_$(TARGETCPU)';
21$inc_def="inc32";
22
23if ($debug)
24 {
25 $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
26 $lflags.=" /debug";
27 $mlflags.=' /debug';
28 }
29
30$obj='.obj';
31$ofile="/Fo";
32
33# EXE linking stuff
34$link="link";
35$efile="/out:";
36$exep='.exe';
37if ($no_sock)
38 { $ex_libs=""; }
39else { $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
40
41# static library stuff
42$mklib='lib';
43$ranlib='';
44$plib="";
45$libp=".lib";
46$shlibp=($shlib)?".dll":".lib";
47$lfile='/out:';
48
49$shlib_ex_obj="";
50#$app_ex_obj="setargv.obj";
51$app_ex_obj="";
52
53$bn_asm_obj='';
54$bn_asm_src='';
55$des_enc_obj='';
56$des_enc_src='';
57$bf_enc_obj='';
58$bf_enc_src='';
59
60if ($shlib)
61 {
62 $mlflags.=" $lflags /dll";
63# $cflags =~ s| /MD| /MT|;
64 $lib_cflag=" -D_WINDLL -D_DLL";
65 $out_def='out32dll_$(TARGETCPU)';
66 $tmp_def='tmp32dll_$(TARGETCPU)';
67 }
68
69$cflags.=" /Fd$out_def";
70
71sub do_lib_rule
72 {
73 local($objs,$target,$name,$shlib)=@_;
74 local($ret,$Name);
75
76 $taget =~ s/\//$o/g if $o ne '/';
77 ($Name=$name) =~ tr/a-z/A-Z/;
78
79# $target="\$(LIB_D)$o$target";
80 $ret.="$target: $objs\n";
81 if (!$shlib)
82 {
83# $ret.="\t\$(RM) \$(O_$Name)\n";
84 $ex =' ';
85 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
86 }
87 else
88 {
89 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
90# $ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
91 $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
92 $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
93 }
94 $ret.="\n";
95 return($ret);
96 }
97
98sub do_link_rule
99 {
100 local($target,$files,$dep_libs,$libs)=@_;
101 local($ret,$_);
102
103 $file =~ s/\//$o/g if $o ne '/';
104 $n=&bname($targer);
105 $ret.="$target: $files $dep_libs\n";
106 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
107 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n\n";
108 return($ret);
109 }
110
1111;
diff --git a/src/lib/libssl/test/evptests.txt b/src/lib/libssl/test/evptests.txt
new file mode 100644
index 0000000000..80bd9c7765
--- /dev/null
+++ b/src/lib/libssl/test/evptests.txt
@@ -0,0 +1,183 @@
1#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
2#digest:::input:output
3
4# SHA(1) tests (from shatest.c)
5SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
6
7# MD5 tests (from md5test.c)
8MD5::::d41d8cd98f00b204e9800998ecf8427e
9MD5:::61:0cc175b9c0f1b6a831c399e269772661
10MD5:::616263:900150983cd24fb0d6963f7d28e17f72
11MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
12MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
13MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
14MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
15
16# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
17
18AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
19
20# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
21
22AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
23
24# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
25
26AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
27
28# AES 128 ECB tests (from NIST test vectors, encrypt)
29
30#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
31
32# AES 128 ECB tests (from NIST test vectors, decrypt)
33
34#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
35
36# AES 192 ECB tests (from NIST test vectors, decrypt)
37
38#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
39
40# AES 256 ECB tests (from NIST test vectors, decrypt)
41
42#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
43
44# AES 128 CBC tests (from NIST test vectors, encrypt)
45
46#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
47
48# AES 192 CBC tests (from NIST test vectors, encrypt)
49
50#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
51
52# AES 256 CBC tests (from NIST test vectors, encrypt)
53
54#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
55
56# AES 128 CBC tests (from NIST test vectors, decrypt)
57
58#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
59
60# AES tests from NIST document SP800-38A
61# For all ECB encrypts and decrypts, the transformed sequence is
62# AES-bits-ECB:key::plaintext:ciphertext:encdec
63# ECB-AES128.Encrypt and ECB-AES128.Decrypt
64AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
65AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
66AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
67AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
68# ECB-AES192.Encrypt and ECB-AES192.Decrypt
69AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
70AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
71AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
72AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
73# ECB-AES256.Encrypt and ECB-AES256.Decrypt
74AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
75AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
76AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
77AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
78# For all CBC encrypts and decrypts, the transformed sequence is
79# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
80# CBC-AES128.Encrypt and CBC-AES128.Decrypt
81AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
82AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
83AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
84AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
85# CBC-AES192.Encrypt and CBC-AES192.Decrypt
86AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
87AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
88AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
89AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
90# CBC-AES256.Encrypt and CBC-AES256.Decrypt
91AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
95# We don't support CFB{1,8}-AESxxx.{En,De}crypt
96# For all CFB128 encrypts and decrypts, the transformed sequence is
97# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
98# CFB128-AES128.Encrypt
99AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
100AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
101AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
102AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
103# CFB128-AES128.Decrypt
104AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
105AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
106AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
107AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
108# CFB128-AES192.Encrypt
109AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
110AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
111AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
112AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
113# CFB128-AES192.Decrypt
114AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
115AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
116AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
117AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
118# CFB128-AES256.Encrypt
119AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
120AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
121AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
122AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
123# CFB128-AES256.Decrypt
124AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
125AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
126AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
127AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
128# For all OFB encrypts and decrypts, the transformed sequence is
129# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
130# OFB-AES128.Encrypt
131AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
132AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
133AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
134AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
135# OFB-AES128.Decrypt
136AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
137AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
138AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
139AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
140# OFB-AES192.Encrypt
141AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
142AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
143AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
144AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
145# OFB-AES192.Decrypt
146AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
147AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
148AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
149AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
150# OFB-AES256.Encrypt
151AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
152AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
153AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
154AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
155# OFB-AES256.Decrypt
156AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
157AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
158AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
159AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
160
161# DES ECB tests (from destest)
162
163DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
164DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
165DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
166DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
167DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
168DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
169DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
170
171# DESX-CBC tests (from destest)
172DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
173
174# DES EDE3 CBC tests (from destest)
175DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
176
177# RC4 tests (from rc4test)
178RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
179RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
180RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
181RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
182RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
183RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-03 10:32:17 +0000